The coronavirus pandemic has changed just about every aspect of daily life, and credit card fraud has not been spared.
In a new report from cybersecurity firm Sixgill, the first six months of 2020 saw 45 million compromised credit card accounts posted for sale on the dark web. That might sound like a lot, but compared to the last six months of 2019, it's down 40% from 76 million.
The obvious key reason has been the pandemic, which has kept people out of physical retail stores. Bricks-and-mortar retail is typically a key vector for theft of credit card information — which leads to credit card dumps, where account information is put up for sale by bad actors on the web.
"The decrease could be due to fewer cards being obtained through physical devices like shimmers or skimmers, devices deployed on point-of-sale systems found in stores and gas stations, and more people staying home due to the pandemic," Sixgill wrote.
According to Sixgill, increased activity by law enforcement has also played a role.
"In March 2020, Russian law enforcement took down many prominent dark web credit card markets, which led to a significant reduction in the amount of cards available in the first half of 2020,” the report said. In March, the Russian FSB made numerous arrests and shut down 90 websites based in Russia that hosted stolen data — around half of which was of American credit cards.
The previous leading marketplace for stolen credit card data — Sixgill does not name the site — saw a dramatic reduction in illegally obtained cards for sale, a result of the crackdown. But as that marketplace’s activity fell from 14% market share to 1%, two new marketplaces emerged to take its place.
Covid is frustrating criminals
Sixgill pointed out that the pandemic hasn’t had a much impact on credit card usage, though companies like Chase have indicated marked decreases in amounts people are spending. More spending online means cyber criminals have less opportunity to steal credit card information. Sixgill says the number of U.S. cards compromised and offered for sale fell 54% in the first half of 2020 compared to the second half of 2019.
One way criminals use stolen credit card data is to make a copy — a clone — of the stolen card. However, one criminal, Sixgill reported, announced that its card-cloning service was closed due to Covid, saying that illegal buyers of the data would have to clone their own cards from the stolen data.
Sixgill also reported that dark web sellers have paused selling skimming devices because of the impact from the virus. And one criminal expressed dismay about how the pandemic was affecting operations.
"Just walked 1 hour to the spot I usually test skimmers at," they wrote. "Guess what? The shutters were closed. So thanks to corona the place shut early and my skimmer job I set up for tomorrow is now f**ked. Thanks coronavirus."
"Dudeeeeee noooooooooo haha,” another user on the forum replied.
In other forum posts, scammers recounted challenges of being outside during the lockdown avoiding the coronavirus and police during stay-at-home orders while going to check on their devices.
All of this may accelerate existing trends. EMV credit cards, the cards with chips that you dip into the credit card reader instead of swipe, have made it far more difficult to conduct fraud in person, though it still happens, as Sarah Strauss, head of fraud at Capital One told Yahoo Finance.
Covid has pushed more spending online, and it’s also forcing fraudsters to adapt their methods. With fewer in-person transactions, Sixgill noted that many criminals are now figuring out ways to infect online points-of-sale with malware that allows them to skim numbers, pointing to the attack last year on American Outdoor Brands, a firearms maker, that skimmed the credit card details of 780 customers. This may not be a lot of people, Sixgill wrote, but it served as a proof-of-concept and should be a warning to all that going online isn’t a panacea against fraud.
In the long run, coronavirus won’t kill credit card fraud — it will only change it.