Your Information and the Black Market
Whether it’s through the news or a personal letter from a business, we’re constantly learning about new data breaches. A record 1,500 significant data breaches were reported in 2014 a 78 percent increase over the previous year, and often times it takes awhile for business and organizations – let alone their customers – to realize a breach has occurred. According to a recent Verizon report on cybersecurity, about half of cyber attacks take a month or longer to discover. Following the announcement of a breach come the apologies and promises of new security systems and ID monitoring membership services to consumers. But what actually happens to all of that stolen information?
Fraudsters take this data to the “dark web,” selling it for all its worth on the black market. The abundance of data makes it easier to get and cheaper to use. Credit card numbers are one of the most readily available pieces of data on the market, and can sell for less than, say, a “World of Warcraft” account, which isn’t as easy to come across. With an arsenal of compromised accounts, identities, and social engineering, the market to buy this data is growing at an alarming rate. It’s not just about one Social Security Number or address being stolen – they’re being put together in different combinations by cybercriminals as part of their evolved methods of stealing data and creating new ways of committing fraud.
Whether it’s financial, health, or retail, a variety of industries have experienced data breaches. That also means fraudsters have a variety of information at their disposal, including phone numbers, addresses, passwords, online accounts, and more. Depending on the kind of data breach, your health records, texts, and IP locations can even be accessed. Fraudsters are able to cull through this information, along with your digital footprint, to package together details for authentic identities, selling all these on the market anywhere from $1 to $450.
Criminals have even gone as far as putting together synthetic identities, where they take real pieces of information from different identities to create a new, fictional identity that can’t be traced back to a real customer name. They then use this identity to make purchases and open new accounts. Fraud doesn’t necessarily happen immediately after a synthetic identity is created – a fraudster may gain trust by building good credit history before going on that spending spree. Even more challenging for businesses, most fraud and security filters aren’t sophisticated enough to detect synthetic identities because it draws from real information.
The influx of information out there and the fast pace at which cyber criminals can move means that consumers need to take a close look at all their personal accounts, credit reports, and statements. For businesses, that means only two types of businesses exist now: those that have been hit by fraud and those that will be hit by fraud. They need to have the right security systems in place not only to protect their business and customer information, but also the infrastructure to detect when fraudulent transactions are being attempted. Fraudsters move quickly – so you better move even quicker.