The mass theft of credit-card data has spawned an underground black market where huge stacks of those cards are being purchased by identity thieves.
This black market is in the spotlight thanks to a new expose from Brian Krebs, the same blogger who broke the story earlier this week that Target was investigating a data breach of millions of credit- and debit-card accounts.
Krebs explains that a large bank knew Target had been breached after it went and bought “a huge chunk of the bank’s card accounts from a well-known ‘card shop’ — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards.” He continues:
There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim’s bank account.
Target confirmed on Thursday that 40 million cards had been stolen in a nationwide data breach spanning from Nov. 27 to Dec. 15. Following the announcement, Krebs reached out to a small community bank in New England to see if it knew which of its cards had been stolen.
Krebs teamed up with the bank’s fraud team to figure out which of its cards might be at risk for fraud given that “the tiny bank had not yet heard anything from the card as specific cards that might have been compromised as a result of the Target breach,” despite the fact that almost 6,000 of the cards issued had been used in Target stores around the country. He began searching through a black-market card site and went shopping. What he found is nothing short of terrifying.
Like other card shops, this store allows customers to search for available cards using a number of qualifications, including BIN; dozens of card types (MasterCard, Visa, et. al.); expiration date; track type; country; and the name of the financial institution that issued the card….
Another fascinating feature of this card shop is that it appears to include the ZIP code and city of the store from which the cards were stolen. One fraud expert I spoke with who asked to remain anonymous said this information is included to help fraudsters purchasing the dumps make same-state purchases, thus avoiding any knee-jerk fraud defenses in which a financial institution might block transactions out-of-state from a known compromised card.
Krebs also notes that the store doesn’t let its customers buy up cards with their own credit cards. Instead, thieves must use virtual currencies like Bitcoin or wire transfers like Western Union to complete a transaction.
What We're Following See More »
The Commission on Presidential Debates put out a statement today that gives credence to Donald Trump's claims that he had a bad microphone on Monday night. "Regarding the first debate, there were issues regarding Donald Trump's audio that affected the sound level in the debate hall," read the statement in its entirety.
"A video of Donald Trump testifying under oath about his provocative rhetoric about Mexicans and other Latinos is set to go public" as soon as today. "Trump gave the testimony in June at a law office in Washington in connection with one of two lawsuits he filed last year after prominent chefs reacted to the controversy over his remarks by pulling out of plans to open restaurants at his new D.C. hotel. D.C. Superior Court Judge Brian Holeman said in an order issued Thursday evening that fears the testimony might show up in campaign commercials were no basis to keep the public from seeing the video."
No matter that his recall of foreign leaders leaves something to be desired, Gary Johnson is the choice of the Chicago Tribune's editorial board. The editors argue that Donald Trump couldn't do the job of president, while hitting Hillary Clinton for "her intent to greatly increase federal spending and taxation, and serious questions about honesty and trust." Which leaves them with Johnson. "Every American who casts a vote for him is standing for principles," they write, "and can be proud of that vote. Yes, proud of a candidate in 2016."
Speaking at the funeral of former Israeli Prime Minister Shimon Peres, President Obama "compared Peres to 'other giants of the 20th century' such as Nelson Mandela and Queen Elizabeth who 'find no need to posture or traffic in what's popular in the moment.'" Among the 6,000 mourners at the service was Palestinian President Mahmoud Abbas. Obama called Abbas's presence a sign of the "unfinished business of peace" in the region.
Three million—a number that lays "bare the significant gap between Donald Trump’s bare-bones operation and the field program that Clinton and her hundreds of aides have been building for some 17 months."