Over the past 15 years, the hacking industry has evolved from being individually-driven to being carried out by complex organizations that are well-organized, more efficient and better equipped to capitalize from stolen credit card data.
As each new large-scale hack emerges and gains widespread attention, the incentives for more hacker markets increase, thus underscoring the fact that credit card hacks are becoming ubiquitous and are imminent for most Americans.
Non-profit national security think tank RAND Corporation recently released a study entitled “Markets for Cybercrime Tools and Stolen Data” in which the evolution of cybercrime and its now more modernized global operations are discussed in great detail.
Here are five takeaways we’ve identified from the study:
1.) Black and gray cybercrime hacker markets continue to emerge as its proven to be an extremely lucrative business with relatively low investment and minimal barriers to entry.
2.) Black market hacking organizations are difficult to identify and understand by law enforcement, as they are geographically spread out, diverse, segmented, and usually hidden under anonymity and encryption.
3.) Black cybercrime markets mirror the normal evolution of a free market – in both innovation and growth. There has been a steady increase in the availability of goods and services offered by black cybercrime markets, from stolen records and exploit kits to “stolen-to-order” goods, such as intellectual property and zero-day vulnerabilities.
4) There will be more activity in darknets, more checking and vetting of participants, more use of cryptocurrencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions.
5) Exploitation of social networks and mobile devices will continue to grow, and there will be more hacking for hire, as-a-service offerings and brokers as the markets grow in size and complexity.
Given the information provided by the study, questions remain around how we can suppress and/or prevent such hacks from taking place. RAND Corporation suggests “mandates for encryption and point-of-sale terminals, safer and stronger storage of passwords and user credentials, and implementation of ‘chip and PIN in the U.S.'”
Paymetric develops best-in-class electronic payment acceptance and data security solutions. As RAND Corporation suggested, storing sensitive cardholder data on-site leaves your systems vulnerable to attacks by hackers.
XiSecure® On-Demand for Cardholder Data is our award-winning proprietary tokenization solution that eliminates the transmission and storage of sensitive data in your internal systems, dramatically improving data security and minimizing the risk of a data breach and brand exposure. Click here to learn more about our data security solutions.