Earlier this year, a New York man pled guilty to managing a credit card theft scheme responsible for stealing $1,500,000 from 4,000 account holders between 2015 and 2018. According to the United States Attorney’s Office, the ring of thieves obtained the credit card information on the dark web, and used that information to create their own cards. The fraudulent credit cards were used to purchase gift cards, flights, hotels stays, and other goods and services.
Dark web credit card fraud has been a problem for a long time, and it shows little sign of slowing down. A recent report found 4.5 million credit card numbers for sale on the dark web during the first half of 2022. Nearly half had been issued in the U.S.
This article will explore credit card theft on the dark web, explain how criminals obtain and use stolen data, and explain how to detect and prevent credit card fraud.
Understanding Credit Card Fraud on the Dark Web
The phrase “dark web” conjures images of illegal activity, but it simply refers to the encrypted part of the Internet that isn’t indexed by search engines. It’s a big piece of the web, however, at 48% of the web. Only accessible by a specific browser, the dark web keeps traffic anonymous.
Legitimate users of the dark web include activists, or people who live under oppressive regimes, but they only account for a small percentage of the dark web. The majority of dark web sites deal in illicit goods and services. The sale of payment card information is big business; in 2022, the average price of stolen credit card data averaged between $17 and $120, depending upon the account’s balance.
How Threat Actors Obtain and Trade Credit Card Data
A 2018 special report from Vice shows an anonymous scammer browsing stolen credit card numbers on the dark web. He chooses one, stamps the number and information onto a blank card, and uses that card to make payments, often using the stolen payment information to buy goods, like gaming systems, and sell those as well.
So where does the stolen card information come from? Payment information is stolen in a variety of ways before it ends up on the dark web. Many payment card numbers are stolen via data breaches; threat actors compromise payment sites, allowing them to stealth credit card numbers. Others might be stolen through phishing attacks on companies, stealing their customers’ payment information. Some credit card details are stolen using devices called skimmers, which are placed in card readers specifically to steal payment information.
The payment information is then posted for sale on the dark web where other threat actors can purchase and use it.
The Impact of Dark Web Credit Card Fraud
In Vice’s 2018 video, the anonymous credit card scammer is asked about the people whose payment information is being stolen. His response? Victims who report fraudulent charges to the credit card company get their money back.
“I’m not doing nothing wrong,” he says.
He is, of course, wrong: credit card fraud is not a victimless crime. While individual cardholders are often reimbursed for fraudulent charges, the charges do affect merchants and vendors, who are forced to pay chargebacks, essentially being forced to return funds to the customer’s card. Small businesses can be devastated by large chargebacks, but payment disputes also affect larger businesses. A recent report found 65% of merchants reported an increase in chargeback fraud, and that it’s becoming more difficult to fight those charges.
Stolen credit cards are also harmful to the businesses from which they were stolen in the first place. Customers whose payment information was stolen are less likely to want to continue doing business with your organization after a hack and your organization may sustain long-lasting reputational damage.
Detecting Dark Web Credit Card Fraud
Detecting and preventing dark web credit card fraud can be difficult since the dark web is, by nature, hidden. It’s not impossible, however. By using specialized tools cybersecurity professionals can track these illegal activities and alert financial institutions of potential threats.
Monitoring the Dark Web
Use a service, like Flare, that allows you to monitor the dark web for any mentions of your organization’s information, including business credit card numbers. Flare, for example, enables you to automatically scan the clear & dark web for any leaked or stolen account credentials. By doing this, you can find your credentials for sale on the dark web and secure them before they are exploited.
Tools and Services for Detection
It’s important to detect fraud when a threat actor is trying to use stolen payment information to make a purchase from your business. Tools like an Address Verification Service (AVS) can help detect fraud in online purchases by comparing a customer’s billing address with the address on file with the issuing bank. Flare’s Dark Web Monitoring platform monitors dozens of .onion sites for credit card fraud, BINS and other financial fraud related data. In addition we continuously monitor hundreds of Telegram channels and other parts of the ecosystem to proactively help prevent fraud.
Responding to Detected Credit Card Fraud
Once fraud is detected, a business must act immediately by contacting any customers who may have been impacted and contacting the payment processor to report the fraud. If the fraud involves multiple customers, notify them as soon as possible to inform them of the situation and to provide guidance on how to protect their personal and financial information.
Preventing Credit Card Fraud: Best Practices
When it comes to credit card fraud, the best offense is a strong defense. Preventative measures can keep payment information safe. These measures include implementing robust security practices, such as encryption and multi-factor authentication, to protect credit card data and reduce the likelihood of it ending up on the dark web.
Ensuring Strong Encryption and Secure Data Storage
Use encryption to protect customer data and secure your payment processing system. The more secure your information is, the less likely it will be to fall into the hands of a threat actor.
Implementing MFA
Use multifactor authentication to prevent threat actors from guessing at weak passwords, or getting into your systems with a brute force attack. MFA and strong password requirements will force your employees to use strong passwords and change them often.
Regularly Updating Security Measures
Security is not a crockpot; you can’t just set it and forget it. Cyberthreats are constantly evolving, and your security measures should be continuously updated as well. If they aren’t, your defenses are likely to become obsolete.
Employee Training and Awareness
Cybersecurity is everyone’s job. By training your employees, you can make sure they’re able to spot social engineering schemes, avoid malware, and keep their own personal information safe, as well as the information of your customers.
How Flare Can Help with Dark Web Monitoring
Flare monitors the clear and dark web as well as illicit Telegram channels for high-risk external threats to your organization.
Our platform can detect any suspicious mentions about organizations, or stolen payment information to give as much time as possible to prepare for data breaches.
Curious about how Flare can help your organization detect credit card fraud? Request a demo to learn more.
