- Crime Lab
- Crime Scene
- Death Penalty
- Digital Forensic Insider
- Digital Forensics
- Evidence Collection
- Expert Forensic Voices
- Forensic Anthropology
- Forensic Psychology
- Impression Evidence
- Medical Examiner
- Mobile Forensics
- Police Procedure
- Sexual Assault Investigations
- Witness Testimony
If you’ve ever noticed strange activity on your credit card statement, a call to the bank for a new card is usually all that’s required. But, credit card fraud has become more than just a minor nuisance for consumers across the world, according to a recent study.
Cyber thieves regularly steal, and then sell, credit card numbers online netting millions of dollars in the process.
A Michigan State University study documented illegal profits gained by cybercriminals in recent hacks. Criminologist Thomas Holt, the lead author of the study, said the findings should be a wake-up call for consumers and law enforcement alike.
“It's a real economic phenomenon that has real economic impact and consequences," Holt said.
According to his work, which focused on largescale breaches like the Target attack in 2013, stolen credit card numbers can be easily bought and sold in online forums. A batch of 50 stolen credit cards might net anywhere from $2 million—if only 25 percent of the cards worked—to nearly $8 million, according to the study.
“If we don't understand the scope of this problem, if we just treat it as a nuisance, then we're going to enable and embolden this as a form of crime that won't stop,” he said.
In 2014, Holt and a colleague analyzed 13 Internet forums that advertised stolen credit cards. Here’s what that research uncovered:
- Visa and MasterCard were the most common cards for sale.
- The average advertised price for a stolen credit- or bank-card number was about $102.
- The average price for access to a hacked eBay or PayPal account was about $27.
- Ten forums were in Russian and three were in English, although the forums were hosted all around the world.
Holt and his team demonstrated the need for a more “intensive, coordinated approach” by law enforcement agencies around the world to attack cybercrime.