Credit cards with security chips have helped cut down on Dark Web sales of stolen card data, but the problem persists, especially in the U.S., says Cybersixgill.
Stolen credit card data is always a hot item for sale on the Dark Web, particularly if the package includes not just the card number but the expiration date and CVV code. To crack down on fraud, card vendors have long since turned away from stripe-only cards to those with embedded security chips that not only use encryption to secure transactions but are more difficult to clone. A recent report from cyber intelligence provider Cybersixgill looks at the current state of credit card fraud on the Dark Web.
Facts and figures of credit cards on the Dark Web
For its “Underground Financial Fraud H1 2022 report,” Cybersixgill found that more than 4.5 million stolen payment cards were up for sale on the Dark Web during the first half of 2022. Though this number is a significant drop of 68% from the more than 14 million such cards discovered during the last half of 2021, this still represents a substantial amount of fraud.
Almost half (45%) of the cards for sale on underground markets were issued in the United States. One likely reason is because the U.S. is home to more than 1 billion credit cards. An American consumer owns four credit cards on average, compared with citizens in the European Union who own one or two cards, according to Experian.
However, another factor may be the impact of EMV cards, or chip cards. Outfitted with an embedded security chip, such cards better protect consumers against theft and compromise than do cards with just a magnetic stripe. Research cited by Cybersixgill indicates that European countries are hit by less credit card fraud because they jumped on the EMV bandwagon earlier than their American counterparts.
On the other side of the fence, Russian credit cards are much less common on the Dark Web, with only around 5,400 cards seen for sale during the first half of 2022. The reason, says Cybersixgill, is that cybercriminals who operate in Russia often do so without much objection from the Kremlin as long as Russian citizens aren’t targeted.
SEE: Mobile device security policy (TechRepublic Premium
Cybercriminals rely on a few tactics to capture credit card information. Some will target e-commerce sites through data breaches or phishing attacks where they’re able to steal the necessary data. Others will physically install skimmers on ATMs, sales terminals and gas station pumps. After stealing the credit card details, the crooks will typically sell them on the Dark Web where other criminals will buy and use them to commit fraud.
Most of the stolen credit cards seen on the Dark Web during the first half of the year were issued by the four major networks. Some 49% came from Visa cards, 36% from Mastercard, 13% from American Express and 2.5% from Discover. Cards sold with CVV or CVV2 numbers are more lucrative and therefore more common on the Dark Web than are cards sold as dumps, which are electronic copies of the information from the magnetic stripe on the card but without the CVV data. Further, stolen cards with the CVV numbers may also include the user’s address, email and other sensitive information that can be used for identity fraud and account takeovers.
“Despite continued efforts by law enforcement agencies, credit card networks, banks, and retailers to improve security, fraudsters are expected to adapt and evolve their skills and techniques, finding new methods to exfiltrate sensitive payment credentials from cards being utilized both virtually and physically,” Cybersixgill said in its report.
How to make sure your credit card doesn’t end up on the Dark Web
To help consumers and businesses cut down on credit card fraud, Cybersixgill offers several tips.
Monitor your bank accounts
Scan your financial accounts for suspicious transactions or login attempts. Many banks will send you text or email notifications if suspicious activity is detected on your account.
Beware of shipping confirmation emails
If you receive an email claiming to confirm a purchase order or product shipment, don’t respond directly to the email. Instead, sign into the associated website directly to check your order status.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Don’t reuse passwords
Avoid relying on the same passwords across different websites and services. Instead, use a password manager to create complex and unique passwords for each account. Then enable multi-factor authentication to further protect your accounts from compromise.
Watch out for coupons and promotions
Be wary of offers for coupons and promotions sent to you via text or email. To follow up, look for these deals on the associated website and not through any links in the message.
For retailers, install chip-enabled point-of-sale systems
These systems can better protect the credit card data of your customers. Credit cards with chips are much more difficult for criminals to clone and use.
more recommended stories
How data from period-tracking and pregnancy apps could be used to prosecute pregnant peopleCredit: Unsplash/CC0 Public Domain Many popular.
-
How To Use Google Data Studio (Guide with Examples)
Image: Google Google Data Studio helps.
-
Escape Academy has made it harder to mess up your perfect score
I loved, loved Escape Academy. I.
-
Toward a widespread use of virtual travel?
Travelling without moving thanks to the.
-
How to install that latest version of Docker on AlmaLinux
Jack Wallen shows you how to.
-
Are ethical hackers the digital security answer?
TechRepublic speaks to HackerOne about how.
-
Twitter has to give Elon Musk documents from former product head Beykpour
Elon Musk’s lawyers notched a partial.
-
5 Linux command line classes from Coursera
Whether you want to learn Linux.
-
Nintendo Switch Joy-Con controllers are $25 off for today only
This story is part of a.
-
Is propane a solution for more sustainable air conditioning?
Credit: Pixabay/CC0 Public Domain Current severe.
