Research into a dark web database of six million global card details showed only America and India had more payment data stolen than the UK.
NordVPN’s study into six underground marketplaces showed the UK had a total of 164,143 payment card details listed, almost as many as the next two biggest European victims, France (97,032) and Italy (78,676), added together.
Worryingly, two-thirds of Brits’ card data listed (63%) came bundled with a treasure trove of other private information, ranging from home addresses, phone numbers and email addresses to National Insurance numbers.
Researchers found that UK card details typically cost just £4.61. This was 18% lower than the global average (£5.61) and half the average price of payment data belonging to consumers from Denmark — at £9.23 the most expensive in the study.
The average cost of stolen payment cards has fallen by over a quarter since the end of 2021, reflecting the growth — and success — of low-cost online scams and fraud like phishing and malware.
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, says: “In the past, experts linked payment card fraud to brute-forcing attacks — when a criminal tries to guess a payment card number and security code to use their victim’s card. However, most of the cards found were sold alongside the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.”