Credit and debit cards stolen from bricks-and-mortar stores sell on the black market for at least ten times the price of cards stolen from online merchants. There are plenty of TOR accessible card shops that will happily buy the cards from hackers and resell them on the open market. A card stolen from a bricks-and-mortar store can be reused in a real store to buy high value electronic goods or gift cards that can be easily converted into cash. Cards stolen online require a card verification value (CVV) and can only be used by online stores willing to send high value goods to a different shipping address from the billing address.
The two most recent major bricks-and-mortar store card breach stories that have appeared in the news recently are Home Depot where 56m customers’ card details have been stolen and Target where 70m customers’ card details have been stolen. In both cases the point of sales (POS) systems were been breached by variants of the same memory scraping malware. BlackPOS / Kaptoxa in the case of TARGET and Framework POS in the case of Home Depot. Both malwares run inside the POS system (running on Windows OS) and are registered as a service. Both malwares read card data before it is encrypted and then collate and later output the card data which is then made available as ‘dumps’ on black market stores.
Black POS / Kaptoxa behind the TARGET breach: