Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection

Share Button

home depot teaching kids to buildWith the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features



It appears these new batch of cards are selling for $50-100 each, though we believe those prices are likely to come down faster than in the past, as the window of opportunity to profit from stolen cards has shrunk. This has happened because financial institutions have become smarter about dealing with these attacks.

For example, black market sites used to allow you to 'test' a stolen card, charging a small amount on it before committing to purchase, in order to prove it was a valid card. Since the Target breach, banks have improved their detection methods to look for these kinds of charges (as an indication of likely potential new fraud), so these sites no longer offer this service.

In addition, more banks are monitoring the black markets themselves, either on their own or through services like Easy Solutions provides, as an early warning system for stolen cards.

We expect we'll continue to see these large scale retail breaches continue, as a result of wide open POS devices, combined with the incredible difficulty of discovering a large, sophisticated breach. The hope here though is that banks and retailers are becoming faster to respond, and are improving their detection methods, thereby shortening the window of opportunity for these criminals, and reducing the exposure and hassle to consumers.

Related Posts

Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.
Blunt Phishing’s Hook with Victim Insights 2.0

Typically, anti-phishing protection is a hammer that views every malicious site as a similarly-sized nail. It discovers a phishing site, slates it for removal, and eventually removes it from the...internet so that users can’t click on or enter their credentials into it.

Leave a Reply

Your email address will not be published. Required fields are marked *