If you’re in the mood for a truly surreal peek into the stolen payment card data market, check out this profile of a data-seller called Joker’s Stash, over at KrebsOnSecurity. This vendor’s employees, solely selling illegal stolen data mind you, “set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service.” Heck, it’s hard enough to get legitimate retailers to do that.
Indeed, the Bitcoin-accepting company markets itself as proudly only selling data that it’s own people stole, as opposed to selling what any lowlife on the street steals. And it offers limited guarantees: “All sales are final, although some batches of stolen cards for sale at Joker’s Stash come with a replacement policy — a short window of time from minutes to a few hours, generally — in which buyers can request replacement cards for any that come back as declined during that replacement timeframe.”
Even their loyalty program is better than that offered by some large retailers: “Customers with higher ratings get advance notice of new batches of stolen cards coming up for sale, prioritized support requests, as well as additional time to get refunds on cards that came back as “declined” or closed by the issuing bank shortly after purchase. To determine a customer’s loyalty rating, the system calculates the sum of all customer deposits minus the total refunds requested by the customer.”
When professional thieves start acting more professional than honest merchants, maybe it’s a good time to rethink which side of the fence we want to be on. ‘Tis a piece well worth a read.