Stas Alforov writes:
- Based on the proprietary Gemini Advisory telemetry data collected from various dark web sources over several years, we have determined that in 2018, nearly 1.4 million cards were compromised in the East Asia region, nearly a 100% increase from 2017.
- Despite the overarching trend of increased fraud in East Asia, Japanese compromised card levels decreased by over 100% in 2018, largely due to what appears to have been a massive upload of 280,000 Japanese CNP payment records posted for sale in January of 2017.
- Gemini Advisory identified an out-of-pattern spike in Japanese payment records added to the dark web in November and December of 2018; this spike of newly added records appeared to run parallel to a growing demand in Japanese-issued cards. Gemini Advisory identified that during this timeframe, a number of Japanese cardholders published various complaints regarding a newly released Japanese payment app called PayPay.
- Cybercriminals likely utilized this app as a means of monetizing stolen Japanese payment cards, as well as compromising and monetizing the credentials of existing legitimate PayPay users. Based on the overlapping timeframes between PayPay fraud and the spike in Japanese payment cards added to dark web marketplaces between November and December 2018, Gemini Advisory assesses with moderate confidence that these two events are related
Read more about their findings on GeminiAdvisory.io.