Credit Card Buyers, Sellers Making Out Like Bandits

February 23, 2016

Cyber thieves who steal credit and debit card numbers are making millions of dollars in profits, fueling a global criminal enterprise marked by the high-profile data breaches of major companies such as Target and Home Depot.

On average, a batch of 50 stolen credit or debit cards can make a seller between about $250,000 and $1 million, according to new research. Those who buy them can make even more.

Thomas J. Holt, Michigan State University criminologist and lead investigator of studies to estimate cybercrime profits, said the findings should be a wakeup call for consumers and law enforcement officials alike.

The study, published online in the journal Deviant Behavior, was funded by the National Institute of Justice.

“In the past two years there have been hundreds of data breaches involving customer information, some very serious like the Target breach in 2013,” said Holt, associate professor of criminal justice. “It’s happening so often that average consumers are just getting into this mindset of, ‘Well, my bank will just re-issue the card, it’s not a problem.’ But this is more than a hassle or inconvenience. It’s a real economic phenomenon that has real economic impact and consequences.”

Holt and fellow researchers analyzed online forums in English and Russian where criminals sold stolen financial and personal information, often in batches of 50 or 100. The buyers then attempt to access the victims’ bank accounts or buy goods or services with the stolen cards.

While 50 stolen credit or debit cards can bring in as much as $1 million for their sellers, buyers, who assume more risk since they could get caught trying to use the cards, stand to gain even more. On average, a batch of 50 stolen credit or debit cards could make the buyer between $2 million (if only 25 percent of the cards worked) and nearly $8 million (if all cards worked).

In a 2014 report for the NIJ, Holt called for a more intensive, coordinated approach by law enforcement agencies around the world to attack cybercrime.

Ultimately, Holt said he hopes to help protect consumers from the potentially disastrous effects of identity theft and credit fraud.

“My goal is make people cognizant of just how much their personal information means, how much value there is,” Holt said. “If we don’t understand the scope of this problem, if we just treat it as a nuisance, then we’re going to enable and embolden this as a form of crime that won’t stop.”

Holt’s co-authors were Olga Smirnova, assistant professor at Eastern Carolina University, and Yi Ting Chua, doctoral student in criminal justice at MSU.

Source: Michigan State University

Get Insurance Journal Every Day

Latest Comments

  • February 23, 2016 at 4:04 pm
    Rich says:
    I need to fine tune this article for accurate numbers. They just do not add up!!!
  • February 23, 2016 at 3:02 pm
    Rosenblatt says:
    No way, Jack! You're not getting any of that unless you also request my CVV code, my mother's maiden name and my social security number. Nice try though :D
  • February 23, 2016 at 1:43 pm
    Wild Bill says:
    These numbers don't seem to add up. Even at $2,000,000 for 50 cards, that's $40,000 per card. This is higher than the limit on most cards and seems to assume no action by the... read more
See all comments

Add a Comment

Your email address will not be published. Required fields are marked *


More News
More News Features