From Ekspert, Sept. 11, 2023, p. 37. Condensed text:
An anonymous courier will come straight to your home, and he will pull out of his backpack a brand-new card issued by a bank somewhere in Kazakhstan, Kyrgyzstan or some other CIS country. “It is all perfectly legitimate – the card will be issued at a bank office, and your presence is not required,” the people offering this service claim.
There are dozens of ads like that on the darknet today. Most people are oblivious to their existence, but once you start searching for them, they are not hard to find. All you have to do is install special software for surfing the dark Internet.
For 15,000 to 50,000 rubles [i.e., approximately $150 to $500], you can get a ready-to-use card from a foreign bank, or at least online access to a personal account set up for you, and the number of such ads keeps growing. The reason Russians need cards from Russia-friendly countries is because Visa and MasterCard stopped servicing cards issued in Russia, and now people have difficulty paying for foreign services. For example, you need a working card to book a hotel room on Booking.com or to pay for your Netflix subscription. If you have a card, you can still travel and watch your favorite TV series like before, as if there were no sanctions.
Bank accounts in other CIS countries can also be used to siphon money out of Russia. They can be used as a halfway point, before cash is transferred further, into deposit accounts in European or US banks.
According to the [Russian] Central Bank, the total amount of bank deposits kept by Russians abroad exceeded in 2022 the total amount of their savings inside Russia. By the middle of 2023, Russians had about $73 billion deposited in nonresident banks.
But foreign bank cards, convenient as they might be, involve certain risks. After a while, the bank may decide to suspend your card. Or you may face blackmail from hackers who obtain your personal data.
World of shadow finance.
The darknet is a system of unconnected virtual tunnels, or protected connections. Encoded data is transferred directly from one user to another. Unlike with the regular Internet, the IP addresses of the sender and the recipient are not revealed. . . .
Darknet Web sites use special domains – e.g., “.onion” or “.i2p.” They are like ghosts; no country in the world regulates them. Standard browsers don’t even see those domains.
Perhaps the people who created the darknet did not even expect that, decades later, their invention would be used by regular criminals. Nevertheless, the fact remains that it is primarily criminals who actively use the darknet today. They set up their special anonymous forums where hundreds of ads are posted offering various illegal services, from leaking people’s personal data to selling drugs.
The same forums offer [ready-to-use foreign] bank cards. There are so many offers that advertisers even have to use marketing gimmicks – coming up with catchy logos and nice visuals. Some use pictures of a bank teller with the head of a dog for their avatars; others use pictures with stacks of cash that seem to be flying off the screen right into your hands. At the top of the forum page, there is often a banner advertising a major shadow store.
Prices vary. Some stores offer online access to a personal account they will set up for you for 10,000 rubles. Once you have access to your account, you can ask your bank to issue a digital card. Other stores charge 25,000 rubles for the same service. In most cases, these accounts are opened in Kazakh banks. You can choose between Altyn Bank, Smartbank, RBK Bank, Jusan, Freedom Bank, CenterCredit Bank and others. Another popular country is Kyrgyzstan (e.g., FINCA Bank). Some stores also offer cards from Armenian or Tajik banks. As far as Ukraine is concerned, there are no offers to set up an account in a Ukrainian bank, but there are ads from people interested in buying a Ukrainian card.
There are also stores that sell ready-to-use cards. Those usually cost more, between 25,000 and 50,000 rubles.
If you want a card from a Kazakh bank, you will often be asked to get an IIN [individual identification number] – something similar to the TIN [taxpayer identification number] in Russia. You can get an IIN remotely, but there will be a separate fee for that. An Ekspertjournalist contacted one of the advertisers and was asked to pay 10,000 rubles for an IIN. The advertiser said the time required to get an IIN may vary from two days to 20. In any case, it never takes more than a month, he said.
To apply for an IIN, you will have to send a high-resolution scan of your international passport and a photo of yourself holding the passport in your hand.
Payments are arranged on the darknet through anonymous third-party forum members providing escrow services. The system is somewhat similar to the way marketplaces or stock exchanges operate: Instead of going straight to the service provider, your money goes to escrow first.
The Ekspertjournalist contacted an escrow agent on a major darknet forum, asking how to make payments through him. The agent asked [the journalist] to fill out an online order form. On the form, you have to provide a link to the seller’s page and another one to the forum thread where they offer the service in question. You also have to indicate who will pay the commission to the escrow agent. The commission is 10% of the transaction amount. Then you will need to wire your money to the agent’s account on Qiwi, YooMoney, ePayments or AdvCash. Another option is sending your money to an online wallet through Alfa Bank’s Cash-in system. You can also pay in cryptocurrency – Bitcoin, Ether or Dash. Once you receive the product or service you purchased, you contact the escrow agent, and he releases the money to the seller. This way, the seller cannot cheat the buyer and disappear without delivering their end of the bargain.
