Stolen credit cards traded through online stores

Computerworld UK - Fraudsters are trading stolen credit card details using an online store, according to RSA.

The store's database of stolen cards contains 500,000 compromised cards and is updated four to five times per day, according to RSA's Anti-Fraud Command Center (AFCC).

Stolen goods are typically exchanged in underworld chat rooms, and the price for a stolen card typically runs in the range of $2 to $5, said the AFCC. This is slightly higher than the 'standard' price seen by the AFCC in established fraudster forums.

The site also claims that 97% to 100% of its cards are valid, and offers to replace invalid product at no charge.

RSA, the security division of EMC, says the site has been designed to function in the same way as any other e-commerce entity. Before shopping, fraudsters sign up to the site via anonymous enrollment, and fund their accounts with an e-currency transfer -- a popular method of conducting business between these groups.

When someone wishes to purchase credit cards, the individual can make a selection according to both the card type and the country where the cards were issued, including Austria, Sweden, the U.S., the U.K., Belgium, Switzerland and Denmark. After selecting the country, card type and amount of cards, the fraudster will add the cards to the "shopping cart" and complete the purchase. The right amount of money is automatically deducted from the buyer's account, and the fraudster is given a link to a text file, in which the card details can be found.

"This is yet another innovation on the part of fraudsters who are continuously developing new ways of exploiting consumers for financial gain," commented Marc Gaffan, director of marketing, Consumer Solutions at RSA. The RSA notified its customers of this new development via its forum, called eFraudNetwork.

The AFCC has worked with law enforcement agencies and its own financial sector customers to mitigate the online store's activities.