Brits have more stolen payment card details listed for sale on the dark web than any other European country, according to new research of dark web data by cybersecurity company NordVPN.
Studying six million stolen details, discovered for sale illegally on online marketplaces, NordVPN found that UK credit and debit card information was among the most common on the dark web, with only cards from the US and India more widely available.
Even more concerning is that two-thirds (63 per cent) of card data listed from the UK came ‘bundled’ with a selection of other private information: home addresses, phone numbers and email addresses to National Insurance numbers. These details make it easier for cybercriminals to commit identity fraud; suggesting victims likely had their details hacked rather than ‘brute-forced’.
Of the information stolen from the UK, 52 per cent came from debit cards, 37 per cent from credit cards; with the remaining 11 per cent coming from other payment cards. Visa cards were the most popular listing, representing 57 per cent of the total haul. Mastercard (29 per cent) and Amex (ten per cent) followed.
How much does your card information cost fraudsters – and what will it cost you?
UK card details typically cost just £4.61 – 18 per cent lower than the global average of £5.61. Buying payment data from Denmark would put fraudsters the most out of pocket, costing £9.23 – the most expensive in the study.
Overall, the average cost of stolen payment card information has fallen by over a quarter since the end of 2021. This data reflects both the growth and success of low-cost online scams and fraud like phishing and malware.
As more sophisticated attacks become more prevalent (including phishing and malware), the amount of information available alongside card information also ensures cybercriminals have more options available to them, including identity theft.
NordVPN’s study also revealed that the UK had a total of 164,143 payment card details listed on the dark web, almost as many as the next two biggest European victims put together: France (97,032) and Italy (78,676). While UK payment information is more readily available, the study found that Brits are actually less vulnerable to the effects of card fraud than some of its global rivals.
‘Just the tip of the iceberg’
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, discussed the significance of the study. Warmenhoven commented: “The card numbers found are just the tip of the iceberg when it comes to payment fraud. This is a crime with a huge ripple effect and the extra information sold makes it far more dangerous as a skilled criminal can use these to acquire more personal details.
“Once an attacker has obtained the victim’s name, home address and email, they may even abuse legal methods, such as using the GDPR, to go further with identity theft or other malicious activities.
“In the past, experts linked payment card fraud to brute-forcing attacks – when a criminal tries to guess a payment card number and security code to use their victim’s card. However, most of the cards found were sold alongside the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.”