Joker’s Stash, a popular card shop on the Dark Web, is flooded with close to half a million payment card records on sale, primarily issued by Indian banks. According to Group-IB, a Singapore-based cybersecurity firm that discovered the database of credit card and debit card, said that the sale was listed under the name “INDIA-BIG-MIX”, about 98 percent of whose database represented cards issued by Indian banks.
The total value of the upload is estimated at a whopping USD 4.2 million or USD 9 apiece. The compromised personally identifiable information (PII) details include card numbers, CVV details, cardholder’s names, and contact details. The Indian nodal agency for cybersecurity enforcement the Indian Computer Emergency Response Team (CERT-In) has already been notified of this breach and necessary action is being taken to prevent any mishap.
The Two Big Data Leaks
There has seldom been a full realization about the absence of a robust security framework in the payment ecosystem. This has often resulted in security threats, like man-in-the-middle (MiTM) attacks and reverse engineering, going on unnoticed. The need to fill this vacuum has become more important, given the burgeoning pace of the digital card payments ecosystem in the emerging market economies like India. A lack of awareness of online best practices among the digital audience has not helped either. This has resulted in two major breaches in a matter of five months. In October 2019, 1.3 million debit/credit card records were exposed in Joker’s Stash for sale, again mostly of Indian banks. It became the single largest database of payment cards on the Dark Web with an estimated total value of USD 130 million.
What distinguishes the current incident from its predecessor is the comprehensive nature of customer data and its source, which is also called “fullz” in hackers’ parlance. Fullz is usually captured during online transactions, maybe using phishing, malware, or sniffers, deduced from the type of data available for sale in Joker’s Stash. The October 2019 dump, on the other hand, was probably captured through the compromise of offline PoS terminals from the information contained in card magnetic stripes.
Such data compromise events point towards a lack of awareness and usage of appropriate security tools, which act as the first line of defense whenever there is an impending security threat anywhere in the chain. This gives way to widespread malware infestation, and, given the interconnected nature of digital workspace, you never know when you got “infected,” until you are duped of all your sensitive financial information and PIIs, sold to the Dark Web by high-tech criminals.
AppSealing to the Rescue
In such an uncertain environment where customers’ data and financial transactions are at risk, companies the world over take advantage of AppSealing’s robust security framework. Fintech companies often use large swathes of customer data to personalize offerings. In order to protect the privacy of customers, an end-to-end security architecture provided by AppSealing ensures that your app could handle both known as well as emerging threats in real-time effectively. AppSealing solution encrypts DEX and SO files and protects the application using RASP without any additional CPU and memory overhead. This creates a seamless experience for the customer, resulting in a trustworthy environment for undertaking financial transactions.
Using AppSealing’s customized dashboards, you can keep a tab on all such threats and initiate quick responses and defend the app. Keeping in line with the latest security guidelines, AppSealing ensures a secure transaction environment so that your business-critical solutions are protected against impending security threats.
Supported both on Android and iOS platforms, AppSealing ensures that your brand image is protected from nefarious activities, protecting your apps inside out.