In the world of financial cybercrime, there are three primary groups of fraudsters at work. First up are the developers who write the applications to grab credit card and bank account data. In the middle are the “carders” who sell the ill-gotten data to, if you will, end users. The final group consists of these users or buyers who pay for the hot data and use it to make purchases or move funds to their own accounts.
Those fighting the battles have to make tough decisions about where to focus their resources. Should they go after the developers, the carders or the end users of the stolen financial data? The answer is surely a multi-pronged approach, with different tactics aimed at flushing out and stopping each group of criminals.
Law enforcement officials recently trained their sights on the middle group. In Operation Wreaking hAVoC, the FBI worked with the Serious Organized Crime Agency (SOCA) in the U.K. and authorities in other countries to shut down 36 carder sites. (The word hAVoC reflects the Automated Vending Carts, or AVCs, which are websites used by carders to sell financial information.)
SOCA said the successful operation will reduce international financial crime by ₤500 million (or more than $800 million) in the coming years. A SOCA representative told me they came to this figure by considering the average cost of the damage that could be incurred from each piece of stolen financial data. Credit card numbers with CVV codes have a damage value of up to $500 in the U.S. or ₤200 in the U.K., he said. If a full data dump from the card’s magnetic strip is included, or if bank account details are associated with the card, the potential damages go up significantly.
Operation hAVoC is a good example of the effective ways law enforcement agencies around the world can work together to successfully combat global networks of cybercriminals. But they won’t be able to bask in their success for long. Other carders are probably already dusting off their wares and pulling their vending carts onto the streets.