[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
One thing to add: This is one group, with 21,000 cards per month (that we know about) and law enforcement estimates about $500.00 per card in average loss. At that rate, in 3 months, one carding group causes $10,500,000.00 in loss. And this carding group is at the low end of the totem poll. Lance James wrote: Hi all, We took one sample of one carding/phishing forum that our Global Surveillance Center was monitoring and sampled the set into a graph that lists the top 10 banks and the losses over the last month. As you can see, it's obvious who the top credit card companies are out there, but at the same time, we can see an ever increasing on the top targets but not necessarily an increase on the lower tiers over the entire three months, but in the first two we see a significant increase in success with stolen credit cards in general. In this case, the loss that we captured (which probably isn't nearly the number captured by this forum) was a little over 21,000 credit cards. Thought this might interest some, and if this is interesting, we are going to be providing a graph of the losses of top targets with malware in the upcoming weeks. Attached is the chart. ___ General-discussion mailing list [EMAIL PROTECTED] http://mal-aware.org/mailman/listinfo/general-discussion -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://securescience.net/home/news/phishingexposed.html ** * New IntelliFound Service 2 weeks free * * Real-Time Identity Surveillance Service* * https://slam.securescience.com/signup.cgi * ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
Lance James wrote: One thing to add: correction 21,000 cards per 3 months. This is one group, with 21,000 cards per month (that we know about) and law enforcement estimates about $500.00 per card in average loss. At that rate, in 3 months, one carding group causes $10,500,000.00 in loss. And this carding group is at the low end of the totem poll. Lance James wrote: Hi all, We took one sample of one carding/phishing forum that our Global Surveillance Center was monitoring and sampled the set into a graph that lists the top 10 banks and the losses over the last month. As you can see, it's obvious who the top credit card companies are out there, but at the same time, we can see an ever increasing on the top targets but not necessarily an increase on the lower tiers over the entire three months, but in the first two we see a significant increase in success with stolen credit cards in general. In this case, the loss that we captured (which probably isn't nearly the number captured by this forum) was a little over 21,000 credit cards. Thought this might interest some, and if this is interesting, we are going to be providing a graph of the losses of top targets with malware in the upcoming weeks. Attached is the chart. ___ General-discussion mailing list [EMAIL PROTECTED] http://mal-aware.org/mailman/listinfo/general-discussion -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://securescience.net/home/news/phishingexposed.html ** * New IntelliFound Service 2 weeks free * * Real-Time Identity Surveillance Service* * https://slam.securescience.com/signup.cgi * ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
hi Lance -- interesting data! It might be worth scaling that against each bank's credit-card issuance volumes, to compensate for their relative sizes. This report -- http://www.chicagofed.org/publications/publicpolicystudies/emergingpayments/pdf/eps-2001-2.pdf -- gives these account volumes for the top 10 banks on page 33: 1. Bank One Corp./First USA 64,191 2. Citibank 40,600 3. Morgan Stanley Dean Witter 38,500 4. Capital One Financial Corp. 23,705 5. The Chase Manhattan Corp. 15,592 6. Households Credit Services Inc. 15,030 7. Providian Financial Corp. 12,400 8. Bank of America 12,000 9. Associates National Bank 8,764 10. FleetBoston Financial Corp. 7,237 (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. --j. Lance James writes: Hi all, We took one sample of one carding/phishing forum that our Global Surveillance Center was monitoring and sampled the set into a graph that lists the top 10 banks and the losses over the last month. As you can see, it's obvious who the top credit card companies are out there, but at the same time, we can see an ever increasing on the top targets but not necessarily an increase on the lower tiers over the entire three months, but in the first two we see a significant increase in success with stolen credit cards in general. In this case, the loss that we captured (which probably isn't nearly the number captured by this forum) was a little over 21,000 credit cards. Thought this might interest some, and if this is interesting, we are going to be providing a graph of the losses of top targets with malware in the upcoming weeks. Attached is the chart. -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://securescience.net/home/news/phishingexposed.html ** * New IntelliFound Service 2 weeks free* * Real-Time Identity Surveillance Service* * https://slam.securescience.com/signup.cgi * ** ___ General-discussion mailing list [EMAIL PROTECTED] http://mal-aware.org/mailman/listinfo/general-discussion ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote: (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. Wikipedia has some good ones on the 'Bank' page: -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
On Fri, 2006-05-26 at 12:49 +0100, James Eaton-Lee wrote: On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote: (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. Wikipedia has some good ones on the 'Bank' page: And the link, since I'm evidently twitchy about hitting 'send' today.. http://en.wikipedia.org/wiki/Bank#Bank_Size_Information I'm actually interested as to the source of the original data - since these are cards stolen by one carding forum, how representative are they of card theft globally.. - James. -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
James Eaton-Lee wrote: On Fri, 2006-05-26 at 12:49 +0100, James Eaton-Lee wrote: On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote: (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. Wikipedia has some good ones on the 'Bank' page: And the link, since I'm evidently twitchy about hitting 'send' today.. http://en.wikipedia.org/wiki/Bank#Bank_Size_Information I'm actually interested as to the source of the original data - since these are cards stolen by one carding forum, how representative are they of card theft globally.. What we're seeing in malware is scary for sure, we've uncovered over 2 million cards with the trojan data we monitor in the last 6 months. I would say that 21,000 is a conservative and not fully discovered number by one group, but what it does tell you is the minimum amount a group may be uncovering. - James. -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://securescience.net/home/news/phishingexposed.html ** * New IntelliFound Service 2 weeks free * * Real-Time Identity Surveillance Service* * https://slam.securescience.com/signup.cgi * ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/