Six million stolen payment cards found on the dark web — six thousand are from Singapore

Experts say this is just “a tip of the iceberg” because 63% of cards came bundled with other private information

Even though banks and other financial institutions do a lot to protect their customers from payment card fraud, criminals still find their way into victims’ wallets. The newest research by NordVPN analyzed 6 million stolen payment cards found on the dark web. Two in three cards came bundled with at least some private information, such as an address, phone number, email address, or even Social Security number (SSN).

As many as 5,931 (0,1%) analyzed payment cards belonged to Singapore. Researchers also estimated that the average price of Singaporean cards on the dark web is S$13.5 (global average – S$9.4). Singaporean payment cards are prone to fraud: According to NordVPN’s card fraud risk index, on a scale from 0 to 1, Singapore’s payment card fraud risk index is 0.77.

“The cards researchers found are just the tip of the iceberg. The information sold alongside these cards makes it much more dangerous,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN. 

“In the past, experts linked payment card fraud to brute-forcing attacks — when a criminal tries to guess a payment card number and CVV to use their victim’s card. However, most of the cards we found during our research were sold alongside  the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.”

Identity theft through payment card fraud

By selling the database analyzed in the research, cybercriminals could earn more than S$24.5 million in total. If purchased, these payment card details could net criminals much more than they originally paid for them. 

2,800 payment cards for sale included their Singaporean owners’ home address, 1,700 included telephone number, 1,500 cards included email addresses, and around 30 cards included their owners’ date of birth. 

If a data breach or hack exposes users’ card details as well as their addresses and other personal information, it can lead to identity theft. Once the attacker has obtained the victim’s name, home address, and email address, they may even abuse legal methods (such as using the GDPR’s right to access for more personal information) in furthering the identity theft scheme or committing other malicious activities.

Malta, Australia, and New Zealand at the top of the risk index, Singapore in 10th place

Based on their findings, NordVPN researchers have calculated the risks posed by credit card theft and related cyberattacks to residents in 98 countries. Malta, Australia, and New Zealand came at the top of the risk index, and Singapore came in 10th place. 

On the other end of the spectrum, Russia had the lowest risk score, and China was 3rd from last. These findings seem to confirm prevailing hypotheses regarding the location of large-scale hacking operations and the purposeful targeting of Anglo-European countries.

58.1% of stolen cards issued in the US

Over half of the 6 million stolen credit card records analyzed came from the US, most likely due to its high rates of card penetration, sizable population, and strong economy. However, stolen US cards commanded a comparatively low price (S$9 as opposed to the S$9.3 global average) on dark web marketplaces — the most valued cards (at S$15.3 on average) were from Denmark.

How to protect yourself from payment card fraud

“Few criminals now use brute force to steal payment card information. This means that techniques are becoming more sophisticated. However, this also means that informed users have less chance of being affected,” says Adrianus Warmenhoven. He has provided the following tips to help users feel more secure online.

• Use impenetrable passwords: Use different passwords for each account and store your passwords in an encrypted password manager, such as NordPass. Make sure your passwords consist of at least 20 letters, numbers, and symbols.  
• Download your bank’s app: Use it to track your money, paying particular attention to any unusual deductions. Some apps will notify you of every transaction in real time — just make sure to look. 
• Respond to data breaches: Change your username and password immediately if a company informs you that your details were involved in a data breach. If you’ve used the same one elsewhere, change it there too. 
• Use anti-malware software: Anti-malware software (such as NordVPN’s Threat Protection) will ensure that you do not download malicious files to your device and will protect you from info-stealing viruses. 

Methodology

The prices were converted from USD to Singapore Dollars on May 8th, 2023.

The data was compiled in partnership with independent researchers specializing in cybersecurity incident research. They evaluated eight key marketplaces on the dark web to retrieve the details of over 6 million cards. The data NordVPN received from these third-party researchers did not contain any information that relates to an identified or identifiable individual (such as names, contact information, or other personal information). The study did not determine the exact number or analyze the entirety of payment card details sold on the whole of the dark web — NordVPN only examined the set of statistical data provided by independent researchers.

After receiving the statistical information, NordVPN researchers analyzed it and created the risk index to evaluate the data objectively. 

Full methodology can be found here: https://nordvpn.com/research-lab/6-million-stolen-credit-cards-analyzed/ 

ABOUT NORDVPN

NordVPN is the world’s most advanced VPN service provider, used by millions of internet users worldwide. NordVPN provides double VPN encryption and Onion Over VPN and guarantees privacy with zero tracking. One of the key features of the product is Threat Protection, which blocks malicious websites, malware during downloads, trackers, and ads. NordVPN is very user friendly, offers one of the best prices on the market, and has over 5,000 servers in 60 countries worldwide. For more information: nordvpn.com.