Supermarket for stolen credit cards found

Two CVV2s for the price of one.

By John Dunn | Techworld
Published: 14:30 GMT, 26 March 08

If you’ve ever wondered where stolen credit card numbers end up, Finjan might have part of the answer. The security company-cum-cybersleuthing outfit has uncovered a website supermarket for stolen card data.

The ‘SellCVV2’ website, as it is called, was found to be trading the card numbers and other data in a number of sophisticated ways. Criminals visiting the site would be able to earn discounts based on volume bought and choose from a range of tiers, starting at the least valuable Classic Visa or MasterCard – those with the lowest credit limits – through more valuable Gold, Platinum, and Corporate levels.

According to Finjan, prices ranged from $38 (£19) for small volumes of premium card numbers, down to $10 (£5) for the equivalent low-limit cards in chunks of 100 at a time. Criminals worried about being stung themselves by non-working cards were being offered “guarantees” as well as trial data sets.

No breakdown was given on where or how the cards might have been stolen, but they are believed to be from around the globe and possibly culled using online Trojan-related techniques.

"The site, which appears to use Google's Blogspot service, is typical of a number of portals promoting the exchange of fraudulent card data. But what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved," said Finjan’s CTO Yuval Ben-Itzhak.

The site gets its rather apt name from the three-digit CVV2 (Card Verification Value 2) number on the reverse of credit cards, essential for remote transactions, and implying that these crucial verification numbers are also being supplied.

All this after Finjan reported recently on a similar site found to be selling a large number of valid FTP server logins, many used by large companies around the world. As with SellCVV2, that site used a sophisticated trading model.

"If further proof were needed that there is a very serious problem facing the card acceptance and processing industry, this is it. The level of sophistication shown on the site, acts as a clear warning to anyone who thinks card fraud is a containable problem," said Ben-Itzhak.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Add your commentComments

james | Published: 18:32 GMT, 08 October 2008

how do i find sites that offer these services

patel | Published: 15:52 GMT, 07 October 2008

how do you find sites like sellcw2

sloop | Published: 13:14 GMT, 27 March 2008

so do criminals buy information from this site using real credit cards or stolen ones ... just wondering

Dante | Published: 17:40 GMT, 26 March 2008

Just logged onto www.sellcvv2.com, they appear to still be up and running. And a google of sellcvv2 yielded a lot of wanna-bes trying to get you to "buy" credit cards from them, using your real credit card ;)

Related Security news

Antivirus programs fail to stop new malware

One in three systems infected.

09 February 2010

Adobe sorry for 16-month-old Flash bug

Unpatched vulnerability 'slipped through the cracks'

HTML 5 leaves client storage open to web attacks

Security researcher says web apps could be vulnerable

Rugged Manifesto calls on developers for secure code

Security professionals call for better programming practices

Related Security reviews

Malwarebytes' Anti-Malware Free review

Kaspersky Lab AntiVirus 2010 review

Avira AntiVir Premium review

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Challenges and opportunities of PCI

The Payment Card Industry Data Security Standard provides an enterprise structure for improving operational, security, and audit performance. The benefits of the PCI DSS go beyond audit costs and results.

Download Whitepaper

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Six essential steps to successful IT centralisation

This report, based on the real experience of a recent centralisation project, is aimed at those involved in IT strategy within their organisation. It provides some practical insights for CIOs, CTOs, Heads of IT, IT Directors and those involved more closely with the service management function.

Download Whitepaper

Application Grid: The ideal platform for IT consolidation

Evaluating the opportunity for consolidation of middleware — Java application servers and related technologies.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *