The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it.
This malicious end user typically buys payment data in limited quantities, since:
- The price per stolen data greatly increases from when it was originally sold by the source.
- There’s an unknown amount of time until the financial institution revokes the issued stolen data.