Inside the Black Market That Buys and Sells Target’s Stolen Credit Cards

The amount of information crooks can seize at shady online card-purchasing shops is terrifying.

Battleground: It's all in the cards.
National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
Dec. 20, 2013, 9:17 a.m.

The mass theft of cred­it-card data has spawned an un­der­ground black mar­ket where huge stacks of those cards are be­ing pur­chased by iden­tity thieves.

This black mar­ket is in the spot­light thanks to a new ex­pose from Bri­an Krebs, the same blog­ger who broke the story earli­er this week that Tar­get was in­vest­ig­at­ing a data breach of mil­lions of cred­it- and deb­it-card ac­counts.

Krebs ex­plains that a large bank knew Tar­get had been breached after it went and bought “a huge chunk of the bank’s card ac­counts from a well-known ‘card shop’ — an on­line store ad­vert­ised in cy­ber­crime for­ums as a place where thieves can re­li­ably buy stolen cred­it and deb­it cards.” He con­tin­ues:

There are lit­er­ally hun­dreds of these shady stores selling stolen cred­it and deb­it cards from vir­tu­ally every bank and coun­try. But this store has earned a spe­cial repu­ta­tion for selling qual­ity “dumps,” data stolen from the mag­net­ic stripe on the backs of cred­it and deb­it cards. Armed with that in­form­a­tion, thieves can ef­fect­ively clone the cards and use them in stores. If the dumps are from deb­it cards and the thieves also have ac­cess to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the vic­tim’s bank ac­count.

Tar­get con­firmed on Thursday that 40 mil­lion cards had been stolen in a na­tion­wide data breach span­ning from Nov. 27 to Dec. 15. Fol­low­ing the an­nounce­ment, Krebs reached out to a small com­munity bank in New Eng­land to see if it knew which of its cards had been stolen.

Krebs teamed up with the bank’s fraud team to fig­ure out which of its cards might be at risk for fraud giv­en that “the tiny bank had not yet heard any­thing from the card as spe­cif­ic cards that might have been com­prom­ised as a res­ult of the Tar­get breach,” des­pite the fact that al­most 6,000 of the cards is­sued had been used in Tar­get stores around the coun­try. He began search­ing through a black-mar­ket card site and went shop­ping. What he found is noth­ing short of ter­ri­fy­ing.

Some high­lights:

Like oth­er card shops, this store al­lows cus­tom­ers to search for avail­able cards us­ing a num­ber of qual­i­fic­a­tions, in­clud­ing BIN; dozens of card types (Mas­ter­Card, Visa, et. al.); ex­pir­a­tion date; track type; coun­try; and the name of the fin­an­cial in­sti­tu­tion that is­sued the card….

An­oth­er fas­cin­at­ing fea­ture of this card shop is that it ap­pears to in­clude the ZIP code and city of the store from which the cards were stolen. One fraud ex­pert I spoke with who asked to re­main an­onym­ous said this in­form­a­tion is in­cluded to help fraud­sters pur­chas­ing the dumps make same-state pur­chases, thus avoid­ing any knee-jerk fraud de­fenses in which a fin­an­cial in­sti­tu­tion might block trans­ac­tions out-of-state from a known com­prom­ised card.

Krebs also notes that the store doesn’t let its cus­tom­ers buy up cards with their own cred­it cards. In­stead, thieves must use vir­tu­al cur­ren­cies like Bit­coin or wire trans­fers like West­ern Uni­on to com­plete a trans­ac­tion.

What We're Following See More »
23 MILLION FEWER INSURED IN 2026
Congressional Budget Office Scores House Trumpcare Bill
39 minutes ago
BREAKING

The nonpartisan Congressional Budget Office has released its score of the House-passed American Health Care Act, which would replace Obamacare. According to the CBO, the bill would reduce the deficit by $119 billion by 2026, while leaving 14 million more Americans uninsured in 2018 than under current law, a number swelling to 23 million by 2026. Further, insurance premiums would balloon 20 percent in 2018 and five percent in 2019 before the waiver provision in the legislation would kick in. The provision allows states to apply for waivers and permit insurers to offer skimpier plans, which would likely entice younger and healthier individuals to buy health insurance while potentially pricing older and less healthy Americans out of insurance plans. House Republicans approved this bill in late April without waiting for the CBO score.

Source:
GOP DISCORD
Graham Rejects Trump’s Budget In Hearing
39 minutes ago
THE DETAILS

Republican Sen. Lindsey Graham said Wednesday during a Senate Appropriations subcommittee hearing that President Donald Trump's budget is little more than recycling bin material. "The budget proposed by the president doesn't have a snowball's chance in hell of passing," Graham said. Graham had previously opposed the budget over its nearly 30 percent cut to the budget of the State Department. The budget slashes spending on domestic priorities while increasing military spending.

Source:
PREFERS “CLEAN” BILL
Mnuchin Looks To Avoid Debt Ceiling Fight
7 hours ago
THE DETAILS
“THAT’S THE GOAL”
McConnell Not Sure How To Get 50 Votes For Health Care
8 hours ago
THE LATEST

Senate Majority Leader Mitch McConnell said Wednesday that he doesn't yet know the formula towards gaining passage of an Obamacare replacement in the Senate. "I don't know how we get to 50 (votes) at the moment. But that's the goal," McConnell said. The House passed an Obamacare replacement bill which has been widely seen as dead on arrival in the Senate, and McConnell has put together a working group of Republican Senators working towards creating health care legislation which could gain the support of at least 50 Senators.

Source:
BUT WHITE HOUSE MAY USE AGAINST HIM ANYWAY
Ethics Cops Clear Mueller to Work on Trump Case
1 days ago
THE LATEST

"Former FBI Director Robert Mueller has been cleared by U.S. Department of Justice ethics experts to oversee an investigation into possible collusion between then-candidate Donald Trump's 2016 election campaign and Russia." Some had speculated that the White House would use "an ethics rule limiting government attorneys from investigating people their former law firm represented" to trip up Mueller's appointment. Jared Kushner is a client of Mueller's firm, WilmerHale. "Although Mueller has now been cleared by the Justice Department, the White House may still use his former law firm's connection to Manafort and Kushner to undermine the findings of his investigation, according to two sources close to the White House."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login