Cybercriminals now buy and sell information and equipment needed to perpetrate card fraud with ease, and illegal trading websites are exposing stolen consumer data and card details to more criminals than ever before. Cybercrime has become an incredibly lucrative business, generating more than $100 billion annually worldwide.
Mako Networks, the world’s first and only PCI DSS-certified Level One network management service provider, claims that whilst several recent high-profile data breaches have grabbed headlines, few retailers are sufficiently concerned with, or even aware of, what happens to customer data after it’s been stolen.
Bill Farmer, CEO of Mako Networks, commented: “It is now even more important to understand what we are all up against with modern payment fraudsters and cybercriminals. Retailers and merchants are the guardians of data and have a responsibility to their customers to ensure personal data and card details are protected. Fraud is an industry in itself, and the more we learn about how it operates, the better equipped we will be to prevent it from continuing.”
Although pressure is increasing on banks to act quickly to detect and block compromised cards after a security breach, this is often too late. Fraudsters are fast-acting and bank or credit accounts can be drained within hours. According to Mako Networks, here’s how:
Stolen data – fast facts
1. Professional criminals collect data from hundreds or thousands of cardholders using a variety of methods. This can include straight database hacks, payment terminal manipulation, card detail skimming and the deployment of bogus ATM machines, designed to steal card numbers and PIN details.
2. Stolen card details are big money. Credit card details can be bought online from criminals for as little as $2 per record, but guaranteed, valid account balances dramatically increase in price. Details for smaller bank balances command $80, while access to accounts with a guaranteed balance of $82,000 can cost more than $700 per record.*
3. Illegal trading sites are lively forums, selling and sharing data for profit. These card details are used to create cloned credit cards to withdraw money from ATMs in coordinated attacks often involving large teams of criminals, or to fraudulently purchase items which can easily be sold on.
4. Thieves need a reliable stream of new card details. Recent reports indicate that many of the 360 million card details stolen in 2008 are now set to expire, putting fraudsters on the hunt for fresh details that can be used in the coming years.**
Paul Rodgers, Chairman of the Vendorcom payments community, commented on the importance of understanding the full reach of cybercriminals, “Today’s criminals are no longer petty or opportunistic thieves; they’re organised gangs operating on a large scale, stealing data through sophisticated hacks and payment terminal manipulation. The accessibility of illegal websites means that potential fraudsters outside of a gang can become involved fairly easily. These illegal websites breed extremely motivated groups of skilled criminals which pose a very real threat to businesses and their customers. Problems don’t end with the breach: often they’re just beginning.”
* Panda Labs Report, The Cyber Crime Black Market: Uncovered, January 2011
** New York Times, Thieves Found Citigroup Site an Easy Entry, 13 June 2011