How hackers buy and sell your financial details


Updated on 19 February 2016 | 1 Comment

Here's how underground hackers buy and sell your financial details.

The incredible profits cyber thieves are making from selling on your credit card details have been revealed for the first time in a new study from Michigan State University.

Criminologist Thomas J Holt carried out the first scientific studies into estimating cybercrime profits.

Holt and his fellow researchers analysed online forums where criminals are known to sell stolen financial and personal information, usually in batches of 50 or 100 cards at a time. The buyers then attempt to access victims’ accounts or buy goods or services with the stolen cards. 

The majority of stolen data comes from the USA and Europe.

How they operate

Once the hackers have got your details, they then head to online forums to sell those details on. And it's the crooks buying your info that actually stand to make the biggest profits.

A hacker might sell a batch of 50 to 100 stolen credit or debit cards for anything between $250,000 and $1 million. But the buyers can then cash in by using those stolen details to spend wildly. The study suggested that on average a batch of 50 stolen cards could make the buyer between $2 million (that’s if only 25% of the cards work) and almost $8 million (if all of the cards work).

What the forums look like

The researchers analysed a sample of 1,899 threads from 13 web forums where criminals have been known to sell stolen data. 10 of the websites were primarily in Russian and three were in English. The images below are an example of how batches of card details are sold on these forums.

Source: Examining the Structure, Organization, and Processes of the International Market for Stolen Data (ncjrs.gov) 

A massive 84.3% of the sampled forums had some sort of stolen data up for sale, with 44.7% of sellers offering other users’ bank account or credit card information or Card Verification Value (CVV) data from cards (34.9%). A tiny 1.4% had electronic data from the likes of eBay and PayPal accounts and a small proportion sold malware and tools to carry out cybercrimes.

Source: Examining the Structure, Organization, and Processes of the International Market for Stolen Data (ncjrs.gov) 

Most individuals communicate through instant messaging on the forums.

It turns out that bank account data from the UK was the least expensive at $4.08 (£2.86) while US data was the most expensive at $5.33 (£3.73).

As well as cards, thieves are selling documents like passports and driving licences.

A typical page looks like normal people posting goods for sale. It even has a positive and negative feedback section, which have just as much bearing on seller reputation as they do on general goods websites.

MasterCard and Visa are at higher risk from hackers, followed by American Express and US bank Discover, according to the research.

Holt argues in the report that regulation of these forums would involve substantive law enforcement. But as it’s a global crime, it makes it difficult for individual authorities to enforce laws on hackers overseas.

Dangerous complacency

Holt worries that cardholders aren’t seeing data theft for the problem that it is:

“It’s happening so often that average consumers are just getting into the mind-set of, ‘Well, my bank will just re-issue the card, it’s not a problem”. They see it as a nuisance rather than a loss of valuable information.

"If we do not understand the scope of this problem, if we just treat it as a nuisance, then we are going to enable and embolden this as a form of crime that would not stop."

In the UK we’ve had large-scale hacks of personal data, with TalkTalk, Staysure, Carphone Warehouse and other firms all hit last year.

Learn more about what you can do if you fall victim to identity fraud at Identity theft: what to do if you’re a victim of ID fraud.

Get loads of great offers on your current account with loveMONEY today

Scams you need to watch out for:

The tax scam sitting in your inbox

Why you SHOULDN'T keep your card in your back pocket

The scammers trying to trick you at work

Warning: scammers are hunting your signature

 

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.