Reports show a rapid rise in losses tied to card fraud, with numbers climbing from roughly 10 or 15 thousand rubles to about 70 thousand in a short period. Attackers increasingly move the stolen funds through couriers who physically carry money or use compromised cards to withdraw cash, rather than relying solely on remote transfers. The spike drew attention from Russia’s central bank, and officials summarized the trend in a briefing following remarks attributed to Elvira Nabiullina. The message underscores growing risks to consumer accounts and calls on financial institutions to tighten controls and respond more quickly to suspicious activity. For readers in Canada and the United States, the pattern echoes similar fraud where both card present and online data breaches fuel losses, reminding providers to deploy layered security and real-time monitoring. In short, the core takeaway is that organized networks can scale theft quickly when stolen data is actively exploited with couriers and mule accounts.
On Wednesday Nabiullina stated that the Bank of Russia recommends stronger fraud defenses across banks and payment services to protect customers. The central bank urged institutions to boost real-time transaction monitoring, tighten verification for large cash withdrawals, and strengthen authentication whenever a new device or location is detected. Banks are encouraged to conduct regular risk assessments, deploy anomaly-detection tools, and train staff to recognize warning signs of fraud. In Canada and the United States regulators have pressed for faster customer alerts and more robust controls on card data, including dynamic verification, tokenization, and multi-factor authentication. The aim is to reduce the window for criminals to convert stolen data into cash and to limit harm to legitimate cardholders.
A dropper is a person who accepts funds moved fraudulently from a victim’s card and then transfers or launders those funds, often taking a share as profit. The broader network around a dropper may include data thieves who acquire card details, facilitators who convert data into usable transfers, and couriers who handle cash or quick moves. In practice, the dropper’s role is to receive illicit proceeds and push them along a chain of transfers that makes tracing difficult. Authorities note that droppers are often mobile and operate across regions, exploiting legitimate payment channels to blend illegal activity with ordinary spending patterns.
Toward the end of December, Dmitry Ermakov, head of the Fraud Protection Department, warned that the pattern of moving funds from compromised cards to drop accounts would continue into 2025 and affect a large number of accounts. He highlighted that the scale of the problem remains significant and that a large volume of card data breaches provides criminals with opportunities to profit through this model. Banks and law enforcement have stepped up efforts to identify droppers, shut down drop accounts, and alert customers whose data has been compromised. The broader fight emphasizes public awareness and rapid incident response for users whose information was exposed in breaches and phishing campaigns.
Earlier, a Russian bank reported the price of a single dropper card on the black market, illustrating how stolen data can be converted into cash through a network of intermediaries. The existence of a market for these cards signals why criminals pursue data breaches and why ongoing protection and rapid remediation are essential. In Canada and the United States, this pattern has prompted calls for stronger data protection standards, faster fraud alerts, and closer monitoring of card activity to reduce losses.