In addition to selling identities and illicit drugs on the dark web, a growing number of scammers are using the underground marketplace to buy and sell stolen credit cards. They are hawking credit card data for as little as $5 a pop, driving a market that is growing at an alarming rate.
According the Israel-based security firm Sixgill, the number of credit cards being sold on the dark web reached more than 76 million in the second half of 2019. That’s more than three times the number of stolen credit cards for sale in the first six months of 2019. Of the victims, two out of three were Americans.
“Several factors drive the over-representation of U.S. cards in criminal marketplaces. For one, U.S. consumers tend to use more credit cards, and they are perceived to have higher credit limits than consumers in other countries,” Sixgill published in a blog post announcing the results of the study.
Americans at the Greatest Risk
U.S. businesses and card issuers have been sluggish in adopting more secure chip-card technology, and that isn’t helping matters. Sixgill says American banks and U.S. card payment issuers adopted EMV technology after Europe’s despite the enhanced security against physical techniques, including card skimming. As a result, U.S. credit cards are easier to compromise and trade on the dark web. In fact, the study found that cards originating from the U.S. account for 64.5% of the total credit card inventory on the dark web.
Among the stolen credit cards, 54% were Visa, 34% Mastercard, 7% American Express and 2% Discover. When comparing the number of cards being sold to the real-world presence of the credit card issuer, Sixgill found Mastercard had the highest proportion of credit cards available for sale, while American Express had the smallest.
The researchers found that the number of stolen credit cards originating from Russia stood at just 238. That’s even though dark web criminal forums are full of Russian-speaking individuals. Sixgill says its research found cases in which criminals selling hacker tools forbade them from being used in Russia.
“One possible explanation for this occurrence, is that Russian threat actors are oftentimes allowed to operate with impunity if their activities do not target Russians or align with the government’s interests,” Sixgill wrote.
As it stands now, there are seven dark web credit card markets accounting for close to 53% of the activity. But Sixgill warns smaller marketplaces could be one credit card breach away from becoming a real competitor.
Easy Ways to Stay Vigilant
Selling and buying stolen credit card information is illegal. But with a thriving marketplace only a few clicks away and the anonymity of the internet, it’s happening every day. Consumers need to be vigilant both online and in the physical world. Unraveling the mess of credit card fraud can take six months or longer.
To protect yourself online, Chris Manske, owner of Manske Wealth Manager and author of the upcoming book The Prepared Investor, urges consumers to avoid saving their credit card information in their internet browsers. Yes, it’s convenient. And, yes, it’s a bad idea.
Vigilance also has to be applied to the sites you frequent, whether to shop or be entertained. “When you visit sites that offer free downloads of songs or videos, you take a very big risk of malware getting onto your computer,” Manske says. “Keep your virus protection up to date with a regular scrub of your computer.”
In addition, when using a credit card in the physical world, Manske urges consumers to keep their cards in their sight at all times. In Europe, credit cards are swiped in front of the cardholders, but in the United States it’s common for a clerk or waiter to walk away with your credit card in hand. That makes it easy for a thief to copy the card information and sell it on the dark web.
It can help to write “SEE ID” next to your signature on the back of the card, Manske says. That makes it tougher for an imposter to use your card.
Criminals devise new ways to steal information seemingly daily, but the good news is you don’t have to be their next victim. Stay vigilant, check your credit card statements, monitor your credit reports, and be a discerning web user, and you’ll go a long way in protecting yourself.