Group-IB, a global threat hunting and intelligence company, has supported Carding Action 2020 — a cross-border operation led by Europol’s European Cyber Crime Centre (EC3) with the support from law enforcement agencies including The Dedicated Card and Payment Crime Unit of the of the London Metropolitan and the City of London Police. The three-month anti-cybercrime effort targeted traders of compromised card details and prevented approximately €40 million in losses.
The details and results of the operation have been presented to the public today by Tobias Wieloch of EC3 at CyberCrimeCon Virtual 2020 — a global threat hunting and intelligence conference, powered by Group-IB.
Carding Action 2020 sought to mitigate and prevent losses for financial institutions and cardholders. During the three-month, Group-IB, the only private-sector cybersecurity company involved in the operation, provided information on approximately 90,000 pieces of recently compromised payment data. This data was obtained and analysed by the company experts thanks to Group-IB’s Threat Intelligence and Attribution system from unique non-public sources, such as botnet and JS-sniffer infrastructure, as well as underground card shops and marketplaces.
Europol facilitated the coordination and information exchange between law enforcement from Italy, Hungary, the UK and leading card schemes (payment network companies). According to Europol, The Carding Action prevented approximately €40 million in potential losses for mainly European financial institutions, who actioned the data as it was received from the payment providers. The savings were estimated by card schemes looking at the unique cards that were detected and flagged by Group-IB and multiplied by the average spend on those cards.
All of the 90,000 pieces analysed by Group-IB included full card data — cards compromised via phishing websites, from end devices infected with banking Trojans, as well as by the means of hijacked eCommerce websites and the use of JS-sniffers. According to Group-IB Hi-Tech Crime Trends report 20/21, presented yesterday ta CyberCrimeCon, the carding market grew by 116 percent from $880 mln to $1.9 bln. The expansion of JS-sniffer attacks targeting e-commerce merchants influenced the significant increase of prevented losses.

Edvardas Šileris
Head of Europol’s European Cybercrime Centre (EC3)

Nicholas Palmer
Head of Group-IB global business