Credit & Debit Card information extracted by hackers earned a huge premium

In 2009 although there was economic crisis in the country but credit card information, wrongfully extracted by hackers, earned a huge premium in the grey market, it was more than double the price in comparison to a year earlier.

In some cases, data encrypted on the magnetic strip of credit cards was sold at six times more. The sites using username and password such as PayPal where account holders can with draw cash fetched around $600 per account.

Whereas in the past one year the bank credentials like account numbers, net banking transaction access codes and personal account passwords have become little cheaper. Also the e-mail passwords have also become cheaper over the past one year.

According to a leading web security firm Symantec credit card information along with the card verification value (CVV) — was for $30 per card during 2009 against $12 in 2008. CVV is the three-digit number on the opposite side of the card and is a must for making online transactions.

The data encrypted on the magnetic strip of a credit card, referred to as credit card dumps, contains the primary account number and the expiration date as well as card-holder’s name. Each credit card issuer has its own standards for encoding this information. The highest price for such information increased to $140 per card in 2009 against $25 per card in the previous year.

However during 2008, the user name and password of sites, including PayPal, referred to as cash-out services were sold at 50% of the total value of the cash that could be siphoned off from a single account but in 2009 the prices increased to $600 flat.

But the price of bank account information dropped from $1,000 in 2008 to $850 in 2009. During the same period e-mail accounts were sold at $20 on the higher side during 2009 against $30 in the previous year. Officials from Symantec said: “Credit card info and bank accounts still top advertised items in the underground economy. However, credit card dumps saw a marked increase in advertisements.”

Abhinav Karnwal, product marketing manager, APEC Trend Micro, pointed out, “Popularly called underground economy, there are a set of hackers who deploy various malicious methods to extract sensitive data from unsuspecting PC users. Having extracted a sizeable volume, they advertise on various sites to sell them. The potential of financial gain from these data determines the price for any set of information.”

Then there are hackers who just want to make money by selling stolen information. Mr Karnwal said, “The ones that steal the information may not always want to use them and, therefore, remain unidentified. Hence, they are satisfied with selling them in the underground economy. The ones that buy them are capable or intend to take more risks than the ones that steal the information... Interestingly, there are two distinct sets of people.”

He explained, “Prices of credit card information have gone up because credit limits offered were raised over the past one year. Prices of bank account information have declined because it is becoming increasingly difficult to use bank information to siphon off funds”.

He added, “Prices are also dependent on factors like average credit limits on cards in specific countries. For example, credit card information in the US will fetch higher prices than those in India or Bangladesh. In contrast, bank account or debit card information from countries like India will fetch more money than in the US since Indians have a propensity to save and, therefore, likely to have more funds in their bank accounts than an average US citizen”.