The volume of stolen payment cards up for sale on the dark web has plummeted in the first half of 2020 thanks in part to changing shopping patterns driven by COVID-19, according to Sixgill.
The cyber-intelligence company’s biannual Underground Financial Fraud report is distilled from its analysis of underground carding and other sites.
It revealed that around 45.1 million cards were put up for sale in the first half of 2020, a 41% decline from the 76.2 million offered on dark web sites in the second half of 2019.
The firm explained that much of the decline could be linked to unusual law enforcement activity in Russia which has led to the closure of several underground sites during the period.
Although Russian police are usually content to let cybercrime activity flourish inside the country as long as it is directed at foreign targets, investigators arrested 25 and shut dozens of online marketplaces back in March.
These accounted for 54% of the world’s stolen card trade, according to Sixgill.
“It’s likely that many of the accused criminals had drawn the ire of authorities by violating domestic criminal laws,” wrote cyber-threat intelligence analyst, Michael-Angelo Zummo.
“In arresting the suspects, police found illicit narcotics, firearms, fraudulent Russian passports and Russian law enforcement identification. In other words, these select criminals seemed to have violated the first rule of cybercrime: don’t hack where you eat.”
However, more dark web markets subsequently rose to take the place of those shut down.
The dramatic drop in card volumes in fact can’t be explained by increased Russian law enforcement activity alone.
Rather, fewer people are now shopping in stores where point-of-sale malware and skimmers may be installed to steal their card data, said Zummo.
These “dumps” are used to clone cards for face-to-face fraud, whereas only internet-based attacks such as Magecart can harvest the CVVs cyber-criminals need to commit online fraud, he explained.
In Europe, where EMV is more widespread, online attacks and fraud are by far the most popular type.
“Activity on dark web marketplaces shows that the coronavirus lockdowns have changed the fraud landscape. As in-person shopping declined, so did the types of credit card fraud that depended on it,” Zummo concluded.
“This sequence of events points to a shifting strategy for cybersecurity professionals, and consumers as well. Merchants need to make sure they have tools in place to prevent e-skimming attacks like Magecart, and, as in-person shopping continues to tick upward, retailers should only use chip-enabled point-of-sale systems.”