Symantec Global internet Security threat report
Some advertisements mentioned the availability of bulk purchasing but did not mention card number volumes or pricing. this may suggest that some advertisers prefer to negotiate bulk rates on a per- customer basis rather than being locked into offering a set rate. Sellers often make a sample allotment of their credit card numbers available to potential buyers who can use a number checking service to verify that the numbers are valid. the amount of valid numbers would obviously influence negotiated rates. Considering the wide range of prices advertised, this would also allow the seller to increase his or her competitiveness and profit margins by being able to adjust the prices at any time based on rates advertised by other sellers.
As new security technologies evolve and become more commonly integrated, they may make it more difficult for criminals to obtain credit card information, which will likely reduce the utility of the information. For example, cards with a built-in code generator were pilot tested in 2009 and may provide a means of securing card-not-present purchases such as those made online.197 these cards have an integrated keypad on the back that will generate a one-time verification code whenever the correct pin is entered. Even if the card is stolen or lost, a criminal would need the pin to use the card.
Bank account credentials were the second most commonly advertised item on underground economy servers observed by Symantec in 2009, accounting for 19 percent of all advertised goods. this was the same percentage as was observed in 2008. Bank account credentials may consist of account numbers, bank transit numbers, account holder names and/or company names, and may include online banking passwords. Advertisements often include the account type and balance as well as name and location of the financial institution.
the ability to directly withdraw currency from a bank account is advantageous and attractive to criminals, who can realize a more immediate payout than with online purchases, which need to be sold to realize a purely financial reward. Bank account credentials also allow access to full balances in the bank accounts, whereas credit cards may have daily or other transaction limitations on accessing the maximum available credit. Criminals can also use bank accounts as intermediary channels for money laundering or to fund other online currency accounts that only accept bank transfers for payments.
Bank account credentials have been some of the most commonly advertised goods on underground economy servers for the past several years. As noted in the previous Symantec Global Internet Security Threat Report, the shift toward online banking provides the potentially increased availability of sensitive information through methods such as phishing or malicious code attacks, which can expose the credentials of both personal and business accounts alike.198 the availability of sensitive information will likely continue to increase as online financial transactions continue to grow, notwithstanding the recent setbacks in the availability of credit due to the recent global financial crisis.199
the advertised prices for bank account credentials depend on the account type, location, and the funds advertised as available. in 2009, prices for these credentials observed on underground economy servers ranged from $15 to $850, a slightly smaller range than in 2008 when prices ranged from $10 to $1,000. the advertised account balances ranged from $1,000 to $177,000; however, the most common advertisements were for bank accounts with balances between $10,000 and $50,000. As in previous years, corporate accounts were typically advertised for a higher price than personal accounts. these bank
197 198 199
http://news.bbc.co.uk/2/hi/8046492.stm h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f : p . http://www.comscore.com/press_Events/press_releases/2009/4/2009_State_of_Online_Banking_report 7 6