Lea MUnyonIS3350 assignment 81The potential value of engaging in cybercrime would not exist without a market for stolen data. As with any legitimate market system, the unit value of goods and services fluctuates with supply and demand. Massive exposures of magnetic stripe data in recentyears (hundreds of millions in our caseload alone) have effectively flooded the information black market, saturating it with “dumps,” or credit card magnetic stripe sequences sufficient for counterfeit. This market saturation has driven the price down to a point where magnetic-stripe information is close to worthless. The value associated with selling stolen credit card data have dropped from between $10 and $16 per record in mid-2007 to less than $0.50 per record today.As supply has increased and prices fallen, criminals have had to overhaul their processes and differentiate their products in order to maintain profitability. In 2008, this was accomplished by targeting points of data concentration or aggregation and acquiring more valuable sets of consumer information. The big money is now in stealingpersonal identification number (PIN) information together with associated credit and debit accounts. Thus, we saw an explosion of attacks targeting PIN data in the previous year. These PIN-based attacks hit the consumer much harder than typical signature-based counterfeit attacks. This is because PIN fraud typically leads to cash being withdrawn directly from the consumer’s account—whether it is a checking, savings, or brokerage account. Furthermore, PIN fraud typically places a larger share ofthe burden upon the consumer to prove that transactions are fraudulent. This makes therecovery of lost assets more difficult than with standard credit-fraud charges.Technology standards are sometimes set aside for the sake of business expediency. This introduction of variance into the IT operating environment may serve to increase
Lea MUnyonIS3350 assignment 82the risk of compromise. Furthermore, businesses preparing for sale may find reducing operating expenses including cutbacks to IT and security spending—a convenient way to help the balance sheet at the time of sale. Finally, new ownership may alter (by mandate or by culture) the acquired organization’s tolerance for information risk.Anyone responsible for safeguarding corporate information assets knows there are countless ways in which sensitive information will find its way into the wrong hands. Though sometimes one-dimensional, data breaches are more often the result of a series of intertwined and orchestrated events.