A new study by NordVPN, published on Thursday, revealed some very interesting trends about payment cards sold on dark web marketplaces.
While a significant number of the cards belong to the US (58.1%), the average cost of an American card is $6.86, lower than the global average price of $7.01.
The study found that Danish ($11.54) and Japanese ($11.07) bank cards are the most expensive on average.
About NordVPN’s Stolen Payment Cards Study
NordVPN’s study examined nearly six million cards from across eight dark web markets. Apart from looking into the market dynamics and pricing of these cards on the dark web, it examines how the cards were stolen. Personal information accompanying the cards indicates that the information came from a hack or a breach, rather than just a brute-force attack.
“Over half (51.5%) of the cards came with addresses, while a significant number came with phone numbers (39.8%) and email addresses (28.7%),” the report reads.
“Few cards came with a date of birth (2.5%) or a Social Security number (1.8%) — however, this additional information would expose the victim to a significantly higher risk of identity fraud.”
A conservative estimate, according to Nord, is that 62.8% of the cards came from hacks, leaks, or data breaches. The remaining 37.2% likely were the result of brute force attacks.
However, the list of ways in which card theft happens is much longer than the simple binary. According to NordVPN, card theft can happen in physical situations and social engineering attempts as well. Apart from losing the card or someone stealing it, dumpster diving, shoulder surfing, or fraud by family or friends are all non-tech methods of card loss.
“Of course, these methods of theft can and often do overlap. One method may even lead to another — for example, a data breach leaking email addresses can lead to a large-scale phishing attempt. Phishing itself covers both social attempts and automated digital methods,” the report adds.
Why Are US Cards Cheaper Than Average Prices on the Dark Web?
Despite being the most widely available cards on the dark web, US cards, on average, cost less than the global mean. They are cheaper than cards in places such as Mauritania ($9.98), Uganda ($9.04), and Zimbabwe ($8.41).
According to NordVPN, one of the key reasons behind this pricing is the tight protections that US banks have in place for anti-money laundering as well as the strong law enforcement in the country.
“Payment cards issued in economically developed countries are not the only or even prime target for cybercriminals,” said Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
Those countries usually have more effective money laundering prevention programs and support their clients better in case of fraud. Furthermore, very few criminals hack cards to steal the owner’s money. For most, hacked payment cards are just a commodity to sell on the dark web. Pricing of payment cards depends on a mix of various factors,” Warmenhoven added.
Rather, criminals go for cards in regions where they can use them locally without triggering the bank’s alarm bells. Furthermore, cards from countries such as Denmark and Japan are difficult to find on the dark web. The low supply drives up the price of these cards.
How to Keep Your Card Data Safe Online
Considering the huge variety of ways in which a person’s card data can end up on the internet, keeping your information safe requires a mix of cautious practices and helpful security tools. It is a good idea to download your bank’s official app, or to regularly check your bank statements for any suspicious transactions.
On a similar note, you should consider investing in dark web monitoring to get alerts in case your credentials or personal information ends up on the dark web.
Maintaining strong passwords can help prevent brute-force attacks. With so many services moving online, including banking and shopping, it can be intimidating to create and save multiple complicated passwords.
However, doing so is essential to stay safe online. A password manager makes this job extremely easy. It helps create and store strong passwords that auto-fill onto pages and also keeps you safe from phishing or fake websites (it won’t auto-fill your password if the URL is incorrect). Our guide on the top five password managers of 2023 is a great resource to help you pick a service.
Some e-commerce websites may have malicious plug-ins or unsecured payment gateways that leak your information. We recommend using a security-first VPN like NordVPN to encrypt your data. Its Threat Protection feature will block access to malicious websites, and actively scan for harmful files during downloads.
You can check out our extensive NordVPN review for a deep dive into its features.
