[BreachExchange] Cyber thieves cash in big with just 50 credit cards.

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 23 11:08:46 EST 2016


http://northdallasgazette.com/2016/02/21/cyber-thieves-cash-in-big-with-just-50-credit-cards/

Online thieves who steal credit and debit card numbers are making millions
of dollars in profits, fueling a global criminal enterprise marked by the
high-profile data breaches of major companies such as Target and Home Depot.

Thomas J. Holt, Michigan State University criminologist and lead
investigator of one of the first scientific studies to estimate cybercrime
profits, says the findings should be a wakeup call for consumers and law
enforcement officials alike.

“In the past two years there have been hundreds of data breaches involving
customer information, some very serious like the Target breach in 2013,”
said Holt, associate professor of criminal justice. “It’s happening so
often that average consumers are just getting into this mindset of, ‘Well,
my bank will just re-issue the card, it’s not a problem.’ But this is more
than a hassle or inconvenience. It’s a real economic phenomenon that has
real economic impact and consequences.”

Holt and fellow researchers analyzed online forums in English and Russian
where criminals sold stolen financial and personal information, often in
batches of 50 or 100. The buyers then attempt to access the victims’ bank
accounts or buy goods or services with the stolen cards.

On average, a batch of 50 stolen credit or debit cards can make a seller
between about $250,000 and $1 million.

Buyers, in turn, assume more risk (since they could get caught trying to
use the cards), but also stand to gain more. On average, a batch of 50
stolen credit or debit cards could make the buyer between $2 million (if
only 25 percent of the cards worked) and nearly $8 million (if all cards
worked).

In a 2014 report for the National Institute of Justice, Holt called for a
more intensive, coordinated approach by law enforcement agencies around the
world to attack cybercrime.

Ultimately, Holt hopes to help protect consumers from the potentially
disastrous effects of identity theft and credit fraud.

“My goal is make people cognizant of just how much their personal
information means, how much value there is,” Holt says. “If we don’t
understand the scope of this problem, if we just treat it as a nuisance,
then we’re going to enable and embolden this as a form of crime that won’t
stop.”

Holt’s coauthors were Olga Smirnova, assistant professor at Eastern
Carolina University, and Yi Ting Chua, doctoral student in criminal justice
at Michigan State. The study, published online in the journal Deviant
Behavior, was funded by the National Institute of Justice.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160223/0ac8410c/attachment-0001.html>


More information about the BreachExchange mailing list