We’ve all seen the news reports about consumer credit card data being stolen as a result of a major retailer, card network, payment processor, gaming company, etc., having its network breached by hackers. But unless you were directly affected, the details of the crimes and the scope of the damage were likely quickly forgotten.
For example, you may not recall that 94 million credit card accounts were exposed when hackers broke through the firewalls of TJX Companies, Inc. – the holding company for T.J. Maxx and Marshalls – in late 2006 or that 134 million more accounts were breached when Heartland Payment Systems’ records were compromised by spyware in 2008. There are indeed countless examples, including more recently when, in 2011, an attack on the PlayStation Network unearthed 12 million unencrypted credit card numbers, along with 77 million accountholders’ full names, e-mails, and home addresses, costing Sony millions.
All in all, online theft of credit card information affects millions of people each year, does perhaps billions of dollars in damage as a result of unauthorized transactions, service interruptions, rebuilding efforts, and declining consumer confidence, and helps fuel a booming secondary market where consumers’ spending power and personal information are up for sale to the highest bidder.
That’s what makes CloudeyeZ’s recently launched project to monitor the sale of stolen credit card data on underground Internet forums in real time so exciting. The program mines data from seven major English-language hacker hangouts and publishes weekly updates on an Underground Activity Index. The overarching goals are to match stolen data to a particular breach, provide unique insights into the supply and demand for consumer credit data, and ultimately deal a major blow to cyber financial crime.
The following are some of the most interesting factoids unearthed thus far that caught my eye:
- U.S. VISA cards are by far the most prevalent on the black market, representing at least 75% of the supply on each of the forums monitored by CloudeyeZ, which isn’t that surprising considering that Visa is the world’s largest card network with 302 million cards in circulation and a nearly 50% market share, according to Card Hub statistics.
- Each forum lists more than 15,000 U.S. credit cards for sale.
- Unlike Visa, MasterCard, and American Express cards, which are priced fairly uniformly across forums – Visa (roughly $2.60 per card), MasterCard ($3.30), and Amex ($2.80) – Discover cards range anywhere from $1.50 to $3.15 per card.
- It’s surprising that Amex cards weren’t the most expensive given that they are used largely by affluent consumers. The fact that MasterCard credit cards appear to be the most pricey perhaps indicates that MasterCard’s security is more advanced than its peers.
Nevertheless, you have to wonder how representative CloudeyeZ’s data is as well as how long the project can remain viable. While the company has somehow managed to obtain access to some of the Web’s secretive, password-protected online hacker communities, its targets are technologically advanced and have a huge stake in not being monitored or caught. They’re undoubtedly aware that someone is watching, given the media coverage of the project, which means it’s only a matter of time before they flock elsewhere or implement new security measures if they have not done so already. Indeed the potential cracks in CloudeyeZ’s plan speak to the traditional struggle between cyber criminals and law enforcement: Can the good guys keep up with the advancements in thievery?
That question remains to be answered, but in the meantime there are a number of steps you can take to minimize your risk of becoming a victim.
- Regularly monitor your accounts: Not only can regularly reviewing your financial accounts help you spot transactions that you didn’t make or other red flags of fraud, but it will also give you a better sense of your spending habits and help with budgeting.
- Check your credit reports: You’re entitled to a free copy of each of your major credit reports (i.e. Experian, Equifax, and TransUnion) each month, and exercising it increases the likelihood that you’ll notice if someone opens a financial account under your name or runs up large unpaid balances.
- Change your passwords: While a sophisticated hacker might still be able to circumvent a properly password-protected account, using a combination of letters, numbers, and cases and switching things up every few months can help keep the vast majority of cyber criminals at bay.
- Be wary of sharing financial information online: Never share financial information with companies or individuals who contact you first or send account numbers and the like via e-mail.
- Stay on top of the news: If a large batch of credit card numbers is stolen, knowing about it as quickly as possible will allow you to close your accounts and limit damage.
At the end of the day, it’s also important to realize that fraud only impacts roughly 0.05% of all credit and debit card transactions, so while it pays to remain vigilant, you shouldn’t let the threat of credit card crime control your life.