What is a breached credit card number worth?

As it turns out, a lot less than your username and password.

Credit and debit card numbers obtained by fraudsters through breaches at the POS used to fetch $5 and up on the dark web, to be used as counterfeit cards or used for fraudulent online purchases. But a recent webinar presented by the Aite Group, using data from Trend Micro, showed some eye-opening data, that a PAN with expiry and CVV is worth less than a quarter. Meanwhile a valid PayPal username and password is worth over $6, with Uber and Facebook username/password combinations going for around $3. What has changed?

The drop in value of credit and debit card numbers is due to the ability for neural networks such as Fico’s Falcon Fraud manager system to detect potentially fraudulent card usage, combined with credit unions and banks becoming increasingly adept at shutting down breached cards, often before the true cardholder even knows that the card number is being used someplace else.

Meanwhile, usernames and passwords have grown in value, primarily because of laziness – all too many people use the same username and password across their email, banking, Amazon, facebook, and other ecommerce and social media accounts. It is for this reason that hackers breached Yahoo’s user database to obtain half a billion accounts in 2013, and then went back for an additional billion accounts in 2014. The hackers don’t care about emails – their ambitions were much greater.

continue reading »

More News