News and resources on cyber and physical threats to banks and fintechs worldwide.
Payment cards going for an average $9.70 on dark web

Payment cards going for an average $9.70 on dark web

An analysis of more than four million payment cards being hawked on the dark web reveals that they belong to citizens of 140 countries and are selling for an average of $9.70.

The most affected country in the world was the US, accounting for 1,561,739 out of 4,481,379 payment cards found for sale, says NordVPN. The second most affected nation was Australia, with 419,806, while Brits account for 134,607 of the compromised cards.

To get a more nuanced picture of which people are most at risk, NordVPN developed an index using population data and the number of cards in circulation. The most vulnerable country in the world was found to be Hong Kong, with a maximum possible risk score of 1.

The second most vulnerable was Australia at 0.85, with the UK at 0.39, while the Netherlands scored 0.

The most expensive cards could be found in Hong Kong and the Philippines, with an average price of $20, while the cheapest cards on the dark web belonged to Mexicans, Americans, and Aussies, with prices starting from $1.

As for how card details make their way onto the dark web, Marijus Briedis, CTO, NordVPN, says: "Increasingly, the card numbers sold on the dark web are brute-forced. Brute-forcing is a bit like guessing.

"Think of a computer trying to guess your password. First it tries 000000, then 000001, then 000002, and so on until it gets it right. Being a computer, it can make thousands of guesses a second."

Comments: (2)

A Finextra member
A Finextra member 02 December, 2021, 18:06Be the first to give this comment the thumbs up 0 likes

The Dutch have mostly Maestro cards that are hard to misuse in e-commerce or even use there and also at POS with 100% pin requirement. The banks in the Netherlands are well organized and have good risk control measures in place so no wonder that they have a zero score. 

Vivek Joshi
Vivek Joshi - Suncorp Bank - Brisbane 02 December, 2021, 22:56Be the first to give this comment the thumbs up 0 likes

In Australia we have so much controls and measures we follow as per PCI/DSS that even internally we cannot send full PAN/Card Number to one another - team memebr sitting next to me and in spite of this Aussies second most vulnarable? - above post helps somwhat but still can't explain the full story.  UK is not that bad.  Are Aussies gullible to reveal their card numbers or what - what are other factors contributing other than the brute force?  

Thanks for the news item.