The report, entitled `High Tech Crime Trends 2014,'suggests that the scale of card fraud in Russian-speaking circles is very large, but is also highly organised.
According to Ilya Sachkov, the CEO and founder of Group-IB, the awareness of high-tech crime in the financial services business is very important, but it does require a deep technical analysis and understanding of criminal schemes.
These leading-edge technologies, he says, allow crime to act quickly and anonymously. Card fraud, says the report, has no rules and bureaucracy, with crime now having the opportunity to ignore borders and freely break the law.
The use of crypto-currencies and the shadow Internet, he explained, contribute to the development of high-tech crime.
Delving into the report reveals that the market for stolen credit card data over the last year has finally been structured and now features mass automated distribution channels in the form of electronic trading platforms.
"Professional wholesalers, who specialise in massive theft of credit card information in retail chains and online retail, engage in wholesale supply of stolen data on these platforms, receiving an average of half of the amount of retail sale of the card details," says the report.
The trading platforms, the Group-IB report notes, offer automated purchase of two types of stolen information: credit card text details (eg card number, expiration date, name of card holder, address, CVV) and dumps (eg contents of credit card magnetic stripes).
"The market value of a credit card dump is on average ten times higher than the cost of credit card text details. This is because dumps offer greater opportunities for fraudulent transactions. So, with the dump of a credit card, an attacker can make a physical duplicate of that card and conduct operations in offline points of sale, buying expensive electronics, luxury goods, medicines and other goods to be subsequently sold in a secondary market," notes the analysis. The report quantifies the scale of the fraud when it says there are now five major stores selling credit cards online. Located in the Russian-speaking element of the Internet, the study says that investigation reveals that the stores sell the data of an average of 200,000 credit cards a year.
Based on the premise of a single card costing an average of £12 (US$ 20) and one in every three people buying these card credentials being able to steal money from them, Group-IB says that the average amount stolen from these cards is £1,240 (US $ 2,000). From these figures, the report concludes that annual card fraud losses in the Russian language market are approximately £420 million (US$ 680 million).
Is this figure realistic?
According to Keith Bird, UK managing director for Check Point, the scale and value of credit card fraud is not a surprise given the vast amount of credit card data the industry has seen stolen in the breaches at various large retailers during 2014.