The Marketing and Sales of Stolen Data

Part of the Palgrave Studies in Cybercrime and Cybersecurity book series (PSCYBER)


This chapter outlines the general practices and products offered by vendors within the 13 forums sampled that constitute markets for stolen data. The most common products sold were dumps, or credit/debit card numbers, followed by CVV data, which includes credit card numbers and the three- or four-digit pin number located on the back of the card. There were a range of prices observed for these products, and differences in the nature of products sold based on the language used within the forum and the number of complaints received against disreputable vendors. The chapter concludes with a discussion of the difference in price observed by country for multiple products offered within the markets.


Dumps CVV Ripping Trust Price 


  1. Brenner, S. W. (2011). Defining cybercrime: A review of federal and state law. In R. D. Clifford (Ed.), Cybercrime: The investigation, prosecution, and defense of a computer-related crime (3rd ed., pp. 15–104). Raleigh, NC: Carolina Academic Press.Google Scholar
  2. Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the creation, distribution, and function of malware on-line. Technical Report for National Institute of Justice. NIJ Grant No. 2007-IJ-CX-0018. Retrieved from
  3. Dhanjani, N., & Rios, B. (2008). Bad sushi: Beating phishers at their own game. Presented at the Annual Blackhat Meetings, Las Vegas, NV.Google Scholar
  4. Franklin, J., Paxson, V., Perrig, A., & Savage, S. (2007). An inquiry into the nature and cause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, 2007, Alexandria, VA.Google Scholar
  5. Herley, C., & Florencio, D. (2010). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In T. Moor, D. J. Pym, & C. Ioannidis (Eds.), Economics of information security and privacy (pp. 35–53). New York: Springer.Google Scholar
  6. Holt, T. J. (2013). Exploring the social organization and structure of stolen data markets. Global Crime, 14, 155–174.CrossRefGoogle Scholar
  7. Holt, T. J., & Lampke, E. (2010). Exploring stolen data markets on-line: Products and market forces. Criminal Justice Studies, 23, 33–50.CrossRefGoogle Scholar
  8. Holt, T. J., Smirnova, O., & Chua, Y.-T. (2013). An exploration of the factors affecting the advertised price for stolen data. eCrime Researchers Summit (eCRS), 2013, pp. 1–10. IEEE.Google Scholar
  9. Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6, 891–903.Google Scholar
  10. Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the underground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer security—ESCORICS (pp. 1–18). Berlin and Heidelberg: Springer.Google Scholar
  11. Honeynet Research Alliance. (2003). Profile: Automated credit card fraud. Know Your Enemy Paper series. Retrieved from
  12. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2011). An analysis of underground forums. IMC’11, 71–79.Google Scholar
  13. Newman, G., & Clarke, R. (2003). Superhighway robbery: Preventing e-commerce crime. Cullompton: Willan Press.Google Scholar
  14. Symantec Corporation. (2012). Symantec Internet security threat report, Volume 17. Retrieved from
  15. Thomas, R., & Martin, J. (2006). The underground economy: Priceless. ;login: The Usenix Magazine, 31, 7–17.Google Scholar
  16. Verision. (2012). 2012 data breach investigations report and executive summary. Retrieved from
  17. Wehinger, F. (2011). The Dark Net: Self-regulation dynamics of illegal online markets for identities and related services. Intelligence and Security Informatics Conference, 209–213.Google Scholar
  18. Whitty, M. T. (2013). Anatomy of the online dating romance scam. Security Journal, 28(4): 443–455.Google Scholar
  19. Whitty, M. T., & Buchanan, T. (2012). The online romance scam: A serious cybercrime. CyberPsychology, Behavior, and Social Networking, 15(3), 181–183.CrossRefGoogle Scholar

Copyright information

© The Author(s) 2016

Authors and Affiliations

  1. 1.Michigan State UniversityEast LansingUSA
  2. 2.East Carolina UniversityGreenvilleUSA
  3. 3.Michigan State UniversityEast LansingUSA

Personalised recommendations