Over the last 15 years, research has demonstrated that a robust, global illicit marketplace exists for the sale of personal information acquired through data breaches and other forms of hacking. There is particular emphasis on the sale of financial data (e.g., credit/debit card numbers) as this information can be used to commit various forms of economic crime, including credit card fraud and identity theft. Identity-related offenses involving stolen financial data are both the most common and fastest growing forms of consumer fraud on the Internet and engender significant economic harm to corporations and individual consumers alike. Despite the constant state of data breaches and growing number of illicit stolen data markets, few have examined the pricing structure of online financial data products to assess vendor unreliability. Research suggests stolen data vendors use the price point for a given item as a signaling mechanism to express their credibility. The lack of price structure analyses on stolen data products may be a result of the complexities involved in accurately measuring products’ price point. In addition, few have explicitly examined stolen data vendors’ signaling practices in relation to products’ price point on both the Open and Dark Web, as well as across different types of markets within the same analysis. Understanding the relationship between signaling behaviors and vendor unreliability is important as it could help investigative operations differentiate substantive mechanisms and practices from less concerning noise in terms of identifying serious market actors from those that pose lower levels of threat. Relatedly, a deeper understanding of vendors’ signaling behaviors at both the product and vendor-level would assist law enforcement devise effective intervention strategies targeted at disrupting the online illicit marketplace. From a theoretical perspective, such research also extends understanding of traditional criminological theory by illustrating its ability to explain emerging forms of crime and deviance. Given this gap in the literature, the current study explored the signaling mechanisms of 1,055 stolen data products across 40 vendors on the Open (n = 8; 20%) and Dark Web (n = 32; 80%). Specifically, the current study used a signaling theory framework to examine whether vendors’ differential use of product-level (e.g., detailed product information) and vendor-level indicators (e.g., payment methods, customer service features, customer feedback mechanisms) predicted stolen data price points. The research and policy implications of this study in understanding the signaling behaviors of online stolen data vendors are explored in detail.
Read
