Thursday, May 13, 2010

Credit & Debit Card information frauds fetch hackers big money



Source:3 May 2010, 0221 hrs IST,Debjoy Sengupta,ET Bureau



KOLKATA: While economies went into a tailspin in 2009, credit card information, wrongfully extracted by hackers, commanded a huge premium in the grey market — more than double the price they did a year earlier.

In some cases, data encrypted on the magnetic strip of credit cards were being sold at six times more. The username and password of sites like PayPal that accountholders can withdraw cash from, were up by $600 per account.


On the other hand, bank credentials — account numbers, net banking transaction access codes and personal account passwords — appear to have become a little cheaper over the past one year. So are e-mail passwords over the past one year.

For instance, leading web security firm Symantec says credit card information — along with the card verification value (CVV) — was $30 per card during 2009 against $12 in 2008. CVV is the three-digit number on the opposite side of the card and is a must for making online transactions.

Data encrypted on the magnetic strip of a credit card, referred to as credit card dumps, contains the primary account number and the expiration date as well as card-holder’s name. Each credit card issuer has its own standards for encoding this information. The highest price for such information was $140 per card in 2009 against $25 per card in the previous year.

User name and password of sites, including PayPal, referred to as cash-out services, were selling at 50% of the total value of the cash that could be siphoned off from a single account during 2008. During 2009, the prices increased $600 flat.

Bank account information, however, dropped from $1,000 in 2008 to $850 in 2009. Over the same period, e-mail accounts sold at $20 on the higher side during 2009 against $30 in the previous year. Officials from Symantec said: “Credit card info and bank accounts still top advertised items in the underground economy. However, credit card dumps saw a marked increase in advertisements.”

Abhinav Karnwal, product marketing manager, APEC Trend Micro, said: “Popularly called underground economy, there are a set of hackers who deploy various malicious methods to extract sensitive data from unsuspecting PC users. Having extracted a sizeable volume, they advertise on various sites to sell them. The potential of financial gain from these data determines the price for any set of information.”

There is another set of hackers who use such stolen information to extract money “The ones that steal the information may not always want to use them and, therefore, remain unidentified. Hence, they are satisfied with selling them in the underground economy. The ones that buy them are capable or intend to take more risks than the ones that steal the information... Interestingly, there are two distinct sets of people,” said Mr Karnwal.

“Prices of credit card information have gone up because credit limits offered were raised over the past one year. Prices of bank account information have declined because it is becoming increasingly difficult to use bank information to siphon off funds,” he explained.

He added: “Prices are also dependent on factors like average credit limits on cards in specific countries. For example, credit card information in the US will fetch higher prices than those in India or Bangladesh. In contrast, bank account or debit card information from countries like India will fetch more money than in the US since Indians have a propensity to save and, therefore, likely to have more funds in their bank accounts than an average US citizen,” explained Mr Karnwal.

No comments:

Post a Comment