Hackers selling credit cards for £13 online

Credit card security

Crime does pay: Intel's McAfee has revealed what hacked bank account credentials and other stolen data are selling for online.

McAfee's researchers trawled the web looking for stolen payment cards and bank logins, revealing in a report that the average price for a stolen credit card from the UK is $20 to $30 (13 to 19).

To make such a sale, criminals will need the account number, expiration date and security number from the back of the card. They aren't always stolen; some are generated randomly.

Prices increase if the seller has your date of birth, billing address and other key details.

"A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges," said Raj Samani, CTO for Intel Security EMEA. "Provide that criminal with extensive personal information which can be used to verify' the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual."

If your banking details are stolen, criminals will sell them for as much as 450 for an account holding 6,500.

Hackers aren't only stealing and selling your financial data - the researchers also found a hotel loyalty account with 100,000 points on sale for 13.

McAfee also revealed the prices for content services, with account login details for streaming video such as Netflix selling for less than 65p, while a premium comic book account is worth 36p on average. McAfee suggested the lower prices suggest criminals have automated their theft to make the business model profitable.

"Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior," said Samani. "This cybercrime-as-a-service' marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay."

The pricing data follows news of 20 million stolen from UK bank accounts via a banking trojan spread by the Dridex botnet.