More than 460,000 credit cards and accompanying information has been discovered for sale on the Dark Web by security researchers at Group-IB. The cards for sale included the expiration date, CVV code (card verification value), card number, and the name of the person on the card.
The full story can be found here: https://www.bleepingcomputer.com/news/security/batch-of-460-000-payment-cards-sold-on-black-market-forum/
Robert Capps, VP of Market Innovation for NuData Security, a Mastercard company comments:
“Many websites are suffering from Magecart-like attacks as hackers deploy malware within the merchant checkout process, in an effort to steal credit card information as it’s entered by the consumer. Once stolen, this card data, including card number, expiration date, CVV and consumer information are sold on the dark web to hackers who are amassing this stolen information for card-not-present fraud. Unfortunately, these types of attacks are not going away. Consumers should check their credit card statements frequently, and contact their bank regarding any suspicious transactions they might see. Companies need to do more to verify the legitimacy of their buyers, by also identifying consumers by their online behaviour, instead of just relying on credentials or consumer information like credit card numbers. This method allows companies to more easily identify potentially fraudulent transactions that use credit cards that have been stolen, before the transaction is completed.”