What’s it worth to you?

Credit and debit cards with a chip and antenna allow you to simply wave a card at an RFID (Radio Frequency Identification) reader to complete a transaction without using a PIN.  The transaction’s amount is usually limited to $50 (more for some cards), which is convenient at a gas pump, grocery store or fast food restaurant.  Unfortunately, it also allows a thief to use a concealed card reader to steal information stored on the card’s chip while the card is still in your wallet or purse. It’s “electronic pick-pocketing”.

You might say, “It’s only $50 or $100 so who would want to bother stealing my card’s information?”  However, the stolen information is distributed through the Internet to organized crime.  The card is usually cloned by the thousands in a matter of days and spread like a virus internationally, all without the need of your PIN… and without your knowledge that your card has been compromised until it’s too late.

Credit card issuers claim that there is no liability to you for any illegal transactions as a result of the card’s data being stolen.  In effect, there is no cost to you.  Wrong! We all pay for criminal activities, particularly for theft through illegal purchases made on our credit and debit cards by the thieves who steal our card data.  The cost is simply built into the fees and interest rates. In addition, any amount of stolen data is too much.  It’s your private information. It belongs to you and you alone… until it is stolen and sold to others who will use it for their own illegal gains.

What’s it worth to thieves?

Thieves can buy and sell credit and debit card details through the black market for as little as $2 per card* and this is just for the basic information found on the card. That’s one of the reasons why this form of “electronic pick-pocketing” got started and there is so little risk of being caught. Cloned credit cards can sell for as little as $180 per card on the black market.  Machines for cloning credit cards can be bought for $200 to $1,000. The thieves who buy the cloned cards go on a shopping spree using each card for purchases under the set limit whereby a PIN is not required… and until the card is eventually refused at an RFID reader or the would-be purchaser is challenged by a retail clerk.

Of course, additional data can only be obtained through hacking into a database of credit or debit card accounts.  An example is the recent cyber-attack on Target Store’s credit card accounts. This involves a higher risk for a hacker, but with so much more stolen information the price goes up to $80 per card record if a thief wants a verification of the available credit limit or the bank balance. The price can jump to $700 if the “guaranteed balance is more than $80,000… and as high as $1,500 per card if the stolen record has a history of e-commerce purchases.  That alone sets the stage for a huge on-line shopping spree.  Now you know what it is worth to thieves.

* $2 per card and other amounts per card were obtained from “The Cyber Crime Black Market Uncovered”, a report written by Luis Corrons, technical advisor of Panda Security. Luis Corrons is on the Board of Directors of AMTSO (Anti-Malware Testing Standards Organization).  Luis Corrons is also reported to be one of the top 10 security experts followed on Twitter.