4/28/2011 11:38 AM ET|
What you're worth on black market
Psst, want skimmers? Hot bank account numbers? Card cloners? Here's a price list.
How difficult is it for cybercriminals to steal your credit card data? Shockingly easy, according to data-security and payment-care industry experts.
Online payment card fraud is on the rise, according to a January 2011 report issued by Panda Security called "The Cyber Crime Black Market: Uncovered" (PDF file). The cyberworld has sophisticated marketing, sales and distribution systems churning out newer and better ways for their clients -- hackers and thieves -- to obtain your credit card and banking data and profit from it.
- Know your credit rating? Get an estimate
The most common way they get credit card data is by embedding spyware programs on computers. These programs log and track keystrokes and capture user names, passwords and PINs and send the information to hackers who sell it on the black market for surprisingly little money. A working credit card number, for instance, fetches as little as $2.
Here are some examples of black market services and what criminals pay for them:
- Credit card details for $2 to $90: Pirated credit card details can include the cardholder's full name, mailing address, phone number, Social Security number, date of birth, the card type, card number, expiration date, security number, PIN and bank name. The more details, the more it costs. Armed with this information, thieves can make online purchases or clone fake cards for use at ATMs.
- Physical credit cards for $180, plus the cost of the details: These are counterfeit plastic credit cards that have been replicated down to the bank hologram. They are available in white plastic or color printing at additional cost. The stolen credit card details, such as the card number, PIN and security number, are not included in the price of the card. Minimum order: five cards.
- Card cloners for $200 to $1,000: These machines allow you to print or clone phony credit cards, complete with magnetic stripes and embossed numbers. Thieves obtain the information needed to clone cards through skimmers or fake ATMs that capture and copy the card data. Several cloner models are available. All can make multiple copies of the same card.
- Fake ATMs for $80 to $700: There are two basic types: devices called skimmers that fit over the card intake slot on a regular bank ATM or a full replica of an ATM console. When people insert their credit or debit cards into the machine, it copies the card data and tells users there was an error and the transaction was aborted.
- Bank credentials for $3,500: User names and passwords for customer bank accounts, plus any other credentials, such as answers to security questions, that you may need to log in to the accounts. Thieves may obtain this information from malicious software that captures keystrokes. When bank customers access their online accounts, the programs copy the information and send it back to the cyberthieves.
- Money laundering for 10% to 40% of the amount laundered: Bank transfers and check cashing services are available to move stolen money from victims' accounts into untraceable accounts. This service can include using stolen bank credentials to hack accounts and transfer money to "money mules," who are paid to transfer the money to legitimate accounts using money transfer services.
Cybercriminals often one step ahead of banks, law enforcement
Banks and other financial institutions do what they can to keep hackers at bay, but they have limits. Many cybercriminals take advantage of lack of coordination between international law enforcement organizations and never operate in the countries where they reside. The cybercriminals hire talented computer programmers and develop programs to thwart bank security measures as quickly as they are installed.
The criminal operations have grown to resemble their legitimate counterparts, with specialized niches for workers and increasingly sophisticated markets. "These types of markets operate in line with the normal laws of supply and demand," the Panda report says. "There are competing prices, additional services are offered, free trials, money-back guarantees if the data 'don't work (or if the account doesn't have a guaranteed minimum balance) ... even anonymous shopping by third parties."
"If there are vulnerabilities, fraudsters will find them and modify their behavior and exploit them. This has the effect of keeping the payment industry on its toes," says David Fish, a senior analyst at Mercator Advisory Group, a payment card industry research company, which issued a report on the changing dynamics of credit card fraud prevention. Fish says the use of chip and PIN technology embedded in credit cards in Europe has thwarted many criminals who try to use stolen or cloned credit cards at brick-and-mortar stores. That leaves the United States a more attractive target, because that technology is not available in the U.S., and may not be for years.
Cybercrime experts say consumers often can't tell if their credit card information has been copied.
"If your computer is compromised, that means that even if you change your password, they will have the real one as soon as you type it in," says Luis Corrons, technical director at Panda.
Consumers worried about losses from cybercrime can be reassured that federal laws and the major card networks, such as Visa and MasterCard, have rules in place to protect credit and debit card users. Federal law limits credit card and debit losses from fraud to $50 if consumers report losses in a timely manner. The card networks have zero-liability policies, but also require timely notification.
Banks and merchants are logging major losses from cybercrime. According to the CyberSource 2011 Fraud Report, online revenue losses due to fraud in North America were $2.7 billion in 2010, down from $3.3 billion in 2009.
Experts advise that consumers closely monitor their account activities for suspicious or unauthorized activity. Other security precautions include:
- Keep antivirus and firewall protection and Web browser programs up-to-date on your home and work computers.
- Avoid accessing banking or personal email accounts when using free Wi-Fi services because it is easy for criminals to capture your personal data over wireless connections.
- Don't use ATMs that have devices over the card insert slot. Be suspicious of machines that look like ATMs, but don't distribute cash. Notify your bank if you think your card's information has been stolen.
This article was reported by Connie Prater for CreditCards.com.
VIDEO ON MSN MONEY
Our real worry should be the banksters and Wall Street Madoffs along with the snake oil politicians who have scammed more $ than all combined cyber criminals out there.
Well, next time I hurry to the voting office I'll remember all the filthy *** hands that rummage through other people's things. Proves there's no depth to the disgusting criminal ways people choose to live. Why not have someone else's baby while you're at it?
This misses a couple huge scams. First watch your contacts list on e-mail, mine had 130 once, two weeks later 117. 17 were mine.
Next-Pay Pal,. They notified me that there was a fraudulent action, on a Sunday night.( From eastern Europe,) I did all the things they suggested, Changing my passwords and notifying my bank.by e-mail, but Tuesday, the transactions went through. Pay Pal explained that they had no way to stop them, I would have to give affidavits to my bank on each, and after they received their affidavits, (Pay Pals) they would return the money to my bank, who had no obligation to dismiss the overdraft charges, and I did not get the money recredited to Pay Pal then to my bank, for almost a month. Worse, the things that were real but no longer had funds to cover caused more overdrafts that I was completely responsible for. The ones on that same Tuesday that I had no chance to cover in time.
Pay Pal did not tell me the transactions would go through. They made it sound like they had caught the fraud and stopped it that Sunday.
A second was already beginning, I quickly reported my card comprimised again and had it totally changed, my account #'s too. And I canceled the Pay Pal account completely.
The idea tha they warned me that I was being hacked made them feel they had done a great job, but they have no way to stop the action. That isn't a great anything.
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
RECENT ARTICLES ON IDENTITY THEFT
Redrawn lines between full- and part-timers at Sodexo decide who is eligible for coverage.