UK personal banking data for sale

Evidence is coming to light that personal banking details of British citizens are being offered as free trials by criminals operating over the internet. According to the TimesOnline:

Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow.

This comes amid continuing concern over the disappearance of two disks containing the personal details of some 25 million people. Parents who receive state benefits are starting to receive letters from the British tax office warning them about identity theft. The letters advise citizens to check with their bank to ensure that unauthorized amounts are not being withdrawn.

The scale of the threat should not be under estimated. According to The Guardian:

On one publicly accessible website selling everything from stolen credit card details to fully operating pornographic websites, scores of vendors are lined up selling UK, European, US and Canadian bank details. It is a marketplace which illustrates the international nature of the illegal trade. The website is registered to the Cocos Islands, an Australian territory in the Indian Ocean consisting of two atolls, 27 coral islands and fewer than 1,000 residents. The salespeople are contactable through email addresses routed through servers in Russia and the USA. Most use Yahoo accounts or communicate through ICQ, an untraceable instant messaging programme.

As an indication of how rampant this kind of crime is becoming, it took me less than five minutes to discover a website operating from an Indian domain claiming to offer details how to hack CVV2 numbers from credit cards. These are the security codes which are printed on the back of credit cards as a secondary check that the user is who they say they are. Another simple search offered advice on how to hack a bank server.

The situation is becoming so serious that Richard Thomas, the UKs Information Commissioner is to ask British lawmakers for wide ranging powers to raid both business and government premises. In the meantime, British police seem powerless to protect citizens. Again from the TimesOnline:

Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”