European card fraud declining thanks to chip-and-pin security -TEISS® : Cracking Cyber Security

IoT / European card fraud declining thanks to chip-and-pin security

European card fraud declining thanks to chip-and-pin security

The chip-and-pin system used in Europe is helping to protect the European credit-card system from fraud. A study of underground marketplaces used by cyber criminals by Joe Stewart, director of Malware at Dell SecureWorks, and independent researcher David Sheer, found that European credit card numbers fetched more on the marketplace than US numbers.

Ben Feinstein, director of Counter Threat Unit (CTU) operations and analysis at Dell SecureWorks (pictured), says: “We suspect that there are two factors going on here: one is the relative supply of those numbers. But it is also the adoption of the chip-and-pin technology on those credit card numbers, which tends to make it more difficult to steal in the first place.”

A stolen Visa or MasterCard in the US was being sold for $4, while the same card was being sold in the EU or Asia at $15. There had also been a decrease in the selling rate for US credit cards as opposed to European cards compared to a similar study back in 2011. Feinstein says: “The market rate for a stolen US credit card number declined by 30 to 40 per cent since our last study. A lot of what drives the prices is supply and demand. There really seems to be a glut of US-based credit card numbers that are for sale in the marketplace, which drives the market price for those numbers down.”

Hackers were also selling personal details such as cardholders’ dates of birth and social security numbers, which enabled them to answer additional security questions along with a duplicate credit card. The study also revealed that personal identities for non-US residents sold more than the identities for US residents, and that online banking credentials were under threat and up for sale.  The username and password for an online bank account with a balance between $70,000 and $150,000 could be purchased for $300 or less, depending on which banking institution held the account. This was substantially lower than the study in 2011, which found bank account credentials with balances of only $7,000 going for the same price.

Malware used to steal information from a computer could be bought for as little as $50, while infected computers where financial credentials could be harvested from were sold for $20.  According to Feinstein, business should apply industry best-practice security controls, including basic methods such as firewalls, intrusion detection systems, malware protection solutions and making sure the environment is being monitored.

He says: “With the financial services within a company – whoever does payroll and accounts receivable –  consider applying additional security for those systems, even going so far as to have a separate computer system to run payroll.”

Dell SecureWorks recommends that people use a dedicated computer to conduct their online banking and bill paying, and avoid activities such as emailing and surfing the web on it to avoid potentially malicious malware.

It also recommends that people reconcile their banking statements on a regular basis with online banking and/or credit card activity to identify potential anomalous transactions that may indicate account takeover.


Get the latest cyber news in your inbox

Join our community of cyber professionals today!