Joker’s Stash, the internet’s largest carding shop has been selling stolen payment card data most of which have been issued to Indian banking customers. It is estimated that it’s one of the biggest card dumps with a value of 130 million dollars in recent years. Although its data sources are unclear, security researchers have estimated that they were skimmed from point-of-sale systems or ATMs.
Data source is unclear
Security researchers at Group-IB, a cybersecurity firm based in Singapore, discovered that stolen data of 1.3 million credit and debit cards were uploaded Joker’s Stash, most of which have been issued to Indian banking customers.
Joker’s Stash is a Dark Web destination specializing in trading stolen card data. The site advertises each card record with a heading like “INDIA-MIX-NEW-01” and pricing each card to $100. The information on the stolen card’s source is unclear. This information includes both track 1 and tracks 2 data which are located on a card’s magnetic strip.
Most of the cards are Indian
Track 1 and track 2 data include name, card number, expiry and potentially the CVV, as well as holder address and other discretionary information used by the bank for fraud protection purposes. According to Group-IB, card data was stolen from point-of-sale systems or ATMs.
Moreover, security researchers said that the card data is 90-95% valid and approximately 20% of the data belongs to one Indian bank while most of the cards are Indian.