Stolen credit card numbers going for A$21 to $40
- 15 October, 2015 15:26
Stolen credit and debit card data can be purchased for as little as $21 in Australia, according to a new report.
The McAfee Labs report, The Hidden Data Economy, found that the average price for stolen credit and debit cards online ranged from A$21 up to $40.
Bank login details for an account containing a balance of $2,200 were on offer for $190.
Account login credentials for accounts containing a balance of $400 to $1000 were estimated to cost between $20 and $50, while login credentials for accounts containing $5000 to $8000 ranged from $200 to $300.
According to the report, researchers found a value hierarchy in how payment card data is packaged, priced and sold online.
For example, a basic offering includes a software-generated, valid number that combines a primary account number (PAN), expiration date and a card verification value (CVV) number.
However, prices rise if there is more information. This includes data such as the bank account ID number, the victim’s date of birth and information categorised as 'Fullzinfo'. This 'Fullzinfo' includes the victim’s billing address, PIN number, social security number, date of birth, mother’s maiden name and username/password.
According to Intel Security CTO Raj Samani, a cyber criminal who has the digital details of a credit or debit card can buy items and withdraw cash until the victim contacts their bank and challenges the charges.
“Provide that criminal with extensive personal information used to verify the identity of a card holder, or even allow him to access the account and change the information, and the potential for extensive financial harm – to the individual and card issuer – goes up dramatically,” he said.
In related news, the average economic impact of cyber crime on Australian organisations increased from $4.2 million last year to $4.9 million this year, according to the Ponemon Institute’s 2015 Cost of Cyber Crime Study.
The study examined the costs incurred by 28 Australian organisations that were victims of cyber crime. Costs ranged from $792,932 up to $18 million.