Reports on payment card intrusions and theft are often fragmentary. The focus is on various pieces of the attack and less about capturing the end-to-end cycle of compromise, data theft, illicit sale and use. The full scope of attacker activity traditionally occurs beyond the view of any one group of investigators. Incident response teams may have visibility into the technical aspects of the breach itself, while cyber crime researchers monitor the movement and sale of stolen data in the criminal underground.

https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf