The Cost of Online Banking Fraud … for the Perpetrator

A report from McAfee called "Cybercrime Exposed" provides insight into what it costs to operate cyber fraud.

For instance, the price of a zero-day threat (malware that exposes a hitherto unknown vulnerability in a computer system) for Apple's mobile operating system ranges from $100,000 to $250,000. Malware that attacks Android devices in zero-day style costs a comparatively low $30,000 to $60,000.

For the busy, budget-constrained fraudster who wants to make sure his newly created malware won't be blocked by antivirus software, outsourcing services will test the software against dozens of such packages for fees as low as $30 a month or 15 cents per check. Website hosting is offered by "bulletproof" providers that are willing to turn a blind eye to malicious use of their services; pricing typically ranges from $50 to $400 per month.

For the supremely lazy cybercriminal, there are a variety of hacking-as-a-service options that will do most of the work. Password cracking services will find out a victim's email password, given a name, email address and fee. Denial of service providers will launch DDoS attacks at the target website of your choice for as little as $2 per hour.

And credit card account information can be bought on the web relatively cheaply as well, the report points out. Information about a Visa Classic card without a PIN number goes for about $15. At the high end, fraudsters might pay $200 for account information, including a PIN, about a Visa Premier card with a good balance.

So the cyber fraud business is enjoying the cost savings and convenience promised by cloud computing. Banks could follow their lead in this one area, by using the cloud more for basic computing needs, such as cloud-based office tools and analytics.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER