A new report from Spanish security vendor Panda Security has cast a fresh light on the extent and sophistication of the underground market in stolen bank details.
The report, entitled The Cyber Crime Black Market: Uncovered, explains how the illegal trade in stolen credentials has expanded into a global phenomenon, with criminals selling an increasingly diverse range of products.
"When I researched the area in 2007 there were only a few places you could do these transactions, and most of them were in Russia. But now they're everywhere, " said Panda Labs technical director Luis Corrons. "It's so easy to do this, and we as an industry are so bad at stopping them."
Corrons explained that the research was unable to put a monetary value on the vast sums changing hands as the true extent of the black market is still unknown, although the report highlights that, as well as card and account details, criminals are now selling items such as fake ATMs, card cloners, fake online stores and VPN rental.
The sophistication of the industry can also be illustrated by value-add features such as a guaranteed balance for stolen account details, discounts for bulk orders, service guarantees and try-before-you-buy options.
Prices can range from $2 (£1.25) for stolen card details to $35,000 (£22,000) for fake ATMs which can be installed over legitimate machines to harvest card numbers and PINs.
Corrons explained that several groups typically operate in this underground environment working like real companies, including those who develop the data-harvesting Trojans, those who use the malware to hack user accounts and obtain credentials, and those who buy the stolen credentials, obtain the funds and then use money mules to launder and distribute the proceeds.
"There is no silver bullet to stop this, but at least we should have the police involved so that criminals think twice. The problem is that at the moment they don't need to think twice," he said.
"Trying to close the forums doesn't work because others can spring up, so we need to go after the bad guys."
Corrons called for better co-ordination of policing at an international level, and the setting up of an Interpol-style organisation tasked with investigating internet-based crime. But he warned that it is also vital to persuade lawmakers to take the problem more seriously.
"I'm a pretty positive person, but we have to be realistic. The criminals are becoming more professional with more and more resources which makes things more dangerous for us as security researchers," he said.
"Some years ago it was less likely someone would do something bad to you, but today it is more likely. This is only going to get worse."
Map selection, quick menus for grenades and healing items and automatic reload coming in PUBG update #22
Could be used for everything from search-and-rescue robots to wearable tech
Don't require the rare material being mined from the mountains of South America
IBM hopes that its new tool will avoid bias in artificial intelligence