Data thieves use rooms, known as “channels,” to trade and sell access to eBay and PayPal accounts, hacked home computers, and airtime on Internet-based telephone networks.

Need to know the answer to a cardholder’s “secret question”? How much money you can siphon before the credit limit is breached? These “carder” chat rooms are the place to go.

Thomas, whose information was listed on the chat room for the perusal of dozens of online thieves, had no idea that such places exist.

Reached at the home phone number posted in the chat channel, the 22-year-old college student said she had lost $600 after being lured to a fake PayPal Web site just one week earlier, and had canceled her credit card just two days before. Like many other victims of “phishing” — the use of official-looking e-mails and Web pages to trick people into divulging financial information — Thomas was stunned that her data was being openly traded online.

“I can’t believe that people are allowed to do this kind of thing,” she said. “Why can’t [the authorities] do anything about this?”

The answer may be that the economics of online fraud — which has such low start-up costs that luring only a few victims to divulge personal financial data can turn a huge profit for the perpetrator — are so much in favor of the criminals that, at least for now, a continued increase in phishing activity is all but certain.

The number of online financial scams grew dramatically in the fall of 2004, driven in part by the proliferation of online fraud forums and phishing software that help users automate the design and deployment of their scams, according to the Anti-Phishing Working Group and other security experts.

More here.