The Garda Technologies Analytical Center (Intelligent Computer Systems Holding) has released the results of an analysis of the shadow market for Russian banks’ databases. The past is 2019
characterized by several large-scale leakage of financial customer data. Bases of financial organizations of Crimea appeared in open sale, there was a serious jump in prices for such shadows
data. The capacity of the shadow market database of the banking sector analysts estimated at an amount in excess of 1 billion rubles.
Background and methodology
Over 350 were analyzed during the study
advertisements for the sale of databases of banks and other financial organizations, which were found on the shady trading sites and social networks. Data hosted by abusers in the open
access or were there because of the negligence of the owners, were not taken into account.
Among the “paid” offers, which in 2019 placed on the market sellers, experts have identified 191 unique database of clients of financial institutions in different configuration.
The report provides impersonal statistics. Moreover, all owners of compromised data analysts of “Garda Technology” reported the leaks.
Victims of “shadow” business
Last year, 70 064 796 customers of 42 Russian financial institutions received open sales. A large part of them were federal-scale bases as well as bases
regional branches of banks. The highest-demand offers are the most rarely found – regional sorting databases.
By the number of sales bases of regional branches of banks, the unconditional “palm of primacy” was received by the Moscow region (493 thousand entries). Altai (478 thousand entries) was also included in the TOP of the leaders,
Nizhny Novgorod region with Samara (426 thousand entries) and the Leningrad region (355 thousand entries), as well as the Crimea (11 thousand entries).
Insiders are the main providers of illegal information
Analyzing the information on the completeness of the data and interviewing the sellers, the authors of the study, we can conclude about the sources of leakage.
The lion’s share of the products supplied to the information market – 91% of the data – is accounted for by the share of insiders, bank employees who cooperate with sellers. They usually sell the bases in xml format,
obtained as a result of unloading from automated banking systems (ABS) or additional CRM programs.
8% of data is provided by bank intermediaries – third-party lead generation services that offer to submit an application for selection and receipt of offers from banks, or employees of banks working on promotions
or in mobile offices. The information they provide is lists of names and contact information.
The share of information obtained through banking system vulnerabilities, database breaches or other external actions accounts for 1%. The collection of such data is usually targeted and high-budget oriented
customers. The databases contain a large amount of personal and banking information, and having a fraudster can easily simulate the actions of the client and withdraw money from his banking
Eternal values of the shadow market: “fresh” unloading and VIP data
The cost of selling the banking sector database depends on a number of factors: the prevalence of the offer, the completeness of the data and their relevance.
Above all, unique bases are valued in the shadow market. For example, fresh off-the-shelf ABS shipments: the cost of one entry from such a base varies from 5 to 2,000 rubles. Average
the cost of a unique database of banking – 334 000 rubles for 30 000 user records.
Exhausted, replicated databases that are marketed are usually re-sold and sold on a massive basis. Here, the cost of one entry, depending on the volume of purchase can reach 50 cents. at
to the freshness of the database, the dynamics of pricing for replicated databases are less dependent on completeness. For example, information about VIP clients of a regional branch of a large
Bank, with passport data, card number and current account balance, current 4 years ago (for 2015), was openly sold for 15-20 thousand rubles for a base of 20,000 records. by
The same money could be bought from a fresh base of 300,000 paid clients for 2018, but only with full names and phone numbers of clients.
However, the most complete data occur in the illegal market is extremely rare. The main body of data in the open sales is Lida, personal data sufficient for ringing.
According to the authors of the study, the market of trade credit database of financial institutions shows a constant positive dynamics, which is explained by a significant excess of demand over supply. by
Compared to 2016, databases jumped sharply. If in 2016 the maximum value of one record did not exceed 10 rubles, then in 2019 it reached up to 2,000 rubles.
The average price offer in the market in 2019 is 175,000 rubles for 45,000 data of financial institution clients.
Impactors of illegal origins
The validity and relevance of the DB are the most pressing issues for the shadow players. Marketplaces, as well as official marketplaces, maintain their registers of “conscientious” and “unfair” sellers,
provide “guarantor” services and use other methods of dealing with “violators”.
According to experts, over the past three years, the parameters of the relevance of the data sold have changed significantly and “freshened up”. If in 2016 the bulk of the database hit the market with a gap of 2-3 years,
then in 2019, the market was literally flooded with traders offering fresh downloads of information. This change is attributed, first of all, to the change of the scheme of sale on the illegal one
market. If 3-5 years ago, as sellers, most often, insiders acted, “merge” the database after leaving work, then today sellers are engaged, mainly, the intermediaries who receive the data
at once from several informants and protect their anonymity.
However, the database for 2016, which accounts for about a third of the illegal financial institutions data market, is still relevant. Most users whose data
“Leaked” to the Network, in three years did not change either passport data or account number, and their financial status also remained approximately at the same level.
Banking data shadow sales are up 25% annually
In 2019, the total value of openly sold database of financial institutions exceeded 345 million rubles. However, according to analysts of Garda Technology, the actual capacity of this market is 1 039 632
336 rubles. According to experts, the database lifecycle does not end with a single sale. On average, open market databases are sold to different buyers three times. Number of sales
limited due to market features. Spent DBs can also be sold again at a discounted price or in bulk with other databases.
Compared to 2016 data, the shadow banking market increased by 76%. Such dynamics, in comparison, correspond to the average growth rate of digital services, cloud services and the market