Cyber thieves who steal credit and debit card numbers are making millions of dollars in profits, fueling a global criminal enterprise marked by the high-profile data breaches of major companies such as Target and Home Depot.
Thomas J. Holt, Michigan State University criminologist and lead investigator of one of the first scientific studies to estimate cybercrime profits, said the findings should be a wakeup call for consumers and law enforcement officials alike.
The study, published online in the journal Deviant Behavior, was funded by the National Institute of Justice.
“In the past two years there have been hundreds of data breaches involving customer information, some very serious like the Target breach in 2013,” said Holt, associate professor of criminal justice. “It’s happening so often that average consumers are just getting into this mindset of, ‘Well, my bank will just re-issue the card, it’s not a problem.’ But this is more than a hassle or inconvenience. It’s a real economic phenomenon that has real economic impact and consequences.”
Holt and fellow researchers analyzed online forums in English and Russian where criminals sold stolen financial and personal information, often in batches of 50 or 100. The buyers then attempt to access the victims’ bank accounts or buy goods or services with the stolen cards.
On average, a batch of 50 stolen credit or debit cards can make a seller between about $250,000 and $1 million.
Buyers, in turn, assume more risk (since they could get caught trying to use the cards), but also stand to gain more. On average, a batch of 50 stolen credit or debit cards could make the buyer between $2 million (if only 25 percent of the cards worked) and nearly $8 million (if all cards worked).
In a 2014 report for the NIJ, Holt called for a more intensive, coordinated approach by law enforcement agencies around the world to attack cybercrime.
Ultimately, Holt said he hopes to help protect consumers from the potentially disastrous effects of identity theft and credit fraud.
“My goal is make people cognizant of just how much their personal information means, how much value there is,” Holt said. “If we don’t understand the scope of this problem, if we just treat it as a nuisance, then we’re going to enable and embolden this as a form of crime that won’t stop.”
Holt’s co-authors were Olga Smirnova, assistant professor at Eastern Carolina University, and Yi Ting Chua, doctoral student in criminal justice at MSU.