Analysis Report on Malaysia Credit Card Data Traded on the Dark Web
Note
“Analysis Report on Malaysia Credit Card Data Traded on the Dark Web” consists of an introduction to credit card data breach, an overview of the Malaysia credit card data traded on the dark web, an analysis of Malaysia credit card BIN, along with suggestions and a conclusion. We would like to state beforehand that some of the content has yet to be confirmed to be true.
1. Introduction
1.1 What is Carding?
Carding is a term labeling the fraudulent use and trading of credit cards. The credit card information and personal data acquired by cybercriminals are primarily traded on the carding forums and markets on the dark web. The main items traded are credit/debit card data stolen through methods like e-commerce site hacking, phishing, and skimming. These forums and markets are located within various channels such as encrypted messengers like Telegram and dark web forums. They operate verification processes and referral systems for new member registration. Some markets also increase their notoriety and attract new members by promoting free credit card information on the dark web and Telegram.
1.2 Problems and Impact of Credit Card Data Breach
Transactions on carding forums and markets primarily utilize cryptocurrencies such as Bitcoin (BTC) and Monero (XMR), which offer enhanced privacy features. The leaked credit card information usually takes the “card number|expiry date| CVV” format and may also include personal information such as name, address, phone number, and email address. Such information can be abused in various economic crimes like financial fraud, unauthorized transactions, and money laundering. There is also a risk of secondary harm such as identity theft due to the leakage of personal information. Therefore, it is imperative to collect the credit card information that is traded illegally to block the cards preemptively and enhance monitoring to address this issue.
2. Overview on Malaysia Credit Card Data Leaked on the Dark Web
2.1 Data Collection and Analysis Methods
As mentioned earlier, a carding market, BidenCash, ran promotions where they publicly shared card data for free. These promotions took place 4 times from June 2022 to December 2023, and to this day, the markets continue to share card information via Telegram for promotion. Due to the nature of the dark web, it is likely that the leaked card information will not be deleted and will be reused on other carding forums and markets. In fact, some of the data leaked during the 4 free promotions was observed in Telegram carding channels.
AhnLab collected and analyzed 4 million credit card data entries that were shared for the fifth time on May 10th, 2024. The total number of credit card numbers collected from the five promotions so far is shown in Table 1. However, the total number below contains duplicate entries from multiple disclosures. It should also be noted that these figures are purely claims of the carding markets that shared the information. Also, some cybercriminals abuse the Bank Identification Number (BIN) to generate random card numbers. Therefore, the numbers in Table 1 may include valid card numbers, suspended card numbers, randomly generated card numbers, and numbers that do not follow the card number generation rules. The validity of these card numbers can only be confirmed by the card issuers.
The identification of Malaysia credit cards in Table 1 was verified using the credit card BIN Table data.[1] As of July 23, 2024, this website provides 524 Malaysia BIN data entries. Therefore, any Malaysia BIN data not provided by this site are not included in the count.
|
Category |
Malaysia |
Other countries |
Total |
|
Quantity |
97,583 |
17,405,272 |
17,502,855 |
Table 1. Total number of collected credit cards and Malaysia credit cards (after removing duplicate card numbers)
2.2 Characteristics and Statistics of Leaked Malaysia Credit Card Data
The total of 97,583 Malaysia credit cards have been leaked, as mentioned in Table 1. This count excludes duplicate card numbers. Comparing the Malaysia BIN data provided by bincheck.org with the leaked card numbers revealed that there were 1,434 cases where the issuing institution could not be identified (indicated as “unknown”). Additionally, there were cases where the card expiration date (EXP) was expired as of July 2024, had missing field values, or was not in the month/year format. There were also instances where the card verification value (CVV) number was irregular (marked as “rnd”, not following the usual 3 or 4-digit format, missing field values, or represented by ambiguous values like “xxx”). These data points were all included in the total count without exclusion.