With Joker’s Stash Gone, What’s Next in Credit Card Fraud Cybercrime?



Joker’s Stash Shutdown: What Happened and Why It Matters

Today—February 15, 2021—marks the official shutdown date of Joker’s Stash, which was one of the largest illicit payment card shops worldwide, both in terms of the volume and the quality of the cards available on this underground marketplace. 

As this day marks the shop’s official and final closure, we released new in-depth research that analyzes the events that led to Joker’s Stash’s precipitous rise and ensuing fall, projects where the card fraud market goes from here, and advises how fraud and security teams prepare for what’s next.



Download our new research: “Joker’s Stash Post-Mortem: Where Will the Cybercriminals Go?”



Although the reason why the operators decided to close Joker’s Stash is largely left unanswered, Flashpoint dissects the many factors—including shifting eCommerce trends, the global COVID-19 coronavirus pandemic, and increasingly intense international law enforcement scrutiny—that at least influenced, if not dictated, the final move to shut down the shop.



The Closure Likely Planned Months in Advance

Stemming back to early July 2020, Joker’s Stash inventory volume and customer service both began to decline sharply and noticeably. The administrator’s once infamous and routine “breaches” announcements of new stolen credit card data were already sparse compared to past years. And even the singular second half 2020 breach announcement, BlazingSun, and its three million cards paled in comparison to past events, like the 30 million cards released from Big-Badaboom-III.



Figure 1: New Daily Card Records for Sale on Joker’s Stash



Where Will Cybercriminals Go Now?

Of course, card fraud doesn’t stop simply because one shop closes down. Just as Joker’s Stash rose to prominence during a void in competitive illicit marketplaces, we can expect new and existing marketplaces to try to swoop in and fill the major gap left by Joker’s Stash.



Evaluating Alternatives: Shop Volume a Misleading Indicator

When considering illicit replacement marketplace candidates, it seems logical to focus on the activity and transaction volumes of the shops to assess their performance. However, if that’s the only touchstone, elements of quality, reliability, and support can be overlooked—and these criteria often prove far more important in determining card shop desirability for both cybercriminal sellers and buyers.

Four Shops Primed to Take Over 

Based on our current understanding of the market and recent chatter we’ve analyzed, Flashpoint sees four shops as the most-relevant and most-likely marketplaces to take over (listed alphabetically):


1. Brian’s Club: Since the announcement of Joker’s Stash’s closing, Brian’s Club has significantly increased its advertising on carding forums and chat rooms in an attempt to attract new users.
2. Ferum: Ferum’s administrator maintains a long-standing presence in illicit carding communities. The shop is available on the clear web and Tor, providing easier access for entry-level cybercriminals. However, the relatively low amount of card content has limited broader scale adoption.
3. Trump’s Dumps: This relatively newer shop has also increased advertising to capture the open market share left by Joker’s Stash’s absence. The shop offers a variety of services, including a self-hosted checker. 
4. Yale Lodge: A Tor and clear web card shop with relatively high customer support and a self-hosted checking service, Yale Lodge is another shop well-outfitted as a Joker’s Stash replacement.



Download the Report

Above is only a sample of our full research findings. For more data, trends, and in-depth analysis of Joker’s Stash and the future of the cybercriminal card fraud market, download the report, “Joker’s Stash Post-Mortem: Where Will the Cybercriminals Go?”



Put Flashpoint Intelligence to the Test

Sign up for the Flashpoint 90-day free trial and experience firsthand the value of our card fraud collections—and our entire suite of actionable threat intelligence offerings. In a matter of minutes, we can show you how Flashpoint brings immediate value to your most pressing fraud and security initiatives.