Stolen credit card data exchange exposed

Cybercrime is more efficient and organised than ever, following the discovery of a site selling fraudulent credit card details in volume.

The underground exchange service 'SellCVV2' has been actively promoting the sale of credit card data as well as guaranteeing volume discounts for large scale fraudsters.

Prices depend on whether the card is a Classic Visa or Mastercard, a premium account such as Gold, Platinum or Business/Corporate card, and its country of issue.

It is possible to pay $38 (19) per set for card data for premium card accounts in small volumes, going down to $10 (5) for Classic card data in volumes of 100 or more.

"Customers are being offered trial set of data, as well as a guarantee on account details that do not work," said Yuval Ben-Itzhak, chief information officer of Finjan.

"The site, which appears to use Google's Blogspot service, is typical of a number of portals promoting the exchange of fraudulent credit card data.

"But what is apparent from the SellCVV2 site is the level of commercialisation involved."

Ben-Itzhak said that there was a great level of maturity and sophistication in the way the site worked, and that the problem was only going to get worse.

"As long as there are people willing to pay for this data, there will be people out there who will use their skills to steal it. That's the basics of economics, so I don't see any way that it's going to stop."

He advised businesses to keep up to data on their web security as well as make sure that users inside the company were well educated about the possible threat.

The fact that the criminals appeared to use Web 2.0 technology with a Google Blogspot page was also something which businesses had to be wary of and also keep up to date with.

"Web 2.0 services play a major role in the market today," Ben-Itzhak said. "Although they are good for people in that it is all about sharing, this also serves the bad guy as they can store malicious code."