According to the latest bi-annual security report from Symantec, fake US credit cards are now being sold for as little as a dollar a pop, whilst a full set of ID information - enough to make a fraudulent credit card application it is claimed - is going for as little as $14.00.
"Cyber criminals continue to refine their attack methods in an attempt to remain undetected and to create global, co-operative networks to support the ongoing growth of criminal activity," the Internet Security Threat Report noted.
In its report, Symantec claims to have tracked, for the first time, the trade of stolen confidential information and captured data being sold on underground Web servers.
These, the IT security firm says, are networks used by hackers and criminal organisations to sell stolen information, including social security numbers, credit cards and associated PINs, as well as e-mail address lists.
On the underground networks, US-based credit cards, complete with a CVV, are reportedly available for between a dollar and $6.00, whilst `ID packs' range from $14.00 to $18.00 each.
Symantec reckons that 4,943 bank cards were sold over these networks in the last six months of 2006, mostly from US-based banks.
Also being sold on the underground networks are online bank accounts with a $9,900 balance for $300; PayPal accounts for between $10 and $500 dollars, and a list of 2,900 e-mail addresses for $3.00.
So where does all this data come from? Phishing and infected computers, says Symantec.
All in all, the report comes as a bit of an eye-opener, even for this jaded IT security journalist...