Credit Card Monitoring
Is Your Credit Card Spending Without You?
In an era of digital transactions and online shopping, it’s no secret that financial fraud has adapted and evolved. Physical theft is no longer the sole means of pilfering credit cards, and, worryingly, your credit card may be spending time in another person’s ‘virtual’ wallet without your knowledge.
Thieves have changed their tactics to match the digital times. Thousands of credit cards are stolen every day not from physical wallets, but via sophisticated schemes such as manipulated ATMs, phishing scams, compromised point-of-sale (POS) systems, and hacked webservers. Once stolen, these credit card details often end up on the dark web, an encrypted network hidden from the conventional internet. This underworld marketplace is a perfect platform for trading stolen credit card information, often sold in batches at surprisingly low prices.
Credit Card Monitoring in Kaduu
Understanding that your credit card can end up in someone else’s wallet is the first step towards secure financial habits. Knowledge of these illicit methods empowers you to protect yourself better and helps raise collective awareness about these digital threats.
What type of credit cards can you find in Kaduu?
There are two types of credit cards that can be tracked in Kaduu:
- Free Cards: Credit cards, which are offered for free on the Dark- and Deepweb. Although millions of credit cards are indexed in the Kaduu logs, it can be assumed that the data is rather outdated. It is unusual for functioning credit cards to be offered for free. This type of credit cards can be found in the database search in the Control Center app.
- Paid Cards: Credit cards that are offered for sale on the dark and deep web. This type of credit card is offered like a commercial good. Mostly, they are functional cards for which you have to pay a certain down payment.
How do we obtain the free cards?
We try to collect mostly freely available credit card log dumps. These dumps may not have the very latest card data, usually sold for a high price, but can still help owners find out if their card has been affected by a leak in the past. Occasionally, we also purchase dumps and make them available in Kaduu’s elastic search DB..
How do we find credit card market places?
Cybercrime is a persistent and rapidly evolving issue in our digitally-dependent society. A significant part of this criminal landscape is credit card theft, where stolen information is bought and sold in the shadowy corners of the internet. As technologies evolve, so do the methods used by these criminals to advertise their illicit goods. We’ll explore some of the known avenues they use to market their stolen credit card shops, including some that may not be commonly known.
Social Media Platforms
Instagram, TikTok, and even LinkedIn have inadvertently become platforms for cybercriminal activity. Hackers use coded language and disguised URLs to evade algorithms designed to detect and remove illegal content. In recent years, Instagram and TikTok profiles advertising “CC” (Credit Card) “dumps” (batches of stolen credit card information) have been discovered, reflecting the audacity and adaptability of cybercriminals.
Instant Messaging Apps
WhatsApp and Telegram are often used as direct communication channels between cybercriminals and potential buyers. Telegram, in particular, with its encryption and anonymity features, has been increasingly exploited by hackers. They create channels or groups where they post ads and updates about their available credit card data.
Paste Sites
Cybercriminals utilize “paste” websites such as Pastebin or Ghostbin to host information temporarily. These sites allow users to share plain text through unique URLs, which can be easily shared and deleted after a certain period, making it harder for law enforcement to track their activities.
Hacker Forums & Darknet Marketplaces
These are digital havens for cybercriminals to trade tactics, sell stolen data, and advertise their services. Forums such as RaidForums, Nulled, or XSS are just a few examples where stolen credit card information can be found. Darknet markets such as AlphaBay, Dream Market, and others operating on the Tor network, are infamous hubs for illegal transactions, including stolen credit card data. These markets often provide escrow services to ensure “fair” trades between sellers and buyers.
Search Engine Manipulation
By compromising legitimate websites, hackers can insert hidden pages that advertise their wares. These pages can be SEO-optimized for terms like “CVV dumps”, causing them to appear in the search results of major engines like Google.
Banners and Google Ads
While it might sound surprising, some criminals use actual banner advertisements and Google ads to advertise their stolen credit card shops. They use deceptive language and imagery to mislead unsuspecting users, and even attempt to appear as legitimate businesses.
Gaming Platforms
In recent years, platforms like Discord and even in-game chats have been exploited by hackers. They use these platforms to communicate, advertise, and sell their illicit wares.
How do we scrape the data?
We search popular websites (hacker forums) or marketplaces for credit card offers. These websites can be found on the Deepweb or Darknet. We have an array of paid accounts to keep track of the most recent leaks. We are constantly working on extending our list of websites to scrape data from. We either scrape Onion or deep web sites. Basically, the biggest challenge in scraping is to emulate human behavior, bypass Captcha, Cloudflare/Datadome/Ddosguard and similar protection mechanisms. We work to balance the load on the websites that our robots produce, and to scrape the entire new datasets in a reasonable amount of time. In some cases, we may use multiple website accounts to ensure that we scrape everything and never get blocked
On some sites, metadata about the credit cards is published – on other sites, a package is offered without you knowing what is inside before you buy it. Below an example how credit cards can be offered without any metadata:
What meta-data related to paid credit cards can be gathered by our scrapers?
