The thieves’ supermarkets where stolen credit card details are on ‘buy one, get one free’
Posted by horasio on May 5, 2009
Consumers’ credit card details are being bought and sold on criminal websites on a “buy one, get one free” basis for a few pounds each, according to researchers at Which?
The websites, called “carder forums”, offer full credit card details complete with the cardholder’s billing address and date of birth for as little as $12 (about £8). Card details with the three-digit security code were available for as little as $2 to $5, the research, published in Which? Computing, found.
One seller on a carder forum was offering a “buy 500, get 500 free” deal on credit card details for “today only”.
The criminals running website were estimated to be earning around $10,000 (£6,800) a day.
Just as on legitimate websites, customers left feedback on the goods they had bought, with many praising the “quality” of the stolen data, Which? said. “I bought 500 cards and he [the seller] gave me 100 bonus,” wrote one satisfied customer.
“I am very happy with this vendor, there was 95pc approval” – meaning that almost all the transactions attempted with the stolen credit card details were authorised. “Thanks, you are the best.”
Feedback on another member, who was bulk-selling credit card details, read: “Nice work, man … 99pc valid. Keep it up!”
The forums provide additional services to help buyers of credit card details, enabling them to produce actual credit cards or to change the billing address to one of their choosing. The websites are usually hosted abroad and the criminals use sophisticated technical tools to keep their identities hidden, the report found.
The websites ensured that they are not conned themselves by insisting on upfront payment, usually via money transfer services.
The Serious Organised Crime Agency (Soca) is fighting this type of crime by trying to stop money changing hands. A spokeswoman told Which?: “We need to find out how the money is moved around the internet, because this is purely a financially motivated crime.
“If we cut this off at the pass and stop people realising that money, then that’s a long-term global impact.”
**Personal identities on sale for less than a can of cola
The market for stolen personal information, including credit card details, names addresses and dates of birth, grew to such an extent last year that a price war seems to have developed, according to the annual Symantec Internet Security Threat Report.
It found that criminals were targeting individuals for financial gain “more than ever before”.
Investigators said the UK suffered the second highest level of malicious online activity in the Europe, the Middle East and Africa (EMEA), with 11 per cent of the region’s total. Germany topped the league with 14 per cent.
Credit card information was the most sought after, with details selling for as little as 40p, although some could fetch £20. Bank account details sold for as much as £675, whilst full identities could be bought for between 50p and £40.
Guy Bunker, of Symantec, said: “This recession-proof underground economy is reaching such a level of growth and maturity that there are signs of a price war developing, as online criminals find it increasingly easy to steal private details, and barter to sell them for bargain prices.”
The report covered more than 200 countries and investigators monitored hacker communications to get a picture of the internet black market in stolen information.
Mr Bunker said the world of online crimes was no longer the preserve of “spotty teenagers” and had become increasingly sophisticated.
He said last year researchers found 1.6 million malicious threats – where something harmful to the computer was downloaded – which represented 60 per cent of the total detected by the firm in 27 years.
Symantec said it had also observed a 192 per cent increase in spam across the internet as a whole, to 349.6 billion messages in 2008.