Deep and Dark Web “card shops” are the primary means through which criminals obtain card data. Card shops lower the barriers to entry for less-skilled criminals to facilitate card not present (CNP) fraud for online transactions. Rather than stealing the data themselves, all the criminals need to do is buy the card data from a card shop. The rise of Joker’s Stash (2014) seems to correspond with the timeline of the rise of EMV in the U.S. The EMV Chip (and thus the decreased use of magnetic stripe) makes what were once tried-and-true tactics for in-store carding‚ ‘
i.e. skimmers & POS malware’, much less feasible, criminals shifted towards CNP fraud, which is easier, and cheaper, and less resource intensive. We will analyze the data that is currently available on credit card shops, including sources of card data, card information, price, and geographic heat maps of the carded information. Fighting CNP fraud is much more difficult than fighting in-store fraud. We will use this information to better understand targets of carders and carding shops, like Joker’s Stash, and how to fight this growing form of fraud.
Ian Gray is the Director of Americas Research and Analysis at Flashpoint, where he focuses on Deep & Dark Web intelligence. Ian actively researches cybercriminal usage of new and emerging technologies for malicious purposes in English and Portuguese language communities. Additionally, he has been researching policy gaps that contribute to various forms of fraud, as well as the economic factors contributing to cybercrime. Ian is also an adjunct Professor at Fordham University’s Master of Cybersecurity Program.
Maxwell Aliapoulios is a PhD student at NYU Tandon. Max’s published work includes tracking ransomware, IPTV pirarcy, and supply chains in underground cybercriminal marketplaces. He continues to apply academic research principles to understand cybercrime activity, including natural language processing, stylometry, and machine learning. Max also works as a Research Developer at Flashpoint.