Batch of 460,000+ Payment Cards Sold on Black Market Forum
Researchers monitoring activity on underground markets found that more than 460,000 payment card records were offered for sale in two days on a popular forum where such data is being traded.
Jonathan Deveaux, head of enterprise data protection at comforte AG, which specializes in the payments industry, said:
“For about $1 per card, bad actors can buy stolen credit or debit card details to use for online purchases. The data includes valid expiration dates and card verification values (CVV codes), both of which are required for successful transactions through ecommerce sites. This lot of 460,000 card details was most likely stolen or exfiltrated through an online attack because most point of sale devices and kiosks do not ask for, or collect, CVV codes and expiration dates. Every organization that accepts payment cards for online purchases should be concerned about their ability to secure payment card details through their website. If they are not protecting payment card details at its earliest point of entry, then stolen data will continue to appear on the dark web for sale. Organizations need to tokenize or encrypt data, or, need to refuse to collect the data. There are no other options to reduce the chances of data theft happening within their control.”