Online criminals spent more than €219 million buying stolen credit-card and bank-account data over a 12-month period, fueling a thriving underground market for consumers' identities, a study has found.
Potential worldwide losses from compromised accounts could have been as much as €4.2 billion, the Cupertino, California- based company Symantec said today in the report.
Symantec, the biggest maker of security software, tracked the behaviour and marketplaces used by online criminals between July 1st, 2007, and June 30th.
The scope of the fraud, carried out by loosely allied groups in North America and organised crime rings in Eastern Europe, presents challenges for law enforcement, Symantec said. The report also spotlighted the fragmented nature of the crimes: The sellers of account information can be different from those who stole it.
“There's money in this marketplace that's separate from actually compromising and laundering the accounts themselves,” Vincent Weafer, vice president of Symantec Security Response, said in an interview.
“We are seeing people willing to pay more for quality goods. If I can provide the name, address and validation numbers, then it can be sold for more.”
The going rate for a bank, credit-card or online-gaming account can range from $10 to $1,000, depending on the account's balance and whether it includes the user's personal identification number and other validating information, he said.
Stolen credit-card information, purported to have an average credit limit of €31,000, represented 59 per cent of all accounts advertised for sale, Mr Weafer said.
Buyers paid more for corporate cards and credit cards from the European Union and United Arab Emirates, because the accounts had higher spending limits, he said.
Bloomberg