Decoding Credit Card Fraud on the Dark Web

Credit card fraud has become a global pandemic in recent years. According to the Nilson Report, the cost of credit card fraud worldwide in 2024 stands at a staggering $35.79 billion , and it is projected to eclipse over $40 billion by 2026. Have you ever wondered where these massive volumes of credit card details are traded and exchanged?

The dark web, shrouded in anonymity and lacking regulation, serves as a breeding ground for criminal activity. Just in the last 3 months millions of unique credit card credentials have circulated across the deep and dark web.

Join us as we break down and discover the methodologies of card fraud using our dark web monitoring tool, Lunar.

In the following table you can see the number of leaked credit cards per company in the first quarter of 2024:

What type of stolen credit card information is traded on the deep and dark web

Credit Card Details

Full or partial credit card details, also known on the dark web as CVVs and CCs. These listings can include information such as the BIN number, credit card number, expiration date, and CVV number.

 In addition to just selling credit card details, some threat actors offer a “complete package” often referred to as “Fullz”. Fullz includes full personal details as well as financial details such as bank account details or social security numbers, which can be used for a full account takeover or identity theft.

Dumps – magnetic stripe data

This category, known as Dumps on the dark web, encompasses the raw magnetic strip data of credit cards. It includes critical information such as the bank account number, account balance, service code, PIN code, and card verification code. These details are primarily sought for physical use, enabling activities such as cash withdrawals from ATMs.

Credit card and BIN (Bank Identification Number) checkers

Alongside the trade of credit card data on the dark web, complimentary tools named checkers are often offered and sold on the dark web. Checkers are tools used by individuals and organizations to verify the validity and authenticity of credit card information and are used by threat actors to check the illicit information they purchase.

This stolen information is exploited by threat actors for financial gain through unauthorized charges, account takeover, and identity theft. The resulting financial loss is tremendous not only for the individual victim but also for the financial provider and any involved organizations. 

Where is credit card theft taking place on the deep and dark web?

This stolen data is readily available across various platforms on the dark web:

Credit Card Shops

Card Shops are a type of dark web marketplace that hosts the trade of credit cards and other stolen financial information. These platforms serve as hubs for cybercriminals to easily buy and sell compromised payment card details, including credit card numbers, CVV codes, expiry dates, and cardholder information.

Carding forums

Unlike carding shops, which primarily focus on the trade of information, carding forums serve a broader purpose within the cybercriminal community. On these forums, actors will often share techniques, hacking tools, strategies, and resources for conducting fraudulent activities.

Telegram carding groups

Leaking credit card credentials has become a very common phenomenon on chat applications, particularly Telegram. In fact, the overwhelming majority of leaked credit cards in past months originate from Telegram channels. Carding groups and channels reach up to tens of thousands of members, as they are easy to navigate and readily accessible. This makes these groups a growing threat.

Taking back control: Protecting your business

In the ever-evolving landscape of cyber threats, businesses face not only financial losses but also significant reputational damage when targeted by fraud actors on the dark web. Monitoring the deep and dark web becomes imperative for proactive defense against such threats. Lunar, our dark web monitoring tool is designed to empower individuals and businesses in this battle against cybercrime. With features like real-time alerts, data breach monitoring, and comprehensive dark web post monitoring, Lunar helps organizations stay ahead of deep and dark web threats in an increasingly hostile digital environment.