- Research into a dark web database of six million global card details showed only America and India had more payment data stolen than the UK
- Two-thirds (63%) of Brits’ stolen data came with other private information, including National Insurance numbers, addresses and other contact details
- UK card details sell for just £4.61 on average as phishing and malware scams target more victims and criminals move away from ‘brute-force’ attacks
- Cybersecurity company NordVPN, who conducted the analysis, has advice to help keep hackers out of your wallet and protect consumers from identity theft
Brits have more stolen payment card details listed for sale than any other country in Europe, according to new research of dark web data by cybersecurity company NordVPN.
The study of six million stolen details, discovered for sale illegally on online marketplaces, revealed that UK credit and debit cards were among the most common on the dark web, with only cards from the US and India more widely available.
Worryingly, two-thirds of Brits’ card data listed (63%) came bundled with a treasure trove of other private information, ranging from home addresses, phone numbers and email addresses to National Insurance numbers.
These details would make it easy for a cybercriminal to commit identity fraud and suggests the victim is likely to have had their details hacked rather than “brute-forced”, where card numbers are repeatedly guessed, usually with a computer.
Of the UK details stolen, 52% were from debit cards and 37% were from credit cards, with other payment cards making up the remainder. Visa cards were the most popular listed, making up 57% of the haul, followed by Mastercard (29%) and Amex (10%).
Researchers found that UK card details typically cost just £4.61. This was 18% lower than the global average (£5.61) and half the average price of payment data belonging to consumers from Denmark — at £9.23 the most expensive in the study.
The average cost of stolen payment cards has fallen by over a quarter since the end of 2021, reflecting the growth — and success — of low-cost online scams and fraud like phishing and malware.
NordVPN’s study showed the UK had a total of 164,143 payment card details listed on the dark web, almost as many as the next two biggest European victims, France (97,032) and Italy (78,676), added together.
However, despite the number of victims, the study found Brits are less vulnerable to the effects of card fraud than some of our global rivals.
NordVPN’s Card Fraud Risk Index measures how likely payment information is to appear on the dark web, in proportion to factors like a country’s population and cards in circulation — along with the risks of it being sold with additional identifying data. The UK ranked 22nd place on the index, with Malta, New Zealand and Australia the three most at-risk nations.
Russia finished bottom of the risk index, indicating the country was primarily a perpetrator rather than a victim of card fraud.
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, says: “The card numbers found are just the tip of the iceberg when it comes to payment fraud. This is a crime with a huge ripple effect and the extra information being sold makes it far more dangerous as a skilled criminal can use these to acquire more personal details.
“Once an attacker has obtained the victim’s name, home address and email, they may even abuse legal methods, such as using the GDPR, to go further with identity theft or other malicious activities.
“In the past, experts linked payment card fraud to brute-forcing attacks — when a criminal tries to guess a payment card number and security code to use their victim’s card. However, most of the cards found were sold alongside the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.”
How to protect yourself from payment card fraud
NordVPN cybersecurity expert Adrianus Warmenhoven has provided the following tips to help users feel more secure online:
- Use complicated passwords: Use different passwords for each account and store your passwords in an encrypted password manager, such as NordPass. Make sure your passwords consist of a combination of letters, numbers, and symbols.
- The extra factor: Sign up for two-factor authentication on commonly used websites. This means that even if a criminal gains access to your main log-in details, they will also need to crack a separate numerical PIN.
- Download your bank’s app: Use it to track your money, paying particular attention to any unusual outgoings. Some apps will notify you of every transaction in real time — just make sure to look.
- Respond to data breaches: Change your username and password immediately if a company informs you that your details were involved in a data breach. If you’ve used the same one elsewhere, change it there too.
- Use anti-malware software: Anti-malware software (such as Threat Protection) will ensure that you do not download malicious files to your device and will protect you from info-stealing viruses.