Financial Details Cost As Low As $5 on the Dark Web
Intel Security, which now owns McAffee, released a report this week entitled “The Hidden Data Economy.” It should be worrisome for, well, every adult with a credit card of any sort.
You hear about these breaches here at Hacked.com and other websites, places like Target letting millions of credit card details get stolen, offering credit protection and such as a result. But where do all these details end up? According to the report, the same place as everything else that can’t legally be sold on eBay: the dark web.
But let’s be clear: nothing about this is new, and the dark web is just a more modern analog to black hat BBS and IRC groups that existed many years ago. Basically as long as humans have been
communicating with each other, so have thieves. The report says that the going rate of a credit card is between just $5 and $30 in the US. In the UK and Australia, between $20 and $40. The European Union has the highest average prices, being between $25 and $45.
The prices vary based on how much information the buyer wants with each card they’re buying. The $30 high end of the US market, for instance, would mean the buyer would then have all the details they could need to use the credit card in some anonymous fashion, like online shopping or simply using the card to verify for some other service.
US Accounts Globally Cheaper
The report details that there are various ways the data is collected, including magnetically. They explain that there are two tracks on a mag strip, one which has user information and the other which has account information. Together, these make up all that’s necessary to use a card. Some cards are even sold with account login information, however, making them even more useful to the thief.
It is not explained in the report why US accounts seem to cheaper than those in other countries, but it could simply be the laws of supply and demand: after the Target and several other breaches in recent years, there are far more US accounts floating out there than others.
Bank accounts and online payment accounts are also for sale, depending on their balance. An online payment account containing up to $1000, for instance, goes for no more than $50.
The reader may wonder why the people who breach the accounts don’t simply make use of them on their own, and whether these details are actually delivered. As noted in the report, they are not always delivered.
Some sellers will not provide the data after purchase. After all, whom will the buyer complain to in the event that the stolen information is not delivered? However […] many sellers will deliver stolen card information with all associated information.
As to why people may choose to sell access to these accounts rather than use them on their own, the answer is a simple matter of risk. It’s far less risky to sell the accounts on an anonymous dark web market than it is to actually go around using compromised financial details in transactions, and likely more profitable.
Images from Shutterstock.