Many stores offering bank cards are currently moving from the darknet to Telegram. Some even set up pages in the Russian-language segment of the regular Web. They do this to be closer to their customers. Such stores don’t use escrow; instead, buyers pay directly to sellers. The Ekspertjournalist contacted a major seller of bank cards on Telegram. The seller asked him to send the entire amount in advance to a regular card issued by Tinkoff or Sber[bank] without indicating in the payment form what the money was for. The card, he said, would be delivered through the SDEK courier service. The seller did not offer any guarantee, apart from his word, that the card would indeed be delivered.
Choosing a complex solution over a simpler one.
People offering assistance with opening a bank account in CIS countries have been on the market for a long time. But their number increased dramatically in 2021, F.A.C.C.T. (the [cybersecurity] company formerly known as Group‑IB) told Ekspert.
According to F.A.C.C.T analyst Lada Kazinkina, while in the past only a handful of such ads would appear in one week, since the beginning of 2021, their number increased to about a dozen ads a week, and by the middle of 2022, it was already about 100 ads a week. “Since mid-April 2023, several thousand ads offering ready-to-use bank cards and accounts have appeared on various forums and Telegram channels weekly. There are also ads offering to open a personalized card in your name in a foreign bank remotely,” Kazinkina said.
According to Kaspersky Lab, illegal darknet trade took a major hit last year but started to recover toward the end of 2022. Over the last six months of 2022, the number of escrow transactions doubled from 19,500 in June to 40,000 in December. Granted, in addition to bank card purchases, these numbers include other kinds of business: counterfeit documents, drugs, etc.
The reason behind the initial drop in the number of transactions in 2022 was the decision by Visa and MasterCard to stop servicing cards issued in Russia. This was a major disruption to international criminal schemes. But now the black market has recovered, coming up with new schemes. For instance, cryptocurrencies are now used more often to make payments.
The sellers themselves make no secret of the number of customers served. For example, two major sellers on Telegram contacted by Ekspert claim to have sold about 1,000 foreign cards last year. In other words, there is demand for such services.
Surprisingly, this happens despite the fact that there are perfectly legal ways for Russian citizens to get cards from banks in, for example, Armenia or Kazakhstan. The simplest way is just to go abroad and order a card while there. This may involve additional costs, but it is not as risky as buying a card on the darknet. At the same time, to be fair, Russian tourists have been complaining lately that banks in those countries take too much time to issue a card and, in some cases, ask the customer to provide additional paperwork. Nevertheless, getting a card in person is still a very viable option.
Another option is to ask a Russian bank to help you. For example, Alfa Bank sent out emails and text messages to its premium clients in spring offering to help get a card from a foreign bank (one of our sources received such a text from the bank). Interested clients were asked to fill out a request form and attach scans of their domestic and international passports. The bank promised to deliver the card within a week. . . .
Vultures of the underworld.
The foreign card market on the darknet consists of two segments: a legal segment, where cards are set up using customers’ real names and personal data, and a criminal segment, where cards are made using some other person’s data, Ashot Oganesyan, founder of DLBI (Data Leakage and Breach Intelligence), a consultancy monitoring the darknet, explains. These surrogate owners are called “drops” [short for “drop hoes” – Trans.] in cybercriminal parlance.
The same stores often sell both kinds of cards, so at times it is not that easy to figure out what kind of card you are buying.
The criminal segment is trickier. Regulars have specific roles: there are con artists, money mules, etc. Cards set up in somebody else’s name are often used for illegal transactions.
Such service providers often have pools of “drops” available on demand. These people are always ready to go to a bank and open an account using their personal data. “As a result, the buyer gets a ready-to-use bank account or card registered in another person’s name. Such an account can be used to move dirty money. The ‘drop’ gets a small commission for every transaction that goes through their account. In addition to bank account information, the customer often receives a full package of personal data about the ‘drop’: photocopies of their passport and other documents, SIM cards, logins and passwords for mobile banking, PIN codes, code words, etc. – anything you might need when making a payment,” Kazinkina said.
The press office of Angara Security, a cybersecurity firm, explained that such illegal cards may already have a criminal track record. For example, they may have been used earlier to make shady payments that are illegal under Russian laws. Thus, even experienced criminals risk getting on the radar of law enforcement by using such cards.
Legitimate cards, i.e., those that are properly registered in the customer’s own name without a “drop,” are safer. But, again, there are certain risks. Many people offering such cards are fraudsters. According to Ashot Oganesyan, this kind of fraud is more common on Telegram, where fees are paid directly without escrow. Approximately half of card ads on Telegram are fraudulent, the expert says. The criminals will simply vanish with your money once you pay them.
Nevertheless, even those sorts of ads are quite popular. This is because people often seek simple solutions. Instead of searching for a legal way to get a foreign card, it is so much easier to just send your money and the scans of all your documents to a complete stranger.
Also, such cards are often used by companies involved in gray import operations. According to Oganesyan, they have to use these cards to pay for imported goods because the banking system does not work. In some cases, these cards are used to pay for a service provided by Russian companies or to transfer relatively small amounts of cash abroad – for example, if a company wants to store its earnings in a foreign account, the expert added.
Where there is demand, there will always be supply. The number of ads offering illegal cards on the darknet keeps on growing.