A survey by NordVPN, a security services provider, found and analyzed the details of almost 4,5 million cards that were found for sale on the dark web , belonging to citizens of 140 countries. More than 15,000 were Romanians, 4,661 credit cards (98,5% were Mastercard) and 10,503 debit cards (93,2% were Visa).
In the survey, experts at NordVPN compared card data across countries with United Nations population statistics and the number of Visa , MasterCard and American Express cards in circulation to calculate the risk index and more directly compare the likelihood of the card be available on the dark web by country.
Each card, on average, is sold for US$ 9.70. Romanians leave for a upper price, on average US$ 16.9.
The most affected country was the United States, with more than 1.5 million cards, followed by Australia, with almost 420,000. However, this does not mean these two countries had the highest risk index. According to the survey, the risk index depends on factors such as the proportion of non-refundable cards and the number of cards per capita in circulation per country.
Among the most vulnerable countries were Australia and New Zealand. The lowest risk index score was 0, achieved by Algeria.
“Since 2014, we have seen steady growth in payment card fraud around the world. We decided to check out how much a payment card costs on the dark web and why there is an explosion in their black market,” says Marijus Briedis, CTO at NordVPN. “And the answer is that hackers can easily make a lot of money from it. Even if a card only costs $10 on average, a hacker can make $40 million in profit by selling a single database like the one we analyzed.”
Here are some of the researchers’ key findings – in addition to the data:
. An average hacked payment card’s data costs less than $10, and hackers have millions of these ready to sell;
. Visa cards were the most common, followed by Mastercard and American Express.
. Debit cards were more common than credit cards in the markets the independent researchers surveyed. Hacked debit cards put their victims at greater risk because there tend to be less protections in place for debit.
. The independent researchers found 1,561,739 sets of card details for sale on the dark web from the US during their research. This was far more than from anywhere else. But this does not necessarily mean people in the US are more at risk. Turkey, for example, had less than half the cards per capita that the US has, but the high proportion of non-refundable cards gives Turkey a higher Risk Index;
. The risk index is based on one card per person, so the more cards you have, the more likely it is that one of them could be hacked! This is particularly a problem in the US where there are more cards in circulation per person, but is also something that Europeans need to be aware of.
Data collection: The data was compiled in partnership with independent researchers specializing in cybersecurity incident research. They evaluated a database that contained the details of 4,478,908 cards in total, including details of the type of card (credit or debit), issuing bank, and whether it was refundable. The data NordVPN received from the third-party researchers did not contain any information that relates to an identified or identifiable individual (such as names, contact information or other personal information). We do not operate with exact numbers of payment card details sold on the dark web, as NordVPN has only analyzed a set of statistical data provided by independent researchers.
Analysis: The raw numbers only provide part of the picture. Population size and card usage vary between countries, and these are just two factors that can change the impact of these numbers.
NordVPN compared the statistical card data between countries with UN population stats and the number of cards in circulation by country or region from Visa, Mastercard and American Express. This allowed us to calculate a risk index to more directly compare how likely your card is to be available on the dark web by country.
NordVPN calculated the Risk Index using the following elements:
. Number of cards in the database per capita for that country;
. Number of cards in circulation for that country (based on country or regional data from Visa, Mastercard and American Express);
. The proportion of non-refundable cards in the database for that country, with reduced influence on the overall index;
We then logarithmically normalised these numbers to produce scaled ratings between 0 and 1.
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below:
