The mass theft of credit-card data has spawned an underground black market where huge stacks of those cards are being purchased by identity thieves.
This black market is in the spotlight thanks to a new expose from Brian Krebs, the same blogger who broke the story earlier this week that Target was investigating a data breach of millions of credit- and debit-card accounts.
Krebs explains that a large bank knew Target had been breached after it went and bought “a huge chunk of the bank’s card accounts from a well-known ‘card shop’ — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards.” He continues:
There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim’s bank account.
Target confirmed on Thursday that 40 million cards had been stolen in a nationwide data breach spanning from Nov. 27 to Dec. 15. Following the announcement, Krebs reached out to a small community bank in New England to see if it knew which of its cards had been stolen.
Krebs teamed up with the bank’s fraud team to figure out which of its cards might be at risk for fraud given that “the tiny bank had not yet heard anything from the card as specific cards that might have been compromised as a result of the Target breach,” despite the fact that almost 6,000 of the cards issued had been used in Target stores around the country. He began searching through a black-market card site and went shopping. What he found is nothing short of terrifying.
Like other card shops, this store allows customers to search for available cards using a number of qualifications, including BIN; dozens of card types (MasterCard, Visa, et. al.); expiration date; track type; country; and the name of the financial institution that issued the card….
Another fascinating feature of this card shop is that it appears to include the ZIP code and city of the store from which the cards were stolen. One fraud expert I spoke with who asked to remain anonymous said this information is included to help fraudsters purchasing the dumps make same-state purchases, thus avoiding any knee-jerk fraud defenses in which a financial institution might block transactions out-of-state from a known compromised card.
Krebs also notes that the store doesn’t let its customers buy up cards with their own credit cards. Instead, thieves must use virtual currencies like Bitcoin or wire transfers like Western Union to complete a transaction.
What We're Following See More »
The nonpartisan Congressional Budget Office has released its score of the House-passed American Health Care Act, which would replace Obamacare. According to the CBO, the bill would reduce the deficit by $119 billion by 2026, while leaving 14 million more Americans uninsured in 2018 than under current law, a number swelling to 23 million by 2026. Further, insurance premiums would balloon 20 percent in 2018 and five percent in 2019 before the waiver provision in the legislation would kick in. The provision allows states to apply for waivers and permit insurers to offer skimpier plans, which would likely entice younger and healthier individuals to buy health insurance while potentially pricing older and less healthy Americans out of insurance plans. House Republicans approved this bill in late April without waiting for the CBO score.
Republican Sen. Lindsey Graham said Wednesday during a Senate Appropriations subcommittee hearing that President Donald Trump's budget is little more than recycling bin material. "The budget proposed by the president doesn't have a snowball's chance in hell of passing," Graham said. Graham had previously opposed the budget over its nearly 30 percent cut to the budget of the State Department. The budget slashes spending on domestic priorities while increasing military spending.
Senate Majority Leader Mitch McConnell said Wednesday that he doesn't yet know the formula towards gaining passage of an Obamacare replacement in the Senate. "I don't know how we get to 50 (votes) at the moment. But that's the goal," McConnell said. The House passed an Obamacare replacement bill which has been widely seen as dead on arrival in the Senate, and McConnell has put together a working group of Republican Senators working towards creating health care legislation which could gain the support of at least 50 Senators.
"Former FBI Director Robert Mueller has been cleared by U.S. Department of Justice ethics experts to oversee an investigation into possible collusion between then-candidate Donald Trump's 2016 election campaign and Russia." Some had speculated that the White House would use "an ethics rule limiting government attorneys from investigating people their former law firm represented" to trip up Mueller's appointment. Jared Kushner is a client of Mueller's firm, WilmerHale. "Although Mueller has now been cleared by the Justice Department, the White House may still use his former law firm's connection to Manafort and Kushner to undermine the findings of his investigation, according to two sources close to the White House."