With the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features
It appears these new batch of cards are selling for $50-100 each, though we believe those prices are likely to come down faster than in the past, as the window of opportunity to profit from stolen cards has shrunk. This has happened because financial institutions have become smarter about dealing with these attacks.
For example, black market sites used to allow you to 'test' a stolen card, charging a small amount on it before committing to purchase, in order to prove it was a valid card. Since the Target breach, banks have improved their detection methods to look for these kinds of charges (as an indication of likely potential new fraud), so these sites no longer offer this service.
In addition, more banks are monitoring the black markets themselves, either on their own or through services like Easy Solutions provides, as an early warning system for stolen cards.
We expect we'll continue to see these large scale retail breaches continue, as a result of wide open POS devices, combined with the incredible difficulty of discovering a large, sophisticated breach. The hope here though is that banks and retailers are becoming faster to respond, and are improving their detection methods, thereby shortening the window of opportunity for these criminals, and reducing the exposure and hassle to consumers.