For hackers, selling the stolen payment data of Europeans has proven much more lucrative than that of Americans. This is especially true with software-generated credit card data—commonly known as a “random” in the security world—where hackers use software to create valid account numbers, expiration dates, and verification codes.
According to a new report from McAfee Labs, a research division of Intel Security, software-generated payment information from the European Union is worth $25-$30 per account, up to six times more than comparable information from the US ($5-$8). Across the board, the financial data of Americans commanded the lowest rates when compared with data from the UK, EU, Canada, and Australia.
The data of Americans have become less valuable simply because there is now so much of it. “Recently we have seen some major breaches hit US retailers resulting in the loss of millions of cards,” Raj Samani, Intel Security’s chief technical officer, tells Quartz. “This had an effect on the prices where literally overnight we saw the price of stolen US cards tumble dramatically.”
The going rate on the black market increases with the amount of data accompanying a payment card. The holy grail is what hackers call “fullzinfo”—including card owners’ full names, billing addresses, PIN numbers, social security numbers, mother’s maiden names, and dates of birth—which can sell from $30 apiece in the US to $45 in the EU.
Below are the ranges, in US dollars, provided by McAfee for fraudulently obtained Visa, MasterCard, American Express, and Discover data across regions.
|Card number with security code||US||UK||Canada||Australia||EU|
|With bank ID number||$15||$25||$25||$25||$30|
|With date of birth||$15||$30||$30||$30||$35|