t shouldn't surprise anyone who is an avid follower or has a general interest the l landscape that the current marketplace model and forum model are. BriansClub, an automated vending site that specializes in stolen credit card information, has been added to the club of uncertainty. It was apparently the victim of a targeted attack at its data center. Briansclub

This blog will examine whether the targeted attack on BriansClub has an impact on the larger cybercriminal credit-carding landscape and speculate if it might galvanize the community for another credit card.

Krebs on Security reported in October 2019 that around 26 million credit and debit cards had been stolen. Ironic? Ironic? The extent to which the stolen data was made available from other sources is unknown at this time. These types of breaches are particularly difficult to trace as they can often sold to another AVC.

Cybercriminals live in a dog-eats-dog world. No site is safe, regardless of whether it's a marketplace, forum, or AVC. BriansClub is a popular target for cybercriminals due to the large amount of data on the site and the high average cost per compromised card ($500 each). Although the attacker is still unknown, it is possible that they were motivated by financial gain as well as their ego. Krebs on Security has confirmed that the actor sought publicity and access to 26,000,000 stolen cards.

The popularity of cybercriminal CC shops has grown with time partly because of the ease of access and the large supply of credit card information available, which is often updated daily. Cybercriminals looking to commit financial fraud need to sign up on these sites and choose a bank to which they wish to transfer their funds. After that, they can select the account to purchase. It takes just a few mouse clicks and a few seconds to complete this task.   Briansclub

BriansClub makes its money by selling compromised card information. Based on the fact that BriansClub sold 9.1 Million cards, it is estimated that AVC would have made $126 million in sales. This figure shows that cybercriminals have a lot of incentive to run such a platform. The return on investment is "rewarding", even though it is highly illegal.

BriansClub, along with other CC AVC shops, rely on continuous supply of "fresh data" from entities referred as "affiliates", or "vendors" that source the information directly in order to reap a large return. You can categorize fresh data as:

Affiliates and vendors then forward the data to the store. In return, they receive a portion of any successful transactions. This model reduces the chance of law enforcement trying to locate the source.

Timing is the most important skill to ensure that shops run smoothly. The CC can be void if the stolen CC data are not captured, delivered, or advertised promptly. These incidents can have a negative impact on the AVC shop's reputation in cybercriminal circles, as well as the customer's trust in the service and the amount of traffic that passes through it doors.

A poor reputation can lead to a loss of sales and traffic, as well as a decrease in internet traffic.

BriansClub is just one of the many CC AVC shops that are currently selling similar datasets. It is believed that a lot of the stolen CC data is duplicated across the various cybercriminal credit card stores. This is not a unique phenomenon. There are many scammers out there looking to take advantage of willing buyers. Buyers are misled into believing that they are purchasing a valid credit card in these cases. AVC sites are similar to forums in that they depend on many factors for success:

You may find a paid advertising slot on some of the most prominent sites. Advertising alone will not bring you success. However, investing in marketing promotes your brand and spreads the word beyond word-of-mouth. Digital marketing is also important because it drives traffic to the website. Without enough interest and participation from users, AVC will quickly die.

Some of the most respected carding AVCs offer a gated entry system. This allows users to feel like they are part of a community and encourages only serious applicants to apply. Gated entry could be a payment model like Briansclub or an invitation-only model like AVC Benumb. This would allow customers to keep their account for longer than the temporary membership period. Joker's Stash was a prominent carding AVC that used to operate on an invitation-only basis. In 2018, it switched to paid-for access.

AVCs require customer service in order to interact with their customers via forums and answer questions.

You need to provide a consistent user experience with site functionality, and a way to deal with bugs in software. This will increase customer loyalty.

The cybercriminal scene has long had a number of popular AVCs for carding. Administrators have been limiting communication to their own websites and forums, in order to avoid competition from fraudulent AVCs. It means that only a few people can reach out to these admins beyond a business-only relationship. This may have prevented law enforcement from disrupting these sites. This has created a sense of mystery around the most popular sites.