In a major crackdown on the sale of stolen credit card data on dark web marketplaces and card shops, Europol and authorities from the UK, Italy, and Hungary seized 90,000 pieces of card data and prevented approximately €40 million in losses.
The operation, dubbed Carding Action 2020, was launched with the aim of targeting fraudsters selling and purchasing compromised credit card details on websites selling stolen credit card data, known as card shops, and dark web marketplaces.
While it is not known if any seller or buyer of compromised credit card details was arrested, Europol said that it assisted law enforcement agencies from Italy and Hungary and worked with the UK, security firm Group-IB, and experts in the field of payment card fraud to tackle the menace of the sale and purchase of stolen credit cards on dark web marketplaces.
“With more than €40 million in losses prevented, Carding Action 2020 is a great example of how sharing information between private industries and law enforcement authorities is a key in combating the rising trend of e-skimming and preventing criminals from profiting on the back of EU citizens,” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3).
Noting that card-not-present fraud is a criminal threat in constant evolution, generating millions of euros of losses and affecting thousands of victims from across the EU, Europol said the significant increase of prevented losses was also influenced by the expansion of e-skimming attacks targeting merchant point of sale systems and e-commerce merchants.
While significant, the latest operation may do little to disincentivise hackers from committing credit card fraud (card-not-present fraud) or selling stolen credit card details on dark web marketplaces. According to FIS Global, total losses due to card-not-present fraud is expected to touch $24 billion in the US by the end of this year.
In its latest Quarterly Financial Crime Report, risk management platform Feedzai today listed card cloning among the three most common global fraud contributors in the third quarter. Card cloning schemes involve fraudsters buying and selling stolen payment cards on the dark web and instances of card cloning fraud increased by 34% across industries.
The severity of card cloning can be gauged from the fact that in October last year, a cyber attack that targeted BriansClub, an underground store selling stolen credit and debit card records, resulted in the recovery of as many as 26 million credit and debit card records that included data stolen from hacked online and brick-and-mortar retailers since 2016.
According to security researcher Brian Krebs, credit and debit card records recovered from BriansClub included 1.7 million card records stolen from online and brick-and-mortar retailers in 2015, 2.89 million records stolen in 2016, 4.89 million records stolen in 2017, 9.2 million records stolen in 2018, and another 7.6 million records that were stolen by various hackers between January and August 2019.
"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term. However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player," said Andrei Barysevich, co-founder and CEO at Gemini to Krebs.