It seems to be the general consensus that very few of the accounts stolen from online scams, keyloggers, and phishing actually ever get used. By comparing the FTC's data (about 180,000 cases of identity fraud from possible online vectors) with my last year's estimate of how many accounts have been compromised you get about 2% of accounts that have been compromised actually get defrauded (so far). Assuming I'm full of crap (an assertion I wouldn't dispute) and my estimate was ten-fold higher than reality (an assertion I would dispute), that still means 20% of accounts compromised get used. Credit card information has a street value, and one estimate I heard was that you get $50 USD per good account.
Two questions for readers:
Do you agree that most of the accounts stolen online never get used?
Why do you think that is?
I'll post a montage of responses later in the day and include my thoughts.
Mar 17th 2006
1 decade ago