How difficult is it for cybercriminals to steal your credit card data? Shockingly easy, according to data security and payment care industry experts.
Online payment card fraud is on the rise, according to a January 2011 report issued by Panda Security called "The Cyber Crime Black Market: Uncovered." The cyberworld has sophisticated marketing, sales and distribution systems churning out newer and better ways for their clients -- hackers and thieves -- to obtain your credit card and banking data and profit from it.
The most common way they get credit card data is by embedding spyware programs on computers. These programs log and track keystrokes and capture usernames, passwords and PIN numbers and send the information back to hackers who sell it on the black market for surprisingly little money. A working credit card number, for instance, fetches as little as $2.
For a look at some of the pilfered credit card-related data available on the black market -- with labels written as a black marketeer might -- see below.
Banks and financial institutions do what they can to keep hackers at bay, but have limits. Many cybercriminals take advantage of lack of coordination between international law enforcement organizations and never operate in the countries where they reside. The cybercriminals hire talented computer programmers and develop programs to thwart bank security measures as quickly as they are installed.
The criminal operations have grown to resemble their legitimate counterparts, with specialized niches for workers and increasingly sophisticated markets. "These types of markets operate in line with the normal laws of supply and demand," the Panda report states. "There are competing prices, additional services are offered, free trials, money-back guarantees if the data doesn't work (or if the account doesn't have a guaranteed minimum balance) … even anonymous shopping by third parties."
"If there are vulnerabilities, fraudsters will find them and modify their behavior and exploit them. This has the effect of keeping the payment industry on its toes," says David Fish, a senior analyst at Mercator Advisory Group, a payment card industry research company, which issued a report on the changing dynamics of credit card fraud prevention. Fish says the use of chip-and-pin technology embedded in credit cards in Europe has thwarted many criminals who try to use stolen or cloned credit cards at brick-and-mortar stores. That leaves the United States a more attractive target, because that technology is not available in the U.S., and may not be for years.
Cybercrime experts say consumers often can't even tell their credit card information has been copied.
"If your computer is compromised, that means that even if you change your password, they will have the real one as soon as you type it in, " says Luis Corrons, technical director at Panda.
Consumers worried about losses from cybercrime can be reassured that federal laws and the major card networks, such as Visa and MasterCard, have rules in place to protect credit and debit card users. Federal law limits credit card and debit losses from fraud to $50 if consumers report losses in a timely manner. The card networks have zero liability policies, but also require timely notification.
Banks and merchants are logging major losses from cybercrime. According to the CyberSource 2011 Fraud Report, online revenue losses due to fraud in North America was $2.7 billion in 2010 -- down from 2009's $3.3 billion level.
Experts advise consumers to monitor closely their account activities for suspicious or unauthorized activity. Other security precautions include:
Keep anti-virus and firewall protection and Web browser programs up to date on your home and work computers.
Avoid accessing banking or personal e-mail accounts when using free Wi-Fi services because it is easy for criminals to capture your personal data over wireless connections.
Don't use ATMs that have devices over the card insert slot. Be suspicious of machines that look like ATMs, but don't distribute cash. Notify your bank if you think your card's data has been stolen.
If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.
Three most recent Legal, regulatory, privacy issues stories:
FTC targets cash-reload code scams – The FTC has proposed banning telemarketers from taking payments via cash reload codes that are used to fund prepaid cards. The codes make it too easy for fraudsters to take cash without leaving a trace ...
How to pick a bankruptcy attorney – That’s it, you’re done. After struggling to pay your debts, you’re ready to consider bankruptcy. It’s time to contact a lawyer to represent you, but which one? ...
Did you like this story? Then sign up for CreditCards.com’s weekly e-newsletter for the latest news, advice, articles and tips. It's FREE. Once a week you will receive the top credit card industry news in your inbox. Sign up now!