Skip to main content

Underground Economy and Card Shops

By: James Azar

Those dastardly cyber criminals have become more and more inventive.

With new and exciting ways to conduct online fraud springing up daily, the development of a fully functioning underground economy through the darknet was no surprise to anyone, well not to anyone who knows that the day to day operations of any social system require hierarchy. The underground cyber economy, needs structure and order, like any system, so that it can function. 

The online black-market, amongst other illegal activities, is a place to buy and sell vast amounts of stolen data and saves hackers from making extensive effort or being particularly smart to break into a system.

Most importantly the break-ins are far less necessary when you already have the credit card details right?  

The price for card data— known as “CVVs” on the dark net — figure from $2 and $8 per account. They are almost always bought by criminals who want to make unauthorized purchases online in “card not present” fraud.

Let’s view a few of the key terms:


Skimmers or point-of-sale malware are installed to ATM machines or swipe-up machines at the stores or other places. These skimmers can dodge being seen on account of their almost-accurate resemblance with the original structure of the machines.  They are those lookalike devices, either hidden or disguised, are installed onto the ATM machines themselves).

Skimmer devices are used to clone the data encrypted in magnetic strips on credit cards, these strips contain information enlisting card holder’s name, credit card number, the expiry date of the card, and the country code. 

Card shops

Card shops are the shady 7/11 bodegas of the internet. Before the card shops, cybercriminals had to use skimmers or point-of-sale malware to acquire data. After these card shops have come into existence, cybercrime got that much more convenient and suddenly required little to no experience at all, just access to the dark web and a use for stolen data.

Evidently, this new addition has altered the scope of cybercrimes, making theft procedures easier, faster and more widespread.  

Card Not Present

This describes the reason for buying at the Card Shops - fraud, it’s the virtual answer to grabbing your purse. The downside for the criminal at least, is they probably have a higher limited time period on the card, until the next credit card statement. Still significantly more time than if they had in fact snatched your purse, and there is always the hope for them that you simply won’t read through your statement. 

Card-not-present fraud happens when a hacker gets all the card details, without the card: a cardholder’s name, billing address, account number, three-digit security code and expiration date. 

This type of theft usually is operated through online phishing, or through company fraud, it happens far less through merchant database hacks. 

Since the first data breaches in the corporate section started hitting the headlines in 2014, it’s been a rollercoaster. Americans, nationwide were hoping that this would be a short-term trend, the statistics go against this trend. 

We haven’t managed to dodge the security bullet and it seems whatever credit card checks we put in place, our thirst for ecommerce, is outweighing the odds of us getting our details hacked. 

To learn more about cyber warfare around the world, what hackers are doing, and what other nations are doing to protect itself, check out this podcast: