A Company for internet security solutions called Finjan uncovered a website supermarket for stolen credit card data.
The web shop is called “SellCVV2″ and was found to be trading the credit card numbers and other data in a few sophisticated ways. The site gets its name from the three-digit CVV2 (Card Verification Value 2) number on the reverse of credit cards, essential for remote transactions, and implying that the numbers themselves are also being supplied. “Buyers” visiting the site would be able to earn discounts based on volume bought and choose from a range of least valuable Classic Visa or MasterCard with low credit limits through more valuable Gold, Platinum, and others.
According to Finjan, prices ranged from $38 for small volumes of premium card numbers, down to $10 for the equivalent low-limit cards in chunks of 100 at a time. Criminals worried about being stung themselves by non-working cards were being offered “guarantees” as well as trial data sets.
No information is given on where or how the cards might have been stolen, but they are believed to be from around the globe and possibly collected from infected computers using online Trojan-related methods.
The site appears to use Google’s Blogspot service and using typical promotion of fraudulent card data exchange, but what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved.
Recently Finjan also reported a similar site found to be selling a large number of valid FTP server logins, many used by large companies around the world. As with SellCVV2, that site used a sophisticated trading model. The level of sophistication shown on the site, acts as a clear warning to anyone who thinks card fraud is a containable problem.
If you’ve ever wondered where stolen credit card numbers end up, here is an example. Currently sellcvv2.com is still up and running. The most amazing thing, is that some websites, just like sellcvv2.com, are offering you to buy their “products” by using your own credit card. One would wonder, what is going to happen to his credit card after such a purchase. On his next purchase, he might be unknowingly buying his own credit card by paying with the very same card.
Update: This is a news article, an old one. If you are looking for stolen credit cards, DO NOT send us emails or leave comments, they will be ignored. We do not sell, purchase or give away stolen credit card data.
More on CyberInsecure: