Few things are as frightening to consumers as the thought of having a credit card stolen.
One moment you’re buying a carton of orange juice at your local supermarket, and the next you get a call from your credit card company alerting you that someone has just purchased $3,000 worth of plane tickets and hotels for a trip to Puerto Rico.
Yet, for all the time and money it may cost you to deal with this, it turns out that stolen credit card numbers sell for dirt cheap.
Brian Krebs, a former Washington Post writer and founder of KrebsonSecurity.com recently opened an account on rock3d.cc, a website that sells off credit card information.
“The purloined card numbers — no doubt lifted from PCs infected with data-stealing malware like the ZeuS Trojan — fetch $1.50 for U.S. accounts, and $4 USD for accounts belonging to U.K. residents,” Krebs wrote on his site.
Yes, your valuable credit card information is really only worth a buck fifty. While it may sound odd, it’s worth keeping in mind that these credit card numbers are often stolen in bulk through viruses like the one Krebs mentioned, meaning the person selling them may still be able to turn quite a profit.
However, there is some great irony in this situation. Krebs found that this particular site tacked on convenience charges as soon as he tried to narrow his search to find a credit card from a specific region that may have wealthier residents.
“[T]he site found me a card (a MasterCard) belonging to a McLean resident alright, but then the service wanted to tack on an extra $.60 just because I isolated my search by city and state — raising the cost in my shopping cart to $2.10!,” he wrote.
Apparently even black market shoppers can’t avoid extra fees.
Of course, this situation does raise one other question. How exactly does one go about purchasing stolen credit card information? Do you charge it on your personal credit card, or try to steal another credit card number to charge it to in some endless recursive loop?