There is a fascinating 33-page paper on the underground economy of stolen data by Kimberly Kiefer Peretti of the U.S. Department of Justice, Computer Crime and Intellectual Property Section. The report explores the practice of “carding” – how credit card data is stolen and sold through a global network of criminals using online forums:
This article first provides a brief background on large scale data breaches and the criminal “carding” organizations that are responsible for exploiting the stolen data. Second, the article provides an in-depth examination of the process by which large volumes of data are stolen, resold, and ultimately used by criminals to commit financial fraud in the underground carding world. Third, this article discusses how carding activity is linked to other crimes, including terrorism and potentially drug trafficking. Fourth, this article outlines several recent investigations and prosecutions of carding organizations and the individual carders themselves. Fifth, this article examines the responses by the credit card industry and state legislatures to the recent increase in reported data breaches. Finally, this article outlines several recommendations to enhance the government’s ability to continue to successfully prosecute carders and carding organizations.
The full paper is here.