According to security writer Brian Krebs, an excess of stolen card data, combined with competition and innovation among suppliers, is conspiring to push prices down to $1.50 per credential set on the forums.
In his security blog, Krebs describes how he has been able to see stolen Visa and MasterCard, along with Amex and other card details, and buy them online for just $1.50 for US accounts and $4.00 for UK accounts.
And for a premium on the Rock3d.cc forum/site, he says that you can pay extra and obtain 'fullz','which are useful extra information on the cardholder, such as their date of birth and mothers' maiden name.
All this data appears to come from malware-driven botnets, which download user credentials from infected PCs, and then harvest them into databases to be sold.
The irony of the situation, says Krebs, is that as soon as you start narrowing your search on the forum, the site "starts adding all these extra convenience fees (sound familiar?)".
"For example, if I were going to buy a card stolen from anyone around the Washington, D.C. area, it would probably be from a resident of McLean, Va., which is more or less a [good] place where plenty of well-to-do folk reside", he says in his report.
"Anyway, the site found me a [a MasterCard] belonging to a McLean resident alright, but then the service wanted to tack on an extra $.60 just because I isolated my search by city and state, so raising the cost in my shopping cart to $2.10!"