The Lifecycle of Internet Fraud: How Credit Cards are Stolen, Sold and Used for Illegal Purchases

Over the past few years, online shopping has grown significantly, making it extremely easy to order anything you like, whenever you like, to wherever you like. Technology has made it more convenient for us to purchase goods, and hackers are no exception. This why one of the most targeted sectors in the Dark Web is the retail sector. The ease in which you can commit fraud these days and get the goods delivered to your doorstep with little to no risk, is just too appealing to overlook.

A big portion of online fraud focuses on a simple 2-step process:

  1. Get a stolen credit card
  2. Order whatever you like with it.

From there, it’s only a question of abilities and scale. Retail fraudsters range from your average neighborly hacker who uses a stolen credit card to order the new Call of Duty, to organized crime groups that buy digital goods as a money laundering tactic.

In this blog, we will demonstrate the complete lifecycle of online fraud. From stealing and selling credit cards, to stopping fraudulent transactions dead in their tracks.

Why Retail Is So Highly Targeted

Targeting the retail sector is nothing new. Fraud, scams, hacks, or plain old theft have always been challenges for shops and merchants. But with eCommerce and online shopping came cyber risks, and they are a lot riskier than their real-world counterparts.

The retail sector is highly targeted because it presents an easy target with relatively weak security, and a wide variety of companies to attack. Defrauding an online retailer is a low risk, high reward attack, and there’s certainly no deficiency in credit card data available. In fact, IntSights has seen an 149% year-over-year increase in stolen credit card data for sale on the dark web. Retailers are not equipped to investigate every fraud attempt, so attackers have very little fear that the police will come knocking on their door. And most importantly, there is plenty of money to be made. Whether it’s buying fancy clothes, shoes or watches to sell later, or selling dumps of credit card data, when there’s an opportunity to make money, cybercriminals will flock.

How Credit Cards Are Stolen

There are a number of methods to steal credit card details. Small-time hackers obtain credit cards for their own use, while big-time players obtain cards in order to sell them on black markets to small/medium players. You can think of them as credit card wholesalers.

Here is an unexhaustive list of methods to obtain credit cards:

  1. Phishing Websites: One of the most common ways to get credit card data is to setup a phishing website the pretends to be a legitimate online shop.
  2. Point of Sale (POS) Malware: Infecting unsuspecting retail stores’ POS machines and siphoning every credit card that’s being swiped can generate hundreds to thousands of credit card numbers per day.
  3. ATM Skimmers: Physical card readers that can copy the data of every card entered in the ATM.
  4. Malicious Apps: Whether it’s impersonating a bank’s mobile app, or just keylogging credentials in a legitimate app, malicious apps are a very prolific way to get credit card and bank data.
  5. Trojan Malware: Infecting your computer with a keylogging and screenshot-taking app that monitors your activity on your bank or credit company sites.
  6. Social Engineering: This can be a fake bank support call line, a SMS that leads to a phishing site, a tax return request, or a fake job proposal. Social engineering is very hard to mitigate as it depends on a person’s voluntary action, which is hard to anticipate and prevent.
  7. Black Markets: Don’t want to go through the hassle of the above methods or don’t have the skills? Just go to a black market and buy a bunch of stolen credit cards for $1 to $20 each, depending on the quality and freshness of the card (Figure 1).

Figure 1: Black Market Credit Card Retailer

The Credit Card Life Cycle

From the moment a credit card gets stolen, it begins its travel through the wonders of the dark web. In its first step, it will usually will end up in big database file (Figure 2). That database can be used for personal use, sold as a bulk credit card dump (such as a Fresh credit card DB), or sold separately, one by one in Dark Web CC shops (Figure 3). In a CC shop, you can filter cards individually by bank, card brand, type, level, location etc.

CC shops are more profitable to the vendor, as the price per card is higher, and can also be more useful to the buyer, as they can buy cards that are specifically suited for their location or buying needs. However, buying in bulk can be cheaper for the buyer, and easier for the seller, which is why it’s common to see large dumps of credit cards being sold as well.


Figure 2: Leaked Credit Card Database

Buyers can be anyone from a lower-level hacker, street-level criminal with minimal knowledge of computers, or even a neighbor kid trying to bolster his monthly allowance.

After a card has been obtained, it can be used to buy goods in the real world, or online. However, with ever-evolving defense systems, physical fraud is declining. It is less likely today that a criminal will just walk into Home Depot and try to pay with a stolen credit card. For those brave enough, the Dark Web is full of guides for how to do that, and which stores are least defended.

These days, cyber fraud is the preferred method because it’s more convenient and less risky. Why risk getting caught using a stolen card at Home Depot, when you can just sit in your living room in your underwear and order an Xbox to your doorstep. If the transaction doesn’t work, you can just try the next retailer.


Figure 3: Dark Web Credit Card Shop


eCommerce spans many different sectors and allows users to purchase goods from companies of all sizes. Whether it’s clothing, technology, food, or services, the list of fraud opportunities is endless. eCommerce and online shopping has grown exponentially in recent years, and the threats grow with them. It’s important to understand this lifecycle of credit card fraud so you can identify and reduce the use of stolen credit cards before they are used for fraud. Without intelligence and dark web visibility into the evolving threats around you, you’ll be blind to the attacks and scams that will most certainly come your way.

Want to learn more about the current state of the retail industry threat landscape?


Retail & eCommerce Threat Landscape Report: October 2018

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.