You can find all kinds of services. These were things I didn't see in the last two years and we are seeing them now
technical directorPanda Security SL
"More people are doing this … so there is more competition and they have to offer new stuff to be attractive," said Luis Corrons, technical director of Panda Security's PandaLabs research team.
Credit card and banking details were once the primary fixture of this criminal industry, but today cybercriminals are getting more specific, offering a menu of options, including specific credit card brands or for cards issued in a certain country. The most expensive card details come from European and Asian countries, according to the report, "The Cyber Crime Black Market," issued by Panda Security's PandaLabs research team.
Cybercriminals who sell the information offer it a la carte with elaborate pricing structures, Corrons said. Credit card details can be purchased for as little as $2 a card. Credit card details with a guaranteed line of credit can cost as much as $80 per card. These markets operate like true economies under the rules of supply and demand, Corrons said. They have pricing wars, deals, bulk discounts and special offers. They even offer money back guarantees.
Among the services made available for consumption are bank transfers and check cashing. Commissions run from 10% to 40% depending on the amount received. If stolen bank details are used, cybercriminals charge a delivery fee between $30 and $300. According to the Panda Security report, these prices are standard and the competition comes largely from the speed of the service.
PandaLabs researchers also discovered cybercriminals starting to market their services, expanding to social networks like Twitter and Facebook. While this was surprising to the research team, the trend is unlikely to continue.
"I don't think [the use of social networks] is going to be a trend because it's very easy -- if anyone reports that kind of usage of their account in Twitter or Facebook – for any of the two companies to close it," Corrons said.
Another new service is the development and indexing of fake online stores for the purpose of stealing credit card information. With this service, a buyer pays for the Web design and implementation of a fake online store. It's a practice used by cybercriminals peddling rogueware or fake antivirus software. The store seemingly sells software or some other product that is popular to buy online and prompts the victim to enter credit card data, just like a real online store. However, the victims will never receive their purchase and someone is stealing their data. The price depends on the project.
Also available is a purchasing and forwarding service, which a customer who is apprehensive of using a stolen credit card or committing mail fraud may find useful. With this service, the provider offers to buy products for the purchaser using the purchaser's illegally obtained credit card data and then forward those products to the purchasers address. This service costs a flat fee depending on the type of product being purchased and forwarded. This is essentially an immediate form of money laundering with an intermediary.
"You can find all kinds of services. … These were things I didn't see in the last two years and we are seeing them now," Corrons said.
Corrons said more law enforcement resources and cooperation between countries is needed to address the issue. Multiple jurisdictions make cracking down on cybercriminal operations a complicated problem, he said.
"It's not just everything about resources and putting money on the table," Corrons said. "One of the main problems law enforcements finds is that when these crimes happen, usually they happen in different countries and the main problem law enforcement has is that they can't act in other countries."