Banks & Underground Card Sites

In response to the recent November-December breach of credit and debit cards at Target stores across the US (and possibly Canada), some Banks in the US have reacted in subtle and clever ways.
 

What typically happens when a breach of this nature happens is that the card data gets sold in underground card sites or card shops. These card sites are advertised in cyber crime forums. The sites are generally hosted in countries with lax legal regulations. The Fraud analysis teams in some banks noticed that a card shop advertised more than a million quality ‘dumps’ (dump is the data extracted from the card) soon after the Target episode. Suspecting that the dumps may be related to the Target episode, the Banks purchased back its own cards and thus it was able to verify that the dumps being sold were indeed of those cards that were exposed to Target stores during the breach window.
 
The card site in question provided good search facilities and the Bank was able to search for cards with its own BIN (Bank identification number – the first 6 digits of the card which identify the Bank – each bank has a one or more BIN numbers assigned to it). The site also provided a facility to see if any of the cards have been cancelled before buying; good customer service, one should say. Dumps in such underground sites are identified with a word called a ‘Base’ – in the case of Target it was ‘Tortuga’. This identifier is used to tag all cards associated with a particular incident; meaning that all dumps tagged ‘Tortuga’ were related to the Target breach. Such sites obviously do not accept payment by credit cards. Instead they accept virtual currencies like Bitcoins, Litecoins or money transfers like Western Union.
 
Though purchasing such cards back from the underground card sites does not prevent the card being sold again, it does provide the Banks with a detective mechanism – and help pave the way for further preventive action such as identifying the entity that was breached, the cards that are likely to be stolen and thus the cards that should be blocked.
 
Fraud teams of Banks would do well to familiarize themselves with such evolving mechanisms.