Over 69,000 payment card dumps are available for sale on Joker’s Stash underground marketplace

• The total market value of the databases - that contain a trove of bank details - is estimated to be nearly $3.5 million.
• While the price of a single card detail ranged from $10 to $40, the cards that came with PIN codes were kept at $50.

After exposing over 750 million users accounts on the Dark Web, cybercriminals are back with a huge bunch of stolen payment card details. They have released a set two new databases that contain a total of 69,186 Pakistani banks’ cards on the infamous Joker’s Stash underground forum.

Worth of the stolen data - According to a report from Group-IB, the total market value of the databases - that contain a trove of bank details - is estimated to be nearly $3.5 million. It is the second time that Pakistani banks’ cards have been put up for sale in the past 6 months.

Group-IB said that the databases published on the Joker’s Stash portal contain 96 percent of the payment card details stolen from Meezan Bank Ltd. The data was made available on the underground portal at the end of January 2019. While the price of a single card detail ranged from $10 to $40, the cards that came with PIN codes were kept at $50.

About the databases

• The first database titled «PAKISTAN-D+P-01» was set up for sale on January 24, 2019. It included 1,535 cards, 1,457 of which were issued by Meezan Bank Ltd.
• The second database titled «PAKISTAN-D+P-02» was put up on Joker’s Stash on January 30, 2019. It comprised of 67,654 Pakistani banks cards.

“The sellers marked the set as «high valid» and, unlike the first set, advertised the database on all major underground forums such as («Omerta», «Crdclub», «Enclave» etc.),” added Group-IB in its report.

Why does it matter - The stolen card details available on the Dark Web can be used to produce cloned credit cards which later can be used for various fraud activities. This includes buying goods without the knowledge of the user, withdrawing money from ATMs and resale the cards to fraudsters.

“Another scheme of cashing out involves the use «white plastic» dumps (cloned cards) and dummy companies (linked to money mules) with bank accounts and POS terminals: fraudsters use «white plastic» to buy nonexistent goods, and funds from compromised cards get transferred to bank accounts linked to dummy companies, then cybercriminals withdraw money via ATM using a bank card which is linked to a dummy company,” Group-IB explained on the fraud activities.

Repeated activity - This is not the first time that Pakistani cards are being sold on Joker’s Stash underground forum. Group-IB had spotted a cache of 177,878 cards from Pakistani banks and other international banks on November 13, 2018. The banks affected by this breach included major Pakistani banks financial organizations such as Habib Bank, MCB Bank Limited and Allied Bank Limited.