Massive Carding Marketplace "Savastan0" Selling Over 15 Million Stolen Credit Cards

A major underground carding marketplace known as Savastan0 has been found selling over 15 million stolen credit and debit card records, with the vast majority belonging to U.S. cardholders.

Security researchers at the Yarix Cyber Threat Intelligence Team uncovered the large trove of payment card data being traded on the Savastan0[.]tools website, which has been operating since at least 2019.

The Savastan0 marketplace operates much like a legitimate e-commerce site, allowing criminals to search for and purchase stolen card data based on BIN number, country, ZIP code, and issuing bank. Buyers can fund their accounts with cryptocurrencies like Bitcoin and Litecoin to acquire card details, which often include:

• Full names and addresses

• Card numbers (PAN)

• Expiration dates

• CVV codes

"Savastan0 totally looks like a legitimate online store," noted Valerio Livi, a Yarix researcher who analyzed the marketplace. "Once logged in, the landing page shows the latest added databases of stolen cards."

Breakdown of Stolen Cards by Region and Network

Researchers found that nearly 78% of the 15 million exposed cards were issued by U.S. financial institutions. This aligns with a January 2023 report from Recorded Future’s Insikt Group, which found that 70% of the 60 million compromised payment cards for sale on dark web platforms in 2022 were from U.S. banks.

After the U.S., the most affected countries were: India, Mexico, Brazil, and Canada

Within Europe, the UK had the highest number of exposed cards, followed by: France, Italy, Germany, and Spain.

Which Payment Networks Are Most Affected?

• Visa accounts for over 70% of the stolen cards

• Mastercard makes up about 20%

• American Express and Discover round out the top four

How Savastan0 Buyers Use the Marketplace

Savastan0 gives buyers a 10-minute window to verify stolen cards using an integrated checking service before purchases become non-refundable. This short timeframe ensures that banks and fraud detection systems don’t have time to block the compromised cards before they’re used.

"Without making any transaction, card checker services may be used to 'soft check' the authenticity of cards," Livi explained. "This lowers the possibility of alerting the legitimate owner to the activity or warning anti-fraud systems."

Origins of Savastan0

• The Savastan0 operators appear to have been active in carding circles since around 2010, based on forum posts analyzed by researchers.

• The savastan0[.]biz domain was registered in 2019 and the site has been promoted on popular carding forums ever since.

• Savastan0 also runs a Telegram channel where updates about new stolen databases are posted.

To become a seller on the platform, criminals must submit an application ticket to the Savastan0 staff for approval. The marketplace takes a cut of all transactions and charges $0.30 per card verification check.

Why This Matters

While carding marketplaces are not new, Savastan0’s massive inventory and slick user interface just speak to the absolute scale of payment card theft and fraud. Stolen cards are priced based on:

• The card’s credit limit (corporate and platinum cards are more valuable)

• Security features

• The issuing bank and country

• How the card data was obtained (high-profile breaches fetch higher prices than phishing scams)

"Payment card details that were acquired via a high-profile data breach can be worth more than data obtained from lower-risk methods such as phishing," Livi said.

Law enforcement and financial institutions are likely to take an interest in Savastan0 as they continue efforts to combat carding operations. However, history has shown that even after major takedowns of carding sites, new platforms quickly emerge to meet criminal demand.

The Yarix team says they will continue monitoring Savastan0 and similar marketplaces to alert their customers to potential fraud risks. However, as long as stolen payment card data remains valuable in cybercriminal circles, carding will continue to thrive as a lucrative underground industry.