With impeccable timing.
Criminal organizations in Mexico have branched out into a lucrative new market and revenue stream: big data. They have developed innovative practices to obtain sensitive user information by lifting data from the databases of government agencies such as Condusef, Consar and Buró de Crédito. They call bank customers and spoof on the caller ID screen the phone number of the bank they claim to represent. To gain the target’s trust, they give the credit card security code to the target and ask if it matches what they see on the back of their card. And it goes from there. Now, they’re about to be gifted an invaluable cache of data: the biometric identifiers of Mexican bank customers.
In recent years, Mexico has become a haven for the black market of stolen personal data of all kinds — enough to earn it ninth place in PriceWaterhousecooper’s latest list of “economic crime” hot spots. According to Symantec, in 2015 Mexico lost 101.4 billion pesos ($6.7 billion at the prevailing exchange rate) in breaches, identity theft, and other unlawful cyber activity per year, about 12 times more than the total annual losses from fraud committed against banks.
A large part of the problem is the widespread impunity cyber criminals enjoy in the country, owing to the absence of adequate legal tools and the lack of enforcement of the existing laws. Cyber theft in Mexico is not just the preserve of isolated hackers but is dominated by highly professional criminal organizations. According to Sebastian Brenner, a security strategist for Symantec Latin America, these are “very well structured groups, with experts for every stage of the process: infiltration, capture, commercialization.”
Now, these criminal organizations are eying the most personal data of all: the biometric identifiers of millions of Mexican bank customers…