Deep and Dark Web “card shops” are the primary means through which criminals obtain card data. Card shops lower the barriers to entry for less-skilled criminals to facilitate card not present (CNP) fraud for online transactions. Rather than stealing the data themselves, all the criminals need to do is buy the card data from a card shop. The rise of Joker’s Stash (2014) seems to correspond with the timeline of the rise of EMV in the U.S. The EMV Chip (and thus the decreased use of magnetic stripe) makes what were once tried-and-true tactics for in-store carding‚ ‘
i.e. skimmers & POS malware’, much less feasible, criminals shifted towards CNP fraud, which is easier, and cheaper, and less resource intensive. We will analyze the data that is currently available on credit card shops, including sources of card data, card information, price, and geographic heat maps of the carded information. Fighting CNP fraud is much more difficult than fighting in-store fraud. We will use this information to better understand targets of carders and carding shops, like Joker’s Stash, and how to fight this growing form of fraud.