The Rippleshot Data Breach Blog

Study Reveals How Much Cyber Thieves Are Willing to Pay for a Batch of Stolen Cards

Written by Kaleigh Simmons | Apr 13, 2017 3:40:11 PM

In one of the first scientific studies analyzing the international market for stolen data, Michigan State University criminologist Thomas Holt found that a batch of 50 stolen credit or debit cards can make a seller between $250,000 and $1 million on average. While those earnings certainly aren't small potatoes, they pale in comparison to what buyers can net from the illegal data itself: From that same batch of 50 cards, a buyer can swindle card companies and cardholders out of approximately $2 million if only 25 percent of the cards work — and nearly $8 million if all cards work.

The study points out that the buyer also assumes most of the risk from the transaction. After all, he or she is the party most likely to be caught and prosecuted for the illicit card use. But when weighed against the massive potential gains, that risk seems to be one that many cyber thieves are willing to take. This has become increasingly evident in the wake of the 30 percent spike in e-commerce fraud the U.S. witnessed during 2016.

The full study, available here, describes the underground illegal financial data market in great detail over the course of 156 pages. Here are 10 noteworthy highlights:

  1. The study used a sample of 1,889 threads from 13 different forums. Business was conducted in Russian for 10 of the 13 forums and in English for the remaining three.
  2. Victims originated from around the world, but the majority were from the U.S. and Europe.
  3. Sellers created threads advertising payment card information as you might any product, including information about pricing, payment preferences, and contact details.
  4. Data dumps were the most common product sold on the forums, followed by CVVs.
  5. Visa and MasterCard were the most common cards for sale.
  6. Most sellers utilized electronic payment through vendors such as WebMoney or Liberty Reserve (which has since dissolved).
  7. Forums also sometimes utilized escrow payment systems in which a trusted third party on the forum held payment until the buyer received the product.
  8. Buyers used the term "ripper" within threads to describe sellers who had sold them a batch of cards without delivering a satisfactory product upon payment, thus warning other potential buyers away from those sellers.
  9. The price of data depended in large part on the reputation of the forum and/or seller. In higher risk forums, data was cheaper — and sellers had a much higher risk of doing business with a ripper.
  10. All contact finalizing transactions took place outside of the forums, primarily through internet relay chat (IRC).

While the level of sophistication within the financial cybercrime sector revealed by the study is eye-opening, don't become too alarmed. The very existence of such a study is indicative of a big step toward in the right direction. As the saying goes, it's important to "know thy enemy." Holt's pioneer researching about cyber criminal activities has paved the way for more to come — and with it hopefully a more effective means of shutting down cyber crime altogether.

In the meantime, detecting cards at risk of seeing fraudulent activity as quickly as possible is still paramount to reducing losses and customer disturbances. Learn more about our latest way to help you analyze your card portfolio by risk - Fraud Forecast.