Prices for stolen information plummet

Share this article:

The black-market price for stolen credit and debit card details has dropped to as little as $1.50, according to a newspaper investigation.

In an investigation by the Sydney Morning Herald, it was found that that almost anyone on the internet can buy stolen payment card details for as little as $1.50 (for Australian details), and $2.50 American and English cardholder information.

For credit card accounts in Britain and the United States, the cybercriminal salesmen claim to be able to bypass some of the latest anti-fraud protection, including Verified by Visa. And free samples of the stolen data are available, although key information is kept hidden to preserve its resale value.

The hackers also offer a surprising level of detail about their victims, such as a customer's bank account number, mother's maiden name, Social Security number, date of birth, driver's license number, as well as answers to security questions.

Yuval Ben-Itzhak, chief technology officer with Finjan, said: “Our research team spotted this not inconsiderable trade in stolen payment card data back in the late spring...At that time, however, the going rate was around $15 a pop, so the rate has clearly fallen, perhaps because of the glut of this kind of data being sold on the internet.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.