CNet News’ Robert Vamosi has an interesting interview about credit card data thieves with Tom Rusin, “president of North American operations at Affinion Group, a company that monitors the criminal underground for several thousand banking institutions by lurking in carder chat rooms.”
“Carders” are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores. Affinion is one of the largest identity protection companies in the world, with offices in more than a dozen countries. Over the years, it has provided a wealth of information to the U.S. Secret Service and the FBI. A few weeks ago, Affinion identified .Mac users who found themselves victims of a phishing scam.
While scrolling through posts in an online underground criminal forum on his laptop, Rosin explained that since “every American keeps some money in their savings account,” unlike when stealing credit cards, debit cards grant thieves immediate access to cash. Next in demand are usernames and passwords because “most people use the same password on the sites they visit.” […]
There is a predictable pattern. Often, the [credit card data] purchasing individual will first run a $1 transaction through to a charity–say, the American Red Cross. Once that transaction is authenticated, a flood of illegal purchases cascade in until the card account is shut down.
That’s an example of what’s known in the business as an “account takeover,” the most common use of personal information, in which thieves start using your active account without your knowledge. The effect is immediate, and the losses can be large.
Vamosi has more of his interview with Tom Rusin in the Security Bites podcast.