October 19, 2015 - Stolen credit and debit card details are being hawked for as little as $5 per account on the dark web, according to research from Intel Security.
With data breaches two-a-penny in the US, the average estimated price for hijacked debit and credit card information ranges from just $5 to $30 for US account holders. Prices in the UK and Europe start at $25, rising to a maximum $45.
Prices rise when the offering includes additional information that allows criminals to accomplish more things with the core data. This includes data such as the bank account ID number, the victim's date of birth, and information categorised as "Fullzinfo", including the victim's billing address, PIN number, social security number, date of birth, the mother's maiden name, and even the username and password used to access, manage, and alter the cardholder's account online.
Bank login credential continue to command the highest prices in the dark market. Bank IDs and stealth funds transfers to UK banks range from $700 for a $10,000 account balance, to $900 for a $16,000 account balance.
Online payment service login credentials are priced between $20 and $50 for account balances from $400 to $1,000; between $200 and $300 for balances from $5,000 to $8,000.
"Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior," says Raj Samani, CTO for Intel Security EMEA. "This 'cybercrime-as-a-service' marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay."