Cybercriminals turn to paid and public services to collect the latest information on card holders and use it to create online banking accounts. If an account already exists, they use the details to take control of the account. The data can be obtained from card skimming attacks that make use of a malicious script added to e-commerce websites specifically to capture payment and customer info. Once access to the online account is obtained, they sell it to a customer on the underground forum. The researchers say that their observations indicate that cybercriminals are interested in customizing enroll solutions and increase the amount of cards they can offer for sale.
Source: https://www.bleepingcomputer.com/news/security/illegal-card-enrollment-services-hijack-online-bank-accounts/