Brian Krebs, the venerable security journalist who first reported a security breach at Target that exposed up to 40 million credit cards, has located one of the black market sites selling the card information and says they are going for $20 to $100 each. They can be bought using, of course, Bitcoin, as well as other irreversible and semi-anonymous ways of sending money including Litecoin, WebMoney, PerfectMoney, and traditional wire transfers. Krebs went shopping on the black market to help a small New England community bank which has 120,000 cards in the wallets of its customers and wanted to know how many of them are for sale for fraudsters this holiday season.
Don't Miss: Incredible Pokemon Gifts
“My source was anxious to determine how many of the bank’s cards were most at risk of being used for fraud, and how many should be proactively canceled and re-issued to customers,” writes Krebs. “The bank wasn’t exactly chomping at the bit to re-issue the cards; that process costs around $3 to $5 per card, but more importantly it didn’t want to unnecessarily re-issue cards at a time when many of its customers would be racing around to buy last-minute Christmas gifts and traveling for the holidays.”
And that’s the krux, right? Ideally, banks and credit card companies would just go ahead and cancel all affected cards, but that’s expensive for them and a headache for last minute Christmas shoppers. And for those people who only have one credit card or debit card, it could temporarily cut off their means of paying in anything but cash (and they wouldn’t be able to get the cash at ATMs). The community bank ultimately determined that over 5,000 of its credit cards were likely used at Target and compromised, and that it will be sending some or all their owners new cards.
The only good news: Krebs reports that the Target thieves did not get the cards CVV2 — that 3 or 4 digit security number printed on back of cards — which means they can’t do any online shopping with the cards. That echoes what Target has said about the incident, which is being investigated by the Secret Service. The black market shoppers instead clone physical cards and use them in person. The Associated Press reports that cards used at Target between Black Friday and Dec. 15 — the time when investigators think the breach occurred — have already been used at casinos. Krebs’s bank source says they’ve been used fraudulently at other big box retailers, including Target.
For more, see the KrebsOnSecurity post, “Cards Stolen in Target Breach Flood Underground Markets.”
Don't Miss: iPhone 8: Everything You Need to Know