Supermarket for stolen credit cards found
Two CVV2s for the price of one.
By John Dunn | Techworld | Published: 14:30, 26 March 2008
If you’ve ever wondered where stolen credit card numbers end up, Finjan might have part of the answer. The security company-cum-cybersleuthing outfit has uncovered a website supermarket for stolen card data.
The ‘SellCVV2’ website, as it is called, was found to be trading the card numbers and other data in a number of sophisticated ways. Criminals visiting the site would be able to earn discounts based on volume bought and choose from a range of tiers, starting at the least valuable Classic Visa or MasterCard – those with the lowest credit limits – through more valuable Gold, Platinum, and Corporate levels.
According to Finjan, prices ranged from $38 (£19) for small volumes of premium card numbers, down to $10 (£5) for the equivalent low-limit cards in chunks of 100 at a time. Criminals worried about being stung themselves by non-working cards were being offered “guarantees” as well as trial data sets.
No breakdown was given on where or how the cards might have been stolen, but they are believed to be from around the globe and possibly culled using online Trojan-related techniques.
"The site, which appears to use Google's Blogspot service, is typical of a number of portals promoting the exchange of fraudulent card data. But what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved," said Finjan’s CTO Yuval Ben-Itzhak.
The site gets its rather apt name from the three-digit CVV2 (Card Verification Value 2) number on the reverse of credit cards, essential for remote transactions, and implying that these crucial verification numbers are also being supplied.
All this after Finjan reported recently on a similar site found to be selling a large number of valid FTP server logins, many used by large companies around the world. As with SellCVV2, that site used a sophisticated trading model.
"If further proof were needed that there is a very serious problem facing the card acceptance and processing industry, this is it. The level of sophistication shown on the site, acts as a clear warning to anyone who thinks card fraud is a containable problem," said Ben-Itzhak.
