Your identity, credit card data sells cheaply on the black market
Psst, want skimmers? Hot bank account numbers? Card cloners? Here's a price list
By Connie Prater | Published: February 1, 2011
How difficult is it for cybercriminals to steal your credit card data? Shockingly easy, according to data security and payment care industry experts.
Online payment card fraud is on the rise, according to a January 2011 report issued by Panda Security called "The Cyber Crime Black Market: Uncovered." The cyberworld has sophisticated marketing, sales and distribution systems churning out newer and better ways for their clients -- hackers and thieves -- to obtain your credit card and banking data and profit from it.
The most common way they get credit card data is by embedding spyware programs on computers. These programs log and track keystrokes and capture usernames, passwords and PIN numbers and send the information back to hackers who sell it on the black market for surprisingly little money. A working credit card number, for instance, fetches as little as $2.
For a look at some of the pilfered credit card-related data available on the black market -- with labels written as a black marketeer might -- see below.
Banks and financial institutions do what they can to keep hackers at bay, but have limits. Many cybercriminals take advantage of lack of coordination between international law enforcement organizations and never operate in the countries where they reside. The cybercriminals hire talented computer programmers and develop programs to thwart bank security measures as quickly as they are installed.
The criminal operations have grown to resemble their legitimate counterparts, with specialized niches for workers and increasingly sophisticated markets. "These types of markets operate in line with the normal laws of supply and demand," the Panda report states. "There are competing prices, additional services are offered, free trials, money-back guarantees if the data doesn't work (or if the account doesn't have a guaranteed minimum balance) … even anonymous shopping by third parties."
"If there are vulnerabilities, fraudsters will find them and modify their behavior and exploit them. This has the effect of keeping the payment industry on its toes," says David Fish, a senior analyst at Mercator Advisory Group, a payment card industry research company, which issued a report on the changing dynamics of credit card fraud prevention. Fish says the use of chip-and-pin technology embedded in credit cards in Europe has thwarted many criminals who try to use stolen or cloned credit cards at brick-and-mortar stores. That leaves the United States a more attractive target, because that technology is not available in the U.S., and may not be for years.
Cybercrime experts say consumers often can't even tell their credit card information has been copied.
"If your computer is compromised, that means that even if you change your password, they will have the real one as soon as you type it in, " says Luis Corrons, technical director at Panda.
Consumers worried about losses from cybercrime can be reassured that federal laws and the major card networks, such as Visa and MasterCard, have rules in place to protect credit and debit card users. Federal law limits credit card and debit losses from fraud to $50 if consumers report losses in a timely manner. The card networks have zero liability policies, but also require timely notification.
Banks and merchants are logging major losses from cybercrime. According to the CyberSource 2011 Fraud Report, online revenue losses due to fraud in North America was $2.7 billion in 2010 -- down from 2009's $3.3 billion level.
Experts advise consumers to monitor closely their account activities for suspicious or unauthorized activity. Other security precautions include:
- Keep anti-virus and firewall protection and Web browser programs up to date on your home and work computers.
- Avoid accessing banking or personal e-mail accounts when using free Wi-Fi services because it is easy for criminals to capture your personal data over wireless connections.
- Don't use ATMs that have devices over the card insert slot. Be suspicious of machines that look like ATMs, but don't distribute cash. Notify your bank if you think your card's data has been stolen.
See related: Free, public Wi-Fi can be dangerous to your credit card, Card thieves 'skimming' pay-at-the-pump customers, How to find your credit card security code, U.S. magnetic stripe credit cards on brink of extinction, Sinowal trojan compromises 500,000 bank accounts, Nearly 100 charged worldwide in massive phishing scam bust
- DIY credit card arbitration: You may be able to opt out – Consumers can preserve their right to go to court instead of private arbitration in many cases by going through and opt-out process ...
- CFPB rule: Consumers should be able to band together and sue – Banks, GOP oppose measure that would end "mandatory arbitration" clauses that prevented class-action suits ...
- Bluesnarfing is newest card fraud at gas pumps and ATMs – With a skimmer and Bluetooth technology, fraudsters can sit nearby and intercept your payment transaction details ...