First reported by Cyble researchers last week, this story continues to get lot of buzz from Fox News and others this week. A web site that goes by the name of Biden Cash Market has posted 2 million credit cards online as a promotional blitz to attract customers. The site operates on both on the dark and clear web, offering credit card data for sale to the public.
The leaked information includes cardholders’ full names, card numbers, bank details, expiration dates, CVV codes, home addresses, and over 500,000 email addresses. According to D3Lab’s Head of Threat Intelligence, Andrea Draghetti, while tens of thousands the numbers are duplicates, over two million of the entries are unique.
Last fall the same BidenCash Market released a free dump of over a million credit cards in a similar promotional gimmick.
Baber Amin, COO of Veridium had this to say:
“Even the most security aware can have their credit card information compromised and made available. This can happen due to no fault of the individual.
“The data dump is not just about credit card information but contains valuable information that can be used for Identity theft. This second part should be a more serious concern, as it can lead to damage to credit score, reputation, and possibly legal issues. The damage from identity theft is long lasting.
On the financial side, the two main points of credit card compromise are:
- Point of sale and
- magecart or online skimming.
“EMV or chip cards were supposed to stop point of sale skimming. But because all EMV cards also have a mag stripe, if someone compromises the POS terminal where users are putting in their card, they can skim the information from the magstripe bypassing chip security.
“Contactless cards aka “Touch and Pay” is thus more secure than even EMV, as the card never needs to be inserted into any device and never leaves the user.
- As a merchant, make sure your POS terminals are up to date, especially for areas that are publicly visible, e.g. gas pumps, vending machines, ticket kiosks, etc.
- As an end user, always opt to use contactless payment at the point of sale.
“Magecart or online skimming is the compromise of online shopping carts and checkout process. Bad actors can inject malware into ill maintained ecommerce sites.
“Additionally, all the security offered by EMV and contactless cards is nullified, when the user voluntarily enters the CC information at checkout. Not only that, but they also enter information that can be used for Identity Theft, e.g. email address, shipping address, possibly a username and a password, etc.
- It is important for website administrators to stay up-to-date with their content management system’s patches and plugins.
- Buying from reputable online vendors is the best option for end users:
- If possible, use virtual cards online
- Use unique usernames and passwords on each site if you must create an account
- If they offer PayPal during checkout, use it, as it creates an indirect level of payment
- A better solution is to use services like Apple Pay and Google Pay, which replace sensitive information with arbitrary tokens (Tokenization). These services provide a more secure and convenient experience, as they use tokenization to protect sensitive information. Since these tokens disappear after each authorization, they cannot be reused if stolen. The other advantage of these services is that they work both in person and for online shopping. EMV or chip cards are reduced to the security of the older non chip card when paying online, as there is no chip reader available.”
These are all good tips that I hope become the norm so that scams like this become a thing of the past.
Like this:
Like Loading...
Related
This entry was posted on March 7, 2023 at 8:32 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
BidenCash Market Posts 2Mill Credit Cards Online In Birthday Blitz
First reported by Cyble researchers last week, this story continues to get lot of buzz from Fox News and others this week. A web site that goes by the name of Biden Cash Market has posted 2 million credit cards online as a promotional blitz to attract customers. The site operates on both on the dark and clear web, offering credit card data for sale to the public.
The leaked information includes cardholders’ full names, card numbers, bank details, expiration dates, CVV codes, home addresses, and over 500,000 email addresses. According to D3Lab’s Head of Threat Intelligence, Andrea Draghetti, while tens of thousands the numbers are duplicates, over two million of the entries are unique.
Last fall the same BidenCash Market released a free dump of over a million credit cards in a similar promotional gimmick.
Baber Amin, COO of Veridium had this to say:
“Even the most security aware can have their credit card information compromised and made available. This can happen due to no fault of the individual.
“The data dump is not just about credit card information but contains valuable information that can be used for Identity theft. This second part should be a more serious concern, as it can lead to damage to credit score, reputation, and possibly legal issues. The damage from identity theft is long lasting.
On the financial side, the two main points of credit card compromise are:
“EMV or chip cards were supposed to stop point of sale skimming. But because all EMV cards also have a mag stripe, if someone compromises the POS terminal where users are putting in their card, they can skim the information from the magstripe bypassing chip security.
“Contactless cards aka “Touch and Pay” is thus more secure than even EMV, as the card never needs to be inserted into any device and never leaves the user.
“Magecart or online skimming is the compromise of online shopping carts and checkout process. Bad actors can inject malware into ill maintained ecommerce sites.
“Additionally, all the security offered by EMV and contactless cards is nullified, when the user voluntarily enters the CC information at checkout. Not only that, but they also enter information that can be used for Identity Theft, e.g. email address, shipping address, possibly a username and a password, etc.
These are all good tips that I hope become the norm so that scams like this become a thing of the past.
Share this:
Like this:
Related
This entry was posted on March 7, 2023 at 8:32 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.