Supermarket for stolen credit cards found

Two CVV2s for the price of one.

If you’ve ever wondered where stolen credit card numbers end up, Finjan might have part of the answer. The security company-cum-cybersleuthing outfit has uncovered a website supermarket for stolen card data.

The ‘SellCVV2’ website, as it is called, was found to be trading the card numbers and other data in a number of sophisticated ways. Criminals visiting the site would be able to earn discounts based on volume bought and choose from a range of tiers, starting at the least valuable Classic Visa or MasterCard – those with the lowest credit limits – through more valuable Gold, Platinum, and Corporate levels.

According to Finjan, prices ranged from $38 (£19) for small volumes of premium card numbers, down to $10 (£5) for the equivalent low-limit cards in chunks of 100 at a time. Criminals worried about being stung themselves by non-working cards were being offered “guarantees” as well as trial data sets.

No breakdown was given on where or how the cards might have been stolen, but they are believed to be from around the globe and possibly culled using online Trojan-related techniques.

"The site, which appears to use Google's Blogspot service, is typical of a number of portals promoting the exchange of fraudulent card data. But what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved," said Finjan’s CTO Yuval Ben-Itzhak.

The site gets its rather apt name from the three-digit CVV2 (Card Verification Value 2) number on the reverse of credit cards, essential for remote transactions, and implying that these crucial verification numbers are also being supplied.

All this after Finjan reported recently on a similar site found to be selling a large number of valid FTP server logins, many used by large companies around the world. As with SellCVV2, that site used a sophisticated trading model.

"If further proof were needed that there is a very serious problem facing the card acceptance and processing industry, this is it. The level of sophistication shown on the site, acts as a clear warning to anyone who thinks card fraud is a containable problem," said Ben-Itzhak.


What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.


Characters remaining: 500

Add your commentComments

james | Published: 18:32 GMT, 08 October 2008

how do i find sites that offer these services

patel | Published: 15:52 GMT, 07 October 2008

how do you find sites like sellcw2

sloop | Published: 13:14 GMT, 27 March 2008

so do criminals buy information from this site using real credit cards or stolen ones ... just wondering

Dante | Published: 17:40 GMT, 26 March 2008

Just logged onto www.sellcvv2.com, they appear to still be up and running. And a google of sellcvv2 yielded a lot of wanna-bes trying to get you to "buy" credit cards from them, using your real credit card ;)

Related Security news

Microsoft denies building security 'backdoor' in Windows 7

Privacy organisations shouldn't read too much into NSA involvement it says

Pentagon expands exclusive deal with McAfee

Department of Defense uses McAfee products

Police arrest pair over global banking web scam

Man and woman arrested in Manchester for using notorious Zeus Trojan

Security star Fortinet sets price for IPO

Investors still have taste for tech.



Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *