Cybersecurity journalist Brian Krebs has been following the asking price of these cards on underground online marketplaces and found that the purloined numbers are now selling for a fraction of what they were going for in December.
On Wednesday, sellers on one such marketplace sold nearly 3 million stolen card numbers, getting anywhere from $8 to $28 per card.
By contrast, card info stolen from Target shoppers was selling for between $27 and $45 on the day the news of the hack broke back in mid-December.
Why the steep drop in value? Because the odds of those numbers still being valid has dropped significantly. At the time of the breach announcement, sellers were claiming 100% “valid rates,” meaning that all the cards in a bundle would work if used right away for an illegal shopping spree.
But the cards currently being sold only have stated valid rates of 60%, meaning there is a pretty good chance that four out of 10 cards purchased have already been canceled or flagged.
It’s kind of like buying a day-old baguette at the baker. Maybe it’ll be fine, but there’s a decent chance it will be stale.
It’s surprising to us that so many people have still not canceled cards that were included in the Target breach. Just because your credit card offers $0 liability on fraudulent purchases doesn’t mean you should continue to be in a position where you’re constantly checking your card activity for questionable purchases.