The theft of debit and credit card information has become a lucrative business, but sometimes the individuals that engage in the stealing are not so eager to user the information they got their hands on.

Luckily for them, there's an alternative: selling the information to other crooks that are more adept at bleeding bank accounts dry and are ready to take the risk for doing it - end everybody wins.

Webroot's Dancho Danchev has recently uncovered a seemingly well-established outfit for selling stolen card information - so much so that the crook behind the scheme has set up a professional-looking e-shop.

The shop is advertised on a number of carding forums, and the crook can be contacted only via ICQ.

The page itself looks great: a good - and apparently changeable - design, and a shop whose functionality does not seem to differ much from any other legitimate one - shopping cart and all (click on the screenshot to enlarge it):


The e-shop also has a helpful search engine so that the customers can find exactly what they need.

"The service is currently offering 9,132 stolen credit cards for sale, and has already managed to sell 3292 credit cards to prospective cybercriminals," Danchev says, and points out that the going rate for a sample stolen credit card depends on whether the card is debit or credit. The former go for $16, and the latter for $30 per item, but there are also discounts to be had for bulk purchases.

For those of you wondering why the owner of this shop would sell credit card data for $30 a pop when he can probably extract ten or twenty times as much from the compromised accounts, the answer is risk forwarding.

"Instead of manually verifying the balance of the cards, he’s focused on bulk orders and forwarding the risk of getting caught to the prospective customers of his services," Danchev concludes.