Tag Archives: online payment

How much is your stolen data worth on the dark web?

A new report reveals how much cyber criminals are willing to pay for stolen data on the dark web

Ever wondered how much your stolen data could be worth? A new report reveals the market value of all the most common types of stolen data available for sale to criminals on the dark web.

The “Hidden Data Economy” report by Intel Security Group’s McAfee Labs draws on years of close work with law enforcement, and ongoing monitoring of online platforms, communities and marketplaces where stolen data is hidden and sold – such as Alphabay and Crypto Market.

The report provides examples of how different types of stolen data are being packaged, and offers an illustration of average prices for different types of data. A few examples include:

  • Average estimated price for stolen credit and debit cards: $5 to $30 in the US; $20 to $35 in the UK; $20 to $40 in Canada; $21 to $40 in Australia; and $25 to $45 in the European Union
  • Bank login credentials for a $2,200 balance bank account: $190
  • Bank login credentials plus stealth funds transfers to US banks:from $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance
  • Bank login credentials and stealth funds transfers to UK banks:from $700 for a $10,000 account balance, to $900 for a $16,000 account balance
  • Login credentials for online payment services such as PayPal:between $20 and $50 for account balances from $400 to $1,000; between $200 and $300 for balances from $5,000 to $8,000
  • Login credentials to hotel loyalty programs and online auction accounts: $20 to $1,400
  • Login credentials for online premium content services such as Netflix: as little as $0.55

Payment card data is perhaps the most well-known data type stolen and sold. A basic offering includes a software-generated, valid number that combines a primary account number, an expiration date, and a CVV2 number.

Valid credit card number generators can be purchased or found for free online. Prices rise based on additional information that allows criminals to accomplish more things with the core data.

This includes data such as the bank account ID number, the victim’s date of birth, and information categorised as “Fullzinfo”, including the victim’s billing address, PIN number, social security number, date of birth, the mother’s maiden name, and even the username and password used to access, manage, and alter the cardholder’s account online.

Online payment service accounts – like PayPal accounts for example – are also sold on the open market, with their prices determined by additional factors.

The report claims that illegal sellers list adverts in the same way as any legitimate seller would – offering guarantees on stolen credit cards – and forums name and shame “bad sellers” who have sold stolen cards that don’t have offer up what was promised

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behaviour,” said Raj Samani, chief technology officer for Intel Security in Europe, the Middle East and Africa.

“This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

A selection of credit cards in a fan.

The news coincides with the publication of new figures from the Office for National Statistics, showing that cyber crime is now the UK’s most common offence, with 2.5m incidents in the last year.

Cyber crime was previously excluded from official statistics but its inclusion in this latest report has resulted in an overall surge in crime rates of 107 pc – over double.

The most common cyber crimes, offences committed under the Computer Misuse Act, were where the victim’s device was infected by a virus.

Tagged , , , , , ,

The death of queuing: Starbucks launches Mobile Order and Pay in UK

Starbucks is rolling out its ‘order ahead’ mobile service in the UK, eliminating the need to queue

Starbucks is launching its Mobile Order and Pay system in the UK, allowing customers to order drinks through their mobile before dropping in to pick them up.

First launched in the US last year, Mobile Order and Pay works through the My Starbucks Rewards loyalty programme in the current Starbucks app, and allows users to customise their drink and food orders ahead of placing them.

Customers can order anything currently available on the Starbucks menu through the new apps, and create the popular combinations showcased on its secret menu. Starbucks said the app could save customers between 10 and 15 minutes a day.

Currently only available on iOS, the system will draw up a list of nearby stores with approximate wait times, with an average waiting time of three to five minutes.

Once the customer pops into their selected store to collect, their completed order is called out separately to the waiting queue, eliminating the need to wait around and, potentially, the era of the poorly-scrawled name on your cup.

Customers sitting in a Starbucks who want a new drink but don’t want to leave their possessions unsupervised could effectively use Mobile Order and Pay to order a new drink without having to get up – the luxury.

The coffee chain is also planning to roll out more wireless charging padsfor customers’ mobile phones in its stores across the UK, as well as extending the partnership it has with streaming service Spotify from the US to the UK.

The new system is available to use across 150 stores in London from October 1, with the rest of the country likely to follow in the new few months.

Tagged , , ,