Euro Security Watch with Mathew J. Schwartz

Card Not Present Fraud , Cybercrime , Fraud Management & Cybercrime

Publicity Stunt: Criminals Dump 2 Million Free Payment Cards

Credit Card Market BidenCash Again Leaks Free Data as Marketing Ploy
Publicity Stunt: Criminals Dump 2 Million Free Payment Cards
Image: Cyble

Here's further proof that cybercriminals are rampant self-promoters: Credit card market BidenCash, which sells compromised payment card data, last week released for free details of 2 million payment cards. The market for carders - aka credit and debit card thieves - trumpets that the release is intended to celebrate its one-year anniversary.

See Also: The External Attack Surface Is Growing and Represents a Consistent Vulnerability

"This leak contained at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards," of which about half were issued from U.S. banks, reports threat intelligence firm Cyble, based in Melbourne, Australia.

The leak included names, emails, phone numbers, home addresses, and the main offering: "payment card numbers, expiration dates and CVV codes, with the expiration dates ranging from early 2023 up to 2052," Cyble adds.

Whether actual fraudsters find that data dump useful is questionable. As New York threat intelligence firm Flashpoint says, the payment cards included in the dump are nearing expiration or are likely already rendered useless by a security alert. BidenCash's leak is more akin to a free food sample you get on a toothpick at the grocery store than a genuine freebie. "Like any offering of free samples, the goal is to attract new customers to the storefront," says Flashpoint.

BidenCash launched in April 2022 and is at least the second carder market - after Trump's Dumps - to incorporate the name of a sitting president. BidenCash competes with a number of other sites devoted to carding. The top shops - based on volume of payment cards for sale - are Entershop at 63%, followed by Easy Deals at 14%, Toxyzen at 12%, BidenCash at 6% and VClub at 5%, Flashpoint reports.

Joker's Stash formerly dominated the stolen payment card data marketplace, wielding its reputation for selling batches of the freshest high-quality payment card data. Joker's Stash unexpectedly announced its shutdown in February 2021.

Repeat Strategy

This isn't the first time carder markets have recently dumped cards to stoke interest in their services, Cyble reports, and it's a sign of intense competition in a changing market to seize the empty spot left by Joker's Stash.

BidenCash last June dumped details for nearly 8 million credit card. In October 2022, it leaked for free the details of 1.2 million cards, and half the cards had been issued by U.S. banks. It wasn't the first market to pursue this strategy. AllWorld.Cards in August 2021 leaked details for more than 1 million cards obtained from 2018 to 2019.

Initial new market leader UniCC fell to a Russian crackdown in January 2022. Moscow also shuttered Ferum Shop, Sky-Fraud and Trump's Dumps, aka TDStore (see: Russia Shutters 3 Carding Markets, Including Trump's Dumps).

Once again, this "created a huge void in the underground marketplace" and multiple new shops, including BidenCash, appeared "to fulfil the illicit demand for compromised payment cards," Cyble reports.

Telegram Ascendent

Carder markets have traditionally been run as e-commerce sites reachable via the public internet or in some cases, .onion - aka dark web - sites reachable chiefly through the Tor browser.

Partially in response to takedowns of UniCC and its ilk, some sellers now offer their wares via the Telegram messaging app, sometimes even backed by videos to teach newbies the nuances of using stolen bank cards and other information to commit banking fraud, Israeli threat intelligence firm Kela reports.

Telegram has become "a popular platform for banking fraud cybercriminals who created dedicated channels for advertising stolen credit card information and checks, fullz and financial accounts," Kela reports. "Forged credit cards and banknotes are also a popular item for sale. For example, sellers claim that they provide a cloned ATM card with a PIN."

For stolen payment cards, demand is greatest for card data that includes CVV or CVV2 information - the three-digit or four-digit code on the back of a card - because of the type of fraud this can facilitate - including card-not-present purchases - Kela says,.

Experts say that while chat apps offer upsides, for buyers in particular they also have downsides. In general, carder markets are easier for buyers to find, and they are backed by their reputation and guaranteed validity rates, which offer better protection for criminal buyers, who are savvy shoppers in addition to being fraudsters (see: Why Encrypted Chat Apps Aren't Replacing Darknet Markets).

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.