The Department of Justice (DoJ) has put out a report in May entitled “Data Breaches: What the Underground World of ‘Carding’ Reveals” [PDF].

Carding, defined as “a process to verify the validity of stolen card data” is used by thieves to determine if the stolen card is still active. [Wikipedia] The term “carding” has also been expanded to include the theft and fraudulent use of credit & debit card numbers via other schemes such as hacking and phishing. The report looks to large scale data breaches and the organized “carding” organizations that exploit the stolen data.

The new DoJ report indicates that the trading of individual pieces of sensitive information is being overshadowed by “identity packages” with multiple types of sensitive information. In addition, criminals are aiming for large scale breaches affecting thousands or millions of people. Given that stolen information can disseminate quickly over the Internet, criminals can profit quickly from the fraud - often before the theft is even detected.

Pricing for Sensitive Information (first half of 2007):

• Credit card information: $0.50 to $5.00 per card
• Bank account information: $30.00 to $400.00
• Full identity information: $10 to $150.79

The report gives examples of some of the well-known carding forums, about legislation, and about challenges & solutions to the issue. You can download the report here [PDF].

Via: emergent chaos, network world ; Image credit: cohdra @ morguefile ; Tags: carding, carding organizations, card forums, carding forums, credit card fraud, fraud, breach, data breach, data breaches, identity theft, security