When you’re shopping for stolen credit and debit cards online, there are so many choices these days. A glut of stolen data — combined with innovation and cutthroat competition among vendors — is conspiring to keep prices for stolen account numbers exceptionally low. Even so, many readers probably have no idea that their credit card information is worth only about $1.50 on the black market.
Don’t you just hate it, though, when online stores nickel and dime you to death? I started to get that chintzy vibe when I opened an account at rock3d.cc, one of many sites where one can buy stolen Visa, MasterCard, Discover and Amex card information. The purloined card numbers — no doubt lifted from PCs infected with data-stealing malware like the ZeuS Trojan — fetch $1.50 for U.S. accounts, and $4 (USD) for accounts belonging to U.K. residents.
And for a premium, you can obtain “fullz,” or the card data plus other useful information about cardholders, such as their date of birth, mother’s maiden name, etc.
The trouble is, the minute you seek to narrow your search using the built-in tools, the site starts adding all these extra convenience fees (sound familiar?). For example, if I wanted to buy a card stolen from anyone around the Washington, D.C. area, it would probably be from a resident of McLean, Va., which is more or less a tony place where there are plenty of well-to-do folk. Anyway, the site found me a card (a MasterCard) belonging to a McLean resident alright, but then the service wanted to tack on an extra $.60 just because I isolated my search by city and state — raising the cost in my shopping cart to $2.10! No way, Jose. Not this bargain shopper.
Have you seen:
Virus Scanners for Virus Authors…The very first entry I posted at Krebs on Security, Virus Scanners for Virus Authors, introduced readers to two services that let virus writers upload their creations to see how well they are detected by numerous commercial anti-virus scanners. In this follow-up post, I take you inside of a pair of similar services that allow customers to periodically scan a malware sample and receive alerts via instant message or e-mail when a new anti-virus product begins to detect the submission as malicious.
hmm well i use this 1 “www.cvvplaza.com”
Rock3d was bether but this site is pritty much the same, just another gui.
yea i heard about it, a friend of mine had an account on cvvplaza but fee is a bit high but he said its worth the price. so i am looking forward to get an account on it.
Does anyone know why Discover sells for higher than Visa or Mastercard?
Maybe two reasons;
1. It is not as ubiquitous – and
2. Many of them are online secure, and trying to find one that has the base original number is not easy.
What are your thoughts on the possibility that Discover/AMEX is more likely to process a suspect transaction because of there lack of acceptance (or should I say because they’re not as widely accepted)? Thus adding value to them on the black market…
Can’t speak for AMEX, but I’ve had the purchase process stopped by the Discover center, during legitimate sales. I didn’t mind that however, as a simple phone conversation fixes the issue. This may not be for all accounts, but for the secure accounts, it is true.
Anytime, I go outside my habits, it seems like it trips the programing over there. I like that. Anytime a source tries to use one of the numbers that is not the original vendor, that number gets locked down.