For most people, Facebook is a place to go see photos of friends, read news and watch videos.
27 Dec, 2017BUSINESSINSIDER.MY
For most people, Facebook is a place to go see photos of friends, read news and watch videos. But for a subgroup of shady characters, the social network serves as a handy forum for another hot commodity: credit card numbers.
Dozens of Facebook pages and groups viewed by Business Insider advertise bulk sales of credit card account information. These purveyors of credit card “dumps,” a term for stolen credit card accounts obtained through hacking, skimming and other nefarious means, are easily accessible and seemingly rampant on Facebook.
While Facebook explicitly forbids the sale of credit card information on its 2 billion member social network, examples of the trade are not hard to find. A simple Facebook search for the term “cvv” or “cvv2” – abbreviations for credit card security codes – bring up a cornucopia of pages claiming to buy and sell the goods.
One such group with the not so stealthy name “Sell CVV- CCV – CC Fullz – Dumps – Bank Login_Dumps with Pin” has 6029 members. Another page titled “Sell cvv” describes itself as a business service in Mobile, Alabama and has 597 likes and 4.8 stars.
Facebook removed both pages after Business Insider inquired about them.
But even several days later, it was not difficult to find countless similar pages on the Facebook.
“I have cvv all type (visa, master, amex, disco, bin, dob, fulz…) all countries, Dumps Track 1 & 2 pin” read another Facebook page, which listed an address in Russia and contact info using the alias “bestdumpsskimmer36.”
While it’s unclear whether the credit card account info for sale on the Facebook pages is legitimate, or whether the pages are mere scams designed to ripoff other miscreants, their presence on Facebook is undesirable and problematic either way. And at a time when Facebook is under pressure to do a better job of policing the content on its site – from fake political ads to posts celebrating violence and racism, the proliferation of CVV pages illustrates the scale of the challenge confronting the company.
Angel Grant, director of fraud, risk intelligence, and identity management at the security consultant firm RSA told Business Insider his company has made Facebook aware of the CCV dumps in the past. But he said that the pages are so abundant and pop up so frequently, that Facebook has a hard time keeping up.
According to a 2016 post by computer security blogger Brian Krebs, fraudsters can use different types of CVV information to create physical clones of credit cards or to make purchases online. The CVV data can range in price from $2 to $20, the post says, though it does not specifically single out Facebook as a market for such data.
While it might seem odd for criminals to openly sell stolen credit card accounts on Facebook, RSA’s Grant said there is a good reason for this: the epidemic of data breaches has led to a glut of stolen CVV numbers; prices have plunged and are now chump change for hackers. Some cybercriminals have so much stolen information, they are having a hard time getting it off their hands, and so have resorted to selling it in plain sight.
“They are leveraging existing infrastructure that’s already there,” said Grant.
In a statement to Business Insider a Facebook spokesperson said, “Facebook’s Community Standards do not allow the promotion or the sale of illegal goods or services including credit card numbers or CVV numbers. Once something is reported to us, our teams review it and will remove it if it violates those policies.”
When questioned further, the spokesperson said that Facebook has a system running in the background to catch threats and remove them before the pubic becomes aware of them.
This article was first published by Caroline Cakebread on Business Insider