A Russian carding site is selling 554 stolen Australian credit cards with full details for $4.50 per record.
The online cybercrime bazaar listed Mastercard and Visa cards stolen from each Australian state and territory.
Each record contained the victim’s first name, partial card number, state and city. About 135 cards were stolen from victims in NSW, a hundred from Victoria, 60 from Queensland and 40 from Western Australia.
The Australian cards were the second largest cache of credit cards available on the site, behind some 1600 cards stolen from United States.
It was slightly more than the 537 cards on offer stolen from German victims.
The $4.50 price tag seemed cheap compared to other underground carding websites which list Australian cards from upwards of $10 each.
Price can be affected by credit limit, and that value of the affected cards was unknown.
For the US records, Mastercard credentials were sold for $2 each while American Express was on offer for $4.50 each.
The site, established as a business between a group of Russian hackers in July last year, had guaranteed the validity of the cards.
Each was tested via payment sites like Authorize.net and was backed by a refund guarantee.
The site appeared to be hosted in the US by Glowhost.com.
Card schemes say the chip – a gold square on the face of bank cards – dramatically reduced the amount of information available to fraudsters and cannot be replicated.
All terminals that process Visa payments were meant to be chip-enabled by April next year and all cards from the provider would be chipped and work only with a PIN number a year later. But the industry imposed deadlines have been passed over and extended previously.
Last year, Visa had identified some 40,000 small businesses across Australia that were at higher risk of fraud because they were large enough to process some 20,000 transactions but too small to properly secure their networks.