According to a recent report by a national publication, credit and debit card details of nearly half a million Indians, have been put up for sale on an underground website. The website is a popular resource for financial fraud, as per cybersecurity researchers that say that the leak is the most serious one, in the last one year.
All the information that has been put up for sale on Joker’s Stash, is inclusive of a sensitive level of detail, like expiry dates, CVV/CVC dates, cardholders’ names, email ids in some cases, adding the 14-16 digit card numbers, as per Group IB, a cybersecurity firm based out of Singapore.
All these can be used for carrying out financial transactions online, without needing any other method of authentication.
An industry expert had said that this is the second major leak of cards that relates to Indian banks detected by Group IB threat intelligence team in the last several months. Presently, people are dealing with the so-called fullz, where they have information on card number, expiry date, CVV/CVC, cardholder name, and some extra personal information.
The expert added that each of these 461,976 cards’ details were being sold for $9 billion, which brought the total value to the data leak to $4.2 million.
The Reserve Bank of India (RBI’s) 2018-19 annual report says that there were around 1,866 instances of frauds through cards and internet banking. Around INR. 20 lakh was stolen per fraud, as per the RBI data.
Several Indian cybersecurity officials have alerted the RBI that and many Indian banks that such data was being sold on the dark web. A senior official said that it’s not known yet that how many cards are active.
There was a similar data dump in October that was found by Group IB, however, insiders said that information was limited to data contained in a card’s magnetic strip. Most payment gateways in the world require additional details like CVV and expiry dates. In October, there was a much larger number of cards exposed (1.3 million), however, the listing was taken offline.
What’s questionable is, how was this data were stolen, or who was behind it, however, it appears to have been done by hackers who had deployed tactics like phishing, implanting malware, or compromising e-commerce website with ‘sniffers’ that usually captures a customer’s payment details.
Also, transactions that are routed through Indian payment gateways always require a second layer of authentication. This is usually a password that is set by a cardholder, or through an OTP sent to the person’s mobile or email ids.
There are websites like Joker Stash exist pretty well in the dark web, a part of the internet, that is indexed by search engines like Google.