Canadians often worry that we suffer by comparison to our neighbors to the south. But in one category we’re way ahead: The value of our stolen data.
According to a report released this morning by Intel’s McAfee Labs division, in certain categories on the Dark Web stolen Canadian credit card data was worth more than those from Americans — at least at the time of the study, which was done earlier this year.
For example, the average estimated price for stolen credit and debit cards was $20 to $40 in Canada compared to $5 to $30 in the United States (all figures in U.S. dollars). By comparison stolen credit card information averaged $20 to $35 in the United Kingdom, $21 to $40 in Australia, and $25 to $45 in the European Union.
Prices varied depending on whether the stolen data includes bank account ID number, the victim’s date of birth, billing address, PIN number, social security number, date of birth, the mother’s maiden name, and even the username and password used to access, manage, and alter the cardholder’s account online.
It also outlines that at the time of the study
• Bank login credentials for a $2,200 balance bank account was selling for $190.
• Bank login credentials plus stealth funds transfers to U.S. banks was priced from $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance.
• Bank login credentials and stealth funds transfers to U.K. banks ranged from $700 for a $10,000 account balance, to $900 for a $16,000 account balance.
• Online payment service login credentials were priced between $20 and $50 for account balances from $400 to $1,000; between $200 and $300 for balances from $5,000 to $8,000.
The report was issued, Intel says, to “combat the sense of apathy” among the public and organizations it says has come from regular reports of data theft. It quotes one U.S. online columnist who argues people shrug off news of these attacks because financial institutions cover any losses by victims.
But, Intel says, “disillusionment may be understandable given the steady stream of breach notifications and stories detailing the theft of millions of records, it is important to recognize that this is data about us …we as a society should be concerned when we receive notifications of breaches.”
The information in the report comes from examining sites on the Dark Web that sell stolen data. Intel cautions that there is no honor among thieves and that some of the claims by sellers of what they have may not be true. But the point is more people should be concerned about their data and what can be done with it if stolen.
The report outlines that not only is standard credit card data available, but also the maximum customer balance on the cards that thieves can drain — and some cards are advertised as being chip-enabled. Some sellers promise to replace cards that do not provide the advertised balance.
Hacked online payment service accounts, online entertainment accounts (like HBO, sports, premium porn), bank-to-bank transfers, personal medical information and access to systems within organizations’ trusted networks are also sold.
Even free accounts can be valuable to thieves — think of a hotel loyalty account with thousands in points. (Admittedly, the example cited in the report wasn’t worth much — $20 — but the point is the same).
“When we read about data breaches, the cybercrime industry may seem so far removed from everyday life that it is tempting to ignore the message,” the report concludes. “However, cybercrime is merely an evolution of traditional crime. We must conquer our apathy and pay attention to advice for fighting malware and other threats. Otherwise information from our digital lives may appear for resale to anyone with an Internet connection.”