Demand for stolen credit cards has dropped in the pandemic

July 1, 2020, 5:05 PM UTC

Marketplaces, even cybercriminal ones, are subject to the laws of supply and demand.

Like more reputable merchants, purveyors of stolen goods have been hit by the coronavirus pandemic. As COVID-19 ravaged the world this year—forcing businesses to close and people to stay at home—demand for stolen credit card data has dropped on dark web shops.

With fewer opportunities to shop at brick-and-mortar stores, and thereby reap a return on investment, the market value of “card present” data has fallen. Such purloined information includes copied magnetic strip data that can be turned by crooks into fraudulent payment cards. The median price of stolen card-present data has more than halved in recent months, said Stas Alforov, head of R&D for Gemini Advisory, a New York-based cybersecurity firm.

Whereas in December, the median price per stolen credit card was around $12.50, according to Gemini’s data, in June, each was fetching $6.30. Such a steep price drop-off is atypical even outside the usual end-of-year holiday shopping season, when all sales—legitimate and fraudulent—tend to be highest, Alforov said.

Shady retailers have adapted to the downturn in demand by running discounts. “It’s just like if you walk into a Burlington Coat Factory or a Macy’s. Nobody is chasing down the racks that have full-price deals on them. Everyone is looking for the discount racks,” Alforov told Fortune on a call.

Meanwhile, as more consumers shift their spending online, stolen data related to web-based payments has gotten a boost. The market value of “card not present” data—information found on online checkout pages—has ticked up to $9 from around $8 at the end of last year, based on Gemini’s data.

As economies reopen and the effects of unemployment become clearer, the world may see a rebound in “carding” fraud. Indeed, as Brian Krebs, an independent cybersecurity journalist who reported on the trend on Tuesday, warned, we should expect recent cybercrime trends to take a turn, “likely for the worse.”

“Just as various individuals are happy to be back and dining at restaurants and going out to local bars, in the same way, criminals are very excited to get back to business as usual,” Alforov told me.

Robert Hackett

Twitter: @rhhackett



(Your love keeps lifting me) higher and hire. Expecting a global surge in coronavirus-related unemployment this year, Microsoft is planning to offer digital skills training to 25 million people around the world. The education program will combine technology and insights from the company's software and Azure cloud computing businesses as well as its subsidiaries LinkedIn and Github. The initiative will also provide a marketing opportunity for its Microsoft Teams videoconferencing software.

By the light of the northern star. Evidently, Google has not given up on virtual reality hardware, despite the epic flop of Google Glass. The search giant has acquired North, formerly known as Thalmic Labs, a Canadian startup that develops "smart" glasses, confirming a report by the Globe and Mail. In a post announcing the deal, North said it will not ship its latest gadget, Focals 2.0. Meanwhile, Facebook released a proof-of-concept for a pair of VR headset that looks like a thin pair of sunglasses.

Enter Sandman. Slightly askance of VR, there's been activity in augmented reality world. Niantic, the Google spinout and Pokémon Go creator, is partnering with Punchdrunk, creators of the trippy, immersive theatrical sensation Sleep No More. Niantic also has an AR adaptation of the hit board game Settlers of Catan in the works. Outside of gaming news, there's reason to believe Apple's upcoming iOS 14 iPhone software is laying the groundwork for its long-rumored AR glasses.

YouTube killed the TV star. Google's YouTube upped the price of its monthly YouTube TV subscription offering to $65 from $50, amounting to an additional $180 per year. The bundle is adding eight new ViacomCBS channels with more to come: BET, CMT, Comedy Central, MTV, Nickelodeon, Paramount Network, TV Land, and VH1. In a blog post, Christian Oestlien, YouTube’s VP of product management, said the "new price reflects the rising cost of content."

Please Mr. Postman. Settling charges that it violated U.S. securities laws in its pursuit of investment for a digital token offering, encrypted chat app-maker Telegram agreed to pay a $18.5 million civil penalty and return $1.22 billion to investors. Telegram's retrenchment marks a big win in the one of the highest-profile cases for the U.S. Securities and Exchange Commission, which has spent the last couple years cracking down on unregistered cryptocurrency ventures.

Zoom in. Now enhance.


Earlier this month, Senator Sherrod Brown (D-Ohio) threw down a gauntlet on Big Tech by introducing a new draft privacy bill that would outlaw most collecting and sharing of personal data by corporations. The bill would force companies like Facebook to rethink the foundation for their ad-supported free services.

In an op-ed for Wired, Sen. Brown anticipates objections to his plan, one of a number of GDPR-style pieces of legislation now floating around Congress. To companies that claim it will "stifle innovation and interrupt their business model," he replies: "Yes, if your business model is built on exploiting people, we want to stop it."

Be honest—have you ever read a privacy disclosure? Even once?

Facebook’s data privacy policy is more than 4,000 words. It contains dozens of links to hundreds of pages of complex terms and agreements. Even if you had the time to read it, you’d need a law degree and a data science background to understand which rights you’re signing away and what frightening experiments Facebook is cooking up with your private life as raw material.


Robot lawyers are thriving during the pandemic by Jeremy Kahn

The EU will open its borders to countries adept at fighting COVID-19. China qualifies. The U.S. does not by Katherine Dunn

Netflix will move $100 million into Black-owned banks by Lucas Shaw

A venture capitalist parodied by HBO’s ‘Silicon Valley’ is now facing criminal charges and perhaps even jail time by Lucinda Shen

Semiconductors are the engine of the global economy—and America isn’t making enough of them by Keith Jackson


Facebook claims it is taking action to curb QAnon, an Internet hoax that peddles extremist, right-wing conspiracy theories. But a recent investigation by the Guardian found the media giant's flagship site continues to recommend QAnon-affiliated groups to users, attracting thousands of followers to those groups in just a month. Reddit, on the other hand, effectively eradicated the nonsense after carrying out a site-wide purge two years ago.

C'mon Zuck. Learn from the little alien guy.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

CEO DailyCFO DailyBroadsheetData SheetTerm Sheet