During the first half of 2022, Cybersixgill found more than 4.5 million compromised payment cards for sale on underground credit card markets. For credit card holders, the good news is that this is down from more than 14 million cards found for sale during the last half of 2021. But it’s still a lot of payment cards.
About 45 percent, or by far most of the cards offered up for sale on underground markets, were issued in the United States. This is perhaps not surprising when considering that there are more than 1 billion credit cards in use in the US. According to the credit rating company Experian, an American consumer holds an average of four credit cards – a number that’s significantly higher than the one or two credit cards typically held by an EU resident. Not only are credit cards more common in the US, but 47 percent of Americans say they have been victims of credit card fraud in the past five years.
Some research suggests European countries have significantly lower credit card fraud rates because they were early adopters of EMV technology. EMV cards use a microchip embedded in the card to conduct a single-use transaction at the card scanner. This code, combined with the cardholder's PIN or signature, is the same as two-step authentication because it combines an item the user has, with something the user knows – the PIN.
Over the last couple of years, 'chip cards' as EMV cards are known in the US, have become more common and that may be one reason why the number of compromised American cards for sale on the underground has dropped significantly.
However, this doesn’t change the fact that the US is holding on to the number spot in the global market share of compromised credit cards.
With the boom in e-commerce – and the global pandemic driving some shoppers to web-based shopping for the first time – the most common type of credit card fraud is Card Not Present (CNP) fraud.
A victim of CNP fraud may not realize what’s going on right away, because the victim still has the physical credit card in their wallet. What’s been stolen, and now sold on the underground, is all the payment information down to the CVV number or Card Security Code: the three or four digits printed on the back of the card. With this information, a cybercriminal can use the card freely online.
Not surprisingly, threat actors are much more interested in card information that includes CVV/CVV2 information – 75 percent of the payment information for sale on the underground now includes CVV information, making it a lot easier to use the stolen information for fraudulent purchases.
In this Cybersixgill report on Underground Financial Fraud in the first half of 2022, we go into deep detail about the geographic distribution of compromised credit cards, and also the origin of the threat actors who are most likely to target an American-issued credit card.
Cybersixgill continues to add new underground markets to its already expansive collection of data sources from the dark web. Having visibility into these sources will help organizations stay up to date on threats, analyze industry trends and perhaps prevent the next cyberattack from happening altogether.