Kim Zetter wrote a great piece for Wired called Confessions of a Cybermule. It's the story of a criminal who converted stolen credit card numbers into actual cards, then withdrew money at ATMs. In the words of the article:
They are the mules of electronic fraud, filling a vital role at the intersection of the virtual and the real: converting stolen account information into cold, hard cash.
That's a central challenge for digital criminals. The criminal, who in the story uses the nick John Dillinger, started out converting credit cards into cash this way:
Dillinger got several stolen credit-card numbers and spent two months traveling California with a partner, buying high-end laptops and reselling them. He'd never had disposable income, and got a rush from entering a store with a credit card stamped with someone else's account and walking out with expensive products.
Later Dillinger created fake cards for use at ATMs:
[A] spammer collected hundreds of account numbers, then distributed them to Dillinger and other "cashers" who encoded them onto blank plastic cards with an MSR206 and fanned out to hit ATMs. In two days, Dillinger says he collected $20,000 using the counterfeit cards and stolen PINs.
He wired the money, minus his take, to the Russian via Western Union. The operation lasted only a couple of weeks, though, before Western Union started blocking the money transfers.
This guy was a small fish:
U.S. Postal Inspector Greg Crabb confirmed that Dillinger was involved in cashing, though he and other investigators Wired News spoke with consider him relatively small-time compared to other cashers who made hundreds of thousands of dollars. This could explain why authorities didn't arrest Dillinger in 2004 when the Secret Service nabbed dozens of carders and identity thieves in a yearlong sting operation that targeted Shadowcrew and other carding sites.
This is why addressing the threat is important:
Dillinger said weeks before he was arrested that he was tired of cashing. "It's hard. It's scary," he said. "I don't want to get arrested. You go to ATMs, your picture's being took. You always have to look over your shoulder. Even when you're done with it, for the rest of your life pretty much you've got to look over your shoulder."
If law enforcement had more resources to identify, arrest, and prosecute these threats, we'd have less cybercrime.