An information security provider says an increasing number of payment card numbers being used for fraud are not stolen in data breaches but are “brute forced” (i.e., “guessed” by using computer power to systematically try different number combinations until they get the right one).
Researchers from NordVPN analyzed millions of card numbers available for sale on the Dark Web and found at least four million that did not come from any data breach, but were sourced using brute force attacks.
Bad actors monetize stolen payment card numbers and other information in any number of ways—usually by buying merchandise online and either returning it or reselling it. E-commerce has experienced a massive spike in growth since Covid began in 2020 and fraud has increased right along with the number of online transactions.
Of the four million stolen cards analyzed by NordVPN—more debit cards than credit cards and more Visa cards, followed by Mastercard and American Express—more than 1.5 million were from American cardholders. Australian cardholders were significantly impacted as well. The study found nearly 420,000 stolen card numbers issued by Australian banks.