SOCRadar® Cyber Intelligence Inc. | NordVPN Report Shares Insights on 6 Million Payment Card Data on Dark Web


Jun 22, 2023
5 Mins Read

NordVPN Report Shares Insights on 6 Million Payment Card Data on Dark Web

With the surge in digital payment methods and the widespread use of online transactions, payment card data has become a prime target for cybercriminals. This calls for heightened awareness and proactive steps to combat fraud and ensure the security of sensitive financial and personal information.

NordVPN recently released an analysis of their research on the dark web’s payment card sales, utilizing a dataset of nearly 6 million cards across major cybercriminal markets.

The research revealed that globally, more than 60% of the sold cards were accompanied by additional personal information about the victims, including their address, phone number, email address, birth dates, or social security number (SSN).

The Top Countries Targeted by Card Fraudsters

A table in the report lists the top 20 countries for various categories, such as the countries with the highest number of stolen cards; the United States, India, and the United Kingdom are the top three in this category, with nearly 3.5 million stolen cards in the US alone. 

Other categories include the average total price for which the information is sold, the percentage of hacking for additional information, and the highest/lowest risk index based on available population and card penetration data.

Top 20 countries targeted by card fraudsters
Top 20 countries targeted by card fraudsters (Source: NordVPN)

In India, around 90% of stolen payment card details contain additional information. Among the countries in the hacking category, European and economically advanced countries also seem to have high rates of additional information, which can suggest a potential relationship between the value of victims and hacking attempts.

Between 0 and 1, Malta has the highest risk index of 1. Following Malta, the table lists Australia, New Zealand, Slovenia, and in fifth place, the US. The US, although having the highest number of card details stolen, has a risk index of 0.79.

With a risk index score of 0, Russia demonstrates the lowest level of risk. The key takeaways of the report emphasize that individuals from Russia were the least likely to find their data listed on dark web marketplaces.

Nearly 3.5 Million USA Card Details Exposed On Dark Web 

The report clearly illustrates that the majority of attacks occur in English-speaking countries, with a significant focus on the USA. In the USA alone, a staggering 3.5 million card details were stolen, comprising various brands, including Visa, Mastercard, and American Express. Notably, these stolen card details were frequently accompanied by the victims’ addresses and phone numbers.

For users interested in exploring card theft statistics, NordVPN’s website offers a comprehensive mapping of information on all countries. According to the available statistics, the primary method employed for stealing over 2.5 million cards in the USA was through malware.

The USA statistics on stolen cards (Source: NordVPN)
The USA statistics on stolen cards (Source: NordVPN)

What Type of Additional Information Accompany the Stolen Card Details?

The Swiss police’s Card Security platform interviewed Rolf Nägeli, Head of the Prevention Department at Zurich City Police, to discuss the Dark Web’s role in card fraud and how fraudsters obtain such information.

Nägeli explained that card details are commonly stolen through phishing attacks. Fraudsters employ sophisticated phishing emails to deceive victims into divulging private information to later sell on the dark web, such as their name, address, birth date, card number, CVV number, and card expiry date. 

The report states the stolen cards details had additional information in a significant portion of cases; to put it into statistics, about 51.5% included addresses, while phone numbers were present in 39.8% and email addresses in 28.7%. Fewer cards included date of birth (2.5%) or social security numbers (1.8%), which significantly increases the risk of identity fraud for the victims. 

In total, approximately 62.8% of the card details contained additional information, indicating hacking, while approximately 37.2% were obtained through brute force attacks.

How Can Attackers Use These Data? 

Rolf Nägeli emphasizes the importance of recognizing that stolen data encompasses more than just financial exploitation. Oftentimes, threat actors go beyond selling stolen data and employ it for other malicious activities such as social engineering, phishing, and blackmail.

The biggest risk however, when cybercriminals gain unauthorized access to personal information, they can create fake identities or impersonate real individuals. Threat actors can then engage in other fraudulent activities in the individuals’ place, such as creating bank accounts, taking loans, making fraudulent purchases, and accessing other sensitive information.

What Is the Worth of Stolen Cards On Dark Web?

As per findings in the report, the dark web marketplaces featured approximately 2.5 million of the 6 million stolen payment card data for more than $18.5 million, from an average price of $7 per card.

Aside from sellers, many threat actors leak credit card data, for free. Leaking such information for free usually serves certain purposes, such as facilitating malicious activities like blackmail or allowing multiple threat actors to exploit the same set of card data, thereby obscuring traces.

How to Prevent Payment Card Leaks With SOCRadar? 

SOCRadar’s Fraud Protection solution enhances organizations’ detection capabilities by enabling them to identify stolen credit card data across popular global black markets, carding forums, and hacker channels, with real-time alerts.

With SOCRadar, you can monitor dark web channels to stay ahead of payment fraud and protect customers and employees from compromise.

SOCRadar’s Fraud Protection

SOCRadar’s Brand Protection solution provides valuable support for organizations that rely on digital payment systems, considering the constant threat of phishing attempts and impersonating websites. The platform empowers organizations to actively monitor impersonating domains and initiate a takedown process, effectively safeguarding customers and preserving brand reputation.

SOCRadar’s Brand Protection
SOCRadar’s Brand Protection