Trade in stolen credit cards on the dark web is on the rise. Several thousand credit cards are offered for sale every day. IT security expert Oliver Münchow searches on behalf of companies for security vulnerabilities and data on the dark web. In the course of this activity, he also repeatedly comes across stolen card data. In this interview he tells us how data gets on to the dark web and how we can protect ourselves against card crime.
17.10.2023 –On average, how many data sets with card information of Swiss citizens are stolen and offered for sale per month?
We search on behalf of companies for gaps in their security systems. We also go on the dark web for that. While doing this we repeatedly come across credit card data being offered for sale. When we checked we found that this year around 30,000 Swiss credit cards a month have been compromised. We cannot say the exact number because we do not collect the data systematically, but most probably the number of unreported cases is even greater.
How does the card information end up on the dark web?
The trade in data, and not just credit card data, is organised very professionally. Often the information on the dark web originated from phishing attacks or malware installed on victims' devices. Once there, the stolen information is offered on various marketplaces. Login data, for instance, is sold on other platforms than credit card data. In the case of installed malware, it can even happen that the PC is "rented" amongst hackers and the data stored on it is exploited for as long as the malware is running on the device.
What do buyers do with stolen card data?
Stolen credit card information is often used to put through small charges that escape the immediate notice of the credit card owner. If the cardholder does not keep a close check on their card statements this practice can be continued over an extended period of time. Overall it must be said that fraudsters are very creative when it comes to using stolen data for their own purposes.
What three tips can you give cardholders to protect themselves from card fraud?
Firstly, it is most important that cardholders check their card statements carefully and look out for odd debits, unknown company names or withdrawals from countries they have not been to. Secondly, one should always remain cautious when surfing and shopping on the internet, especially when opening links in an email, visiting a website or before installing software on your own device. And thirdly, I advise against storing credit card data on websites, as they can be hacked and the data stolen.
About the author:
Oliver Münchow is the founder and managing director of Kaduu, a company based in Zug. Through his company he shows what data can be found about organisations on the deep web and dark web and discovers their security gaps. As an IT security expert, he has been active in many areas of IT security; he came into contact with the dark web early on as a penetration tester.
You can find more information on how to protect yourself against card fraud here.
Read more News
Card fraudsters are maintaining their data collections
That might sound funny, but the reality is no joke. Fraudsters send out large numbers of messages… Read more
Attention: Google has a new design
At the beginning of March Google modified the design of its identification logo and is gradually… Read more
Card fraudsters are making use of ChatGPT & Co.
Artificial intelligence has already revolutionised our everyday lives in many areas. Card… Read more
Holiday time: Beware of phishing when making online bookings
Spring is here and many last-minute travellers are using online booking platforms to book a few… Read more