This paper summarizes findings and recommendations of a study that examined how hackers who have obtained credit card information from business websites are buying and selling financial products, including credit cards, in bundles via online forums.
The study determined that 13 of these easily accessible Web forums were hosted around the world; 10 were in Russian, and 3 were in English. Visa and MasterCard were the most common cards for sale. The average advertised price for a stolen credit card or bank card number was approximately $102 dollars. The average price of access to a hacked eBay or PayPal account was about $27. Based on these findings, the study recommends a combination of changes needed to prevent the theft of financial data. First, corporations and financial institutions must be more transparent when their data are stolen. Second, law enforcement must develop new techniques and strategies for investigating the forums, since they are organic and collegial. Eliminating the central sellers will not disrupt the networks. Third, consumers who shop from home computers must be more aware of the dangers and take steps to protect themselves.
Box 6000, Rockville, MD 20849-6000, United States