Banking frauds have become common these days. From conning innocent people using SIM-swap frauds to phishing scams, cyber criminals in the recent time have found new and innovate means for scamming people out of their hard earned money. Now, a new report suggests that credit and debit card details of nearly 1.3 million Indian card holders has been put on sale online.
According to a report by a cyber security firm Group-IB, which spotted this database on dark web first, nearly 98 per cent of the cards listed online contain cards from Indian banks while only one per cent belong to Coloumbian banks. Of this 98 pe cent, 18 per cent cards belong to a single Indian bank.
What makes this incident particularly intriguing is that unlike other cases, wherein the database is updated in several small parts, this data was uploaded on the dark web all at once. “This is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once. What is interesting about this particular case is that the d?tabase that went on sale hadn’t been promoted prior either in the news, on card shop or even on forums on the dark net,” Ilya Sachkov, CEO and founder at Group-IB wrote in the blog.
Here is everything that you need to know about the latest banking fraud:
— As mentioned before, details of nearly 1.3 million Indian credit and debit cards has been put up for sale on dark web. Dark web is often used by cyber criminals for selling user data. It is also used for selling illegal or stolen items.
— The sale is taking place on a website called Joker’s Stash, which is site used by cybercriminals for selling card details. It is also one of oldest card shop available on the dark web.
— Each card is available for $100 (Rs 7,000 approx) on Joker’s Stash. A high (and uniform) price for the cards listed in the database indicates that this the details of these cards have been acquired recently and hence it warrants a high price. Simply said, debit cards still have enough cash and the credit limit of the listed credit cards hasn’t been maxed out yet.
— Group-IB analysed the data listed in the database and as per their findings, nearly 550K cards belong to a single Indian bank. The security website, however, did not disclose the name of the affected banks.
— The data of the cards listed in the database includes data found in magnetic strip which indicates that the card details were stolen by skimming at ATM machines. This data is called Track 2 data.
— Skimming card data uses a combination of a skimmer — a device placed on the ATM’s swipe mechanism – and camera footage – which is obtained either by hacking into the ATM’s camera or installing a separate camera within the targeted ATM — for cloning a card and obtaining its PIN.
— It is not yet clear if the 1.3 million compromised cards are part of millions of Indian cards that were found to be compromised last year. At that time, affected Indian banks had issued new cards to the consumers.
— Once someone has purchased this data from Joker’s Stash, it can be used to clone cards and withdraw money using them at ATMs.
— Hackers are expected to earn around $130 million from their latest hack.
— If your card gets cloned, the bank will have to make a full refund of the stolen amount. According to the RBI guidelines, the customer holds zero liability if an unauthorised transaction takes place in a third-party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system and the customer notifies the bank within three working days of when the unauthorised transaction took place.