Psst, want skimmers? Hot bank account numbers? Card cloners? Here's a price list.
Online payment card fraud is on the rise, according to a January 2011 report issued by Panda Security called "The Cyber Crime Black Market: Uncovered." The cyberworld has sophisticated marketing, sales and distribution systems churning out newer and better ways for their clients -- hackers and thieves -- to obtain your credit card and banking data and profit from it.
The most common way they get credit card data is by embedding spyware programs on computers. These programs log and track keystrokes and capture usernames, passwords and PIN numbers and send the information back to hackers who sell it on the black market for surprisingly little money. A working credit card number, for instance, fetches as little as $2.
For a look at some of the pilfered credit card-related data available on the black market -- with labels written as a black marketeer might -- see below.
The criminal operations have grown to resemble their legitimate counterparts, with specialized niches for workers and increasingly sophisticated markets. "These types of markets operate in line with the normal laws of supply and demand," the Panda report states. "There are competing prices, additional services are offered, free trials, money-back guarantees if the data doesn't work (or if the account doesn't have a guaranteed minimum balance) … even anonymous shopping by third parties."
"If there are vulnerabilities, fraudsters will find them and modify their behavior and exploit them. This has the effect of keeping the payment industry on its toes," says David Fish, a senior analyst at Mercator Advisory Group, a payment card industry research company, which issued a report on the changing dynamics of credit card fraud prevention. Fish says the use of chip-and-pin technology embedded in credit cards in Europe has thwarted many criminals who try to use stolen or cloned credit cards at brick-and-mortar stores. That leaves the United States a more attractive target, because that technology is not available in the U.S., and may not be for years.
Cybercrime experts say consumers often can't even tell their credit card information has been copied.
"If your computer is compromised, that means that even if you change your password, they will have the real one as soon as you type it in, " says Luis Corrons, technical director at Panda.
Consumers worried about losses from cybercrime can be reassured that federal laws and the major card networks, such as Visa and MasterCard, have rules in place to protect credit and debit card users. Federal law limits credit card and debit losses from fraud to $50 if consumers report losses in a timely manner. The card networks have zero liability policies, but also require timely notification.
Banks and merchants are logging major losses from cybercrime. According to the CyberSource 2011 Fraud Report, online revenue losses due to fraud in North America was $2.7 billion in 2010 -- down from 2009's $3.3 billion level.
Experts advise consumers to monitor closely their account activities for suspicious or unauthorized activity. Other security precautions include:
- Keep anti-virus and firewall protection and Web browser programs up to date on your home and work computers.
- Avoid accessing banking or personal e-mail accounts when using free Wi-Fi services because it is easy for criminals to capture your personal data over wireless connections.
- Don't use ATMs that have devices over the card insert slot. Be suspicious of machines that look like ATMs, but don't distribute cash. Notify your bank if you think your card's data has been stolen