Wapack Labs observed a threat actor advertising a new carding shop on a hacking/carding forum. This threat actor first advertised the carding services on 21 July, 2017 and has been an active member on the forum, frequently advertising updates to their carding website. Currently the shop has over 500,000 stolen credit cards for sale from over 100+ banks. The shop updates its database with fresh cards on a bi-weekly basis. To access the shop, users must create a free account and enter a username, password, Jabber, and ICQ number (users can enter fake credentials). Once the account is created, users can freely browse the website. Web sections include news, cards, rules, orders, billing, checker, and support. The cards section identifies stolen credit cards. Credit cards are sorted by database, bank name, type, card issuer, country, state, city, city, or BIN. Full card information is provided before purchasing a card. Prices of the cards ranged from $1 to $40 USD. The checker section allows users to enter credit card information to see if the card is still valid. The shop charges 30 cents per check and has a refund policy of 5 minutes after purchase, if the card is invalid.
Wapack Labs has cataloged and reported on carding shops and fraud in the past. An archive of related reporting can be found in the Red Sky Alliance portal.