A typical website has the following fields for each credit card record:
- BIN (4, 5 or max 6 Digits)
- Expiration Date,
- Price
However, some websites offer more fields:
- Country/State/PLC
- address/full name/part of name
- A base name to which this record belongs, and a valid rate.
How can you find paid credit cards in Kaduu?
The paid credit card search can be found under the navigation CC search (1) on the deep-web-app:
The user can either look for a single BIN number or upload a file of BIN numbers (2). Please upload a text file with 1 BIN number per line. Note: A Bank Identification Number (BIN), also known as the Issuer Identification Number (IIN), is the initial four to six numbers that appear on a credit card. The BIN or IIN uniquely identifies the institution issuing the card. The search criterias can be combined. You could for example search for all credit cards of the type “mastercard” belonging to a user “john”. Or you could search for all credit cards published on a specific date. The search can then either be setup a a one-time query, or a monitoring job (3). In case it is setup as a monitoring job, you will see the data on the dashbord at the bottom and will get a notification via email with the according data. The system uses the email from the logged in user (top right). If you run a one time search you will be able to download the data from the dashboard using the download button (4) with 3 options:
- CSV (text) Download
- Excel (xls) Download
- Json Download
What are the challenges and limitations of paid scraping of credit card data?
Data disappears after purchase: Currently, we automatically check the newly published records/basics on a daily basis. However, our research team has found that once a database is published, the numerous records can sell out on the first day. We currently check sites daily, but plan to set up our scrapers to check new datasets multiple times a day.
Data duplication: We also know that some websites might steal data from each other. A typical example: a database with X records that has a price of $8 per record. Another website might offer the same records for 15$ per record.
Problems with junk data/fake records: Anyone can easily create fake credit card records (example https://www.vccgenerator.org/). These fake cards are mixed in with the valid cards. Sometimes the entire credit card marketplace is fake and a scam (they are after the participation fee).
Coverage (Telegram, etc.): Kaduu has just recently started scraping credit card sites. New card sites are popping up, old ones are disappearing. We currently only cover darknet and deep-web, but there are also Dicsord, Whatsapp and Telegram Channels that sell cards. We can’t cover all sites, but we try to add new ones and new technologies all the time.
You don’t know what you’re buying: With many offers, you don’t see what you’re buying. This makes it virtually impossible to understand which cards, banks or users might be affected before you buy them. Please note that we can buy sample card packages for you.
How can you find free credit cards in Kaduu?
The free cards can be queried in control.center via dashboard or API (https://wiki.kaduu.ch/doku/doku.php?id=api).
The credit card data published here comes from leaks that have already been published on the darknet. New cards are added continuously. The database is updated weekly or daily for major leaks. You find the Credit Card Search in the expert mode only:
On this page you can search in a database of indexed credit card leaks. Credit cards are displayed in masked form and when you are searching the database. You may search using first 6 and last 4 digits and replace all middle digits with “X” – thus you will not expose your credit card number to the system. Otherwise, the number gets hashed with SHA-256 algorithm before being sent to our server.
Please note that there are specifc search operators you have to use to get to the data. If you just look for the name “john” you will find 0 results:
If you search for owner:john you get more than 5000 results:
You can also look for owner:john doe, which looks for John OR Doe:
If you want only “John Doe” as an exact match, you have to search for owner:”john doe”
Detailed Syntax for free card search
Detailed Search Syntax:
Available Fields:
| Field | Details |
|---|---|
| createdAt | Creation date & time. |
| number | Credit card number (default field), masked with X in the middle except first 6 and last 4 digits. |
| Hash | SHA-256 of a credit card number |
| expireDate | Expiration date |
| cvv | Card verification value |
| owner | Owner name |
| bank | Issuer bank name |
| leakId | Leak ID |
Detailed Syntax:
| Field | Details |
|---|---|
| 543210* | Search cards starting with 543210 number. |
| 543210XXXXXX1234 | Search cards starting with 543210 and ending with 1234, containing 16 digits. |
| 543210*1234 | Search cards starting with 543210 and ending with 1234, containing any number of digits. |
| owner:Johnson AND bank:Citibank | Search cards containing Johson as an owner and Citibank as a bank name. |
| number:543210* AND owner:”Elon Musk” | Search cards starting with 543210 and belonging to Elon Musk. |
| cvv:123 AND expireDate:[2021-01-01 TO *] | Search cards that have a CVV 123 and that expire on 1st July, 2021 or later. |
| number:4* AND leakId:158dd4b2-7672-3492-95f6-019479cb4552 | Search cards that start with 4 and that were found in a leak with ID 158dd4b2-7672-3492-95f6-019479cb4552. |
