One of the first things you should do is cancel any auto-pay arrangements you have with your credit cards. That forces you to actually look at your bill before it gets paid. I had one card I saved as a backup and never used, somehow it still managed to get hit with a bunch of fraudulent charges. Because it was on auto-pay, I didn't notice it until reviewing my bank statement almost 60 days after the initial charges. The bank reversed the charges, but I was dangerously close to the cutoff date for doing so.
Since the card was never used in normal transactions, the only way that it could have been stolen was through some kind of "inside" hacking, but the bank never had any explanation. So I canceled it immediately. Lesson learned: not all banks treat security equally.
What’s the average price for a stolen credit card? How are prices shaped within the cybercrime ecosystem? Can we talk about price discrimination within the underground marketplace? Just how easy is to purchase stolen credit cards known as dumps or full dumps, nowadays?
Key summary points:
- Tens of thousands of stolen credit cards a.k.a. dumps and full dumps offered for sale in a DIY market fashion
- The majority of the carding sites are hosted in the Ukraine and the Netherlands
- Liberty Reserve is the payment option of choice for the majority of the portals
- Four domains are using Yahoo accounts and one using Live.com account for domain registration
- Four of the domains are using identical name servers
- Each DIY gateway for processing of fraudulently obtained financial data has a built-in credit cards checker or offers links to external sites performing the service
- Several of the fraudulent gateways offered proxies-as-a-service, allowing cybercriminals to hide their real IPs by using the malware infected hosts as stepping stones
