Credit-card fraud's business model
What does a criminal mastermind do with 130 million credit-card numbers? How exactly do fraudsters make money? Rico Gagliano reports.
A credit card is swiped through machine at a Chicago toy store. (Tim Boyle / Getty Images)
More on Crime - Law
Links
- No soup for you, credit card thief
Scott Jagow on the Scratch Pad blog.
TEXT OF STORY
Tess Vigeland: So riddle me this. What does a criminal mastermind, assuming you call them that, do with 130 million credit-card numbers? How exactly do fraudsters make money? Marketplace's Rico Gagliano looked into the business model.
RICO GAGLIANO: Well that's easy, right? Pick a number, log on to Amazon and start buying stuff. Jonathan Penn is vice president at Forrester Research. He says it's a bit more complicated. In fact...
JONATHAN PENN: Complicated, I don't think, does justice to the level of maturity of the economy around stolen data.
He describes a network of players at different levels. "Harvesters" -- like, allegedly, Albert Gonzalez -- fall somewhere in the middle of the network. They make their money by stealing all those millions of data records and selling them to wholesalers. And the wholesalers then sell the records online, one at a time, to other criminals.
PENN: And it goes, you know, it can go for a few cents for a record, it may be 10 times that. You know, credit-card numbers on their own are worth less than credit-card numbers in conjunction with other personal information -- like your name, your social security number, or even things like your pet's name.
Wired.com Senior Editor Kevin Poulsen knows all about what happens next. A former hacker, he created Wired's security blog Threat Level. He says criminals take the stolen records they've purchased, and program them onto the magnetic stripe of, say, old gift cards.
KEVIN POULSEN: They'll use anything, they'll use phone cards, anything that has a magnetic stripe on it. And if it's a case where PIN numbers were stolen, then they can go to an ATM, put the card in the ATM, put in the PIN and pull out cash from people's accounts.
Poulsen says most recent examples of that scam, and similar ones, allegedly involved Gonzalez.
POULSEN: With this latest indictment, Gonzalez now ties up every major credit or debit-card breach we know about over the past 5 years. It all comes back to him.
If so, this still isn't the end of data theft. Jonathan Penn of Forrester research says it's estimated to be a multi-billion dollar market, possibly even bigger than the illegal drug trade.
In Los Angeles, I'm Rico Gagliano for Marketplace.
Comments
Comment | Refresh
From cincinnati, OH, 08/31/2009
This is an unnerving trend, with more people disclosing personal information on social networking sites, they open themselves up for fraud and targetted emails. With many people out of jobs, I expect the problem to get worse. We need a public education program (beyond the nightly news) to help the average joe with home security to the small business owner to setup complex firewalls and a culture of security..
www.fmgonline.com
Post a Comment: Please be civil, brief and relevant.
Email addresses are never displayed, but they are required to confirm your comments. All comments are moderated. Marketplace reserves the right to edit any comments on this site and to read them on the air if they are extra-interesting. Please read the Comment Guidelines before posting.
You must be 13 or over to submit information to American Public Media. The information entered into this form will not be used to send unsolicited email and will not be sold to a third party. For more information see Terms and Conditions and Privacy Policy.