More UK Card Details Are Available on the Dark Web Than Anywhere Else in Europe – New Report

UK credit and debit card details are among the most common on the dark web. According to a report published by cybersecurity company NordVPN, the country is third only to the United States and India. After studying six underground marketplaces and analyzing over six million stolen details, the researchers found that the UK had over 160,000 stolen payment card details listed, representing almost as many as the next two biggest European victims (France and Italy) combined.  

Card Theft Statistics

According to NordVPN cybersecurity expert Adrianus Warmenhoven, experts previously connected payment card fraud to “brute-force attacks”, which involve a criminal merely guessing a payment card number and security code to use a victim’s card. However, this study revealed that most of the discovered cards were sold alongside personal identifying information of their victims, which would be near impossible to access using brute force. 

For UK card details specifically, 63 percent of the listed card data was combined with other private information relating to home addresses, phone numbers, email addresses, and National Insurance numbers. Warmenhoven notes, “we can therefore conclude that [these card details] were stolen using more sophisticated methods, such as phishing and malware.” Other key findings from the study include:

• UK card details cost 18 percent lower than the global average, selling for just £4.61. 
• Danish card details cost the most at £9.23. 
• Of the stolen UK card details:
  • 52 percent came from debit cards.
  • 37 percent from credit cards.
  • 11 percent came from other payment cards.

Genesis Market Dismantled

The impact of underground marketplaces and how personal details are sold and distributed made headlines earlier in 2023 when Europol reported the takedown of Gensis Market following an action day on April 4. On this marketplace, criminals could purchase “bots” that had infected victims’ devices through account takeover attacks or malware. In addition to providing stolen data, the marketplace gave criminals the means to use it by facilitating access to custom browsers that would mimic the one used by their victim. This allowed the fraudsters to access their victim’s accounts without triggering any security measures from the platform. 

Following an operation that involved 17 countries – including France, Germany, Spain, Italy, Switzerland, and the UK – 119 arrests were made and 208 property searches occurred. In the UK, 24 people were arrested.  

Speaking about the operation, National Crime Agency (NCA) Director General Rob Jones highlighted the importance of investigating fraud and cybercrime through