Identity Theft Economics

There is a thriving market for stolen credit card and other identity information. These are usually paid for in special web currency to bypass the normal credit and authority monitoring systems. Commonly used systems are: WebMoney and Liberty Dollars .

Economic Niches and some Prices

Stolen credit card numbers now go for as little as 6 cents each, if they're bought 10,000 at a time. The price can be $30 per card for smaller orders. These are worth much less than just a year or two ago because banks are getting so much better at stopping these accounts, as well as the use of the secret number on the back of the card.
Access to hijacked e-mail accounts: 10 cents to $1.
Bank account credentials: $10 to $1,000. Bigger accounts sell for more. These are usually auctioned off with last account balance being a critical factor.
Referral fees can yield up to 50% commissions to the referring website for web scams like phony Antivirus Software.
Scammers can hire people to "cash out" compromised bank accounts for between 8 percent and 50 percent of the amount they're stealing.
Hosting for scam Web sites ranges from $3 to $40 per week.
Checking the balances and limits on stolen cards. Lawrence Baldwin, a security consultant in Alpharetta, Ga., has been working with several financial institutions to help infiltrate illegal card-checking services. Baldwin estimates that at least 25,000 credit and debit cards are checked each day at three separate illegal card-checking Web sites he is monitoring. That is nearly 10 million cards each year.

In most cases, the only barrier to new customers signing up at these services is the ability to speak and read Russian or Chinese, and the ability to pay with one of several virtual currencies. Translation software is rapidly eliminating the need to speak Russian or Chinese.

Where Does this Information come from?

The vast majority of stolen credit card information comes from inside the credit card processors and banks, not individuals getting their cards stolen online. The next biggest contributor is the Retail stores and the government and their poor security practices. We need to be vigilant, but when our credit card information is stolen, it will most likely be from an attack on the store we purchased from or the bank or credit card processor.

Recently RBS WorldPay announced that its computer network had been breached, exposing as many as 1.5 million cardholders and 1.1 million Social Security numbers.

Heartland Payment Systems, reported a breach. That company handles 100 million transactions per month for more than 250,000 merchants.

Because of these breaches Visa has removed WorldPay and Heartland from its list of processors compliant with the Payment Card Industry's Data Security Standard (PCI DSS), which is a requirement for all companies handling transaction data. However, despite temporarily lacking this important certification, the company has recently won a four-year government contract with the IRS, to process tax-return payments beginning in 2010.

TJX Companies said 45.7 million accounts were compromised over nearly a two-year period. They own a number of retail chains including TJ Maxx, Home Goods and Marshalls.

An estimated 70 percent of the online identity fraud activity is related to organized crime. In the U.S., street gangs can make more money off mortgage fraud than they can selling drugs some say.

The Internet makes the processing and monetizing all sorts of transactions much more efficient. Criminal theft and fraud are simply following (or leading) this movement toward greater and greater efficiency.

Date: May 2009

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Identity Theft Economics There is a thriving market for stolen credit card and other identity information. These are usually paid for in special web currency to bypass the normal credit and authority monitoring systems. Commonly used systems are: WebMoney and Liberty Dollars . Economic Niches and some Prices Stolen credit card numbers now go for as little as 6 cents each, if they're bought 10,000 at a time. The price can be $30 per card for smaller orders. These are worth much less than just a year or two ago because banks are getting so much better at stopping these accounts, as well as the use of the secret number on the back of the card. Access to hijacked e-mail accounts: 10 cents to $1. Bank account credentials: $10 to $1,000. Bigger accounts sell for more. These are usually auctioned off with last account balance being a critical factor. Referral fees can yield up to 50% commissions to the referring website for web scams like phony Antivirus Software. Scammers can hire people to "cash out" compromised bank accounts for between 8 percent and 50 percent of the amount they're stealing. Hosting for scam Web sites ranges from $3 to $40 per week. Checking the balances and limits on stolen cards. Lawrence Baldwin, a security consultant in Alpharetta, Ga., has been working with several financial institutions to help infiltrate illegal card-checking services. Baldwin estimates that at least 25,000 credit and debit cards are checked each day at three separate illegal card-checking Web sites he is monitoring. That is nearly 10 million cards each year. In most cases, the only barrier to new customers signing up at these services is the ability to speak and read Russian or Chinese, and the ability to pay with one of several virtual currencies. Translation software is rapidly eliminating the need to speak Russian or Chinese. Where Does this Information come from? The vast majority of stolen credit card information comes from inside the credit card processors and banks, not individuals getting their cards stolen online. The next biggest contributor is the Retail stores and the government and their poor security practices. We need to be vigilant, but when our credit card information is stolen, it will most likely be from an attack on the store we purchased from or the bank or credit card processor. Recently RBS WorldPay announced that its computer network had been breached, exposing as many as 1.5 million cardholders and 1.1 million Social Security numbers. Heartland Payment Systems, reported a breach. That company handles 100 million transactions per month for more than 250,000 merchants. Because of these breaches Visa has removed WorldPay and Heartland from its list of processors compliant with the Payment Card Industry's Data Security Standard (PCI DSS), which is a requirement for all companies handling transaction data. However, despite temporarily lacking this important certification, the company has recently won a four-year government contract with the IRS, to process tax-return payments beginning in 2010. TJX Companies said 45.7 million accounts were compromised over nearly a two-year period. They own a number of retail chains including TJ Maxx, Home Goods and Marshalls. An estimated 70 percent of the online identity fraud activity is related to organized crime. In the U.S., street gangs can make more money off mortgage fraud than they can selling drugs some say. The Internet makes the processing and monetizing all sorts of transactions much more efficient. Criminal theft and fraud are simply following (or leading) this movement toward greater and greater efficiency. Date: May 2009 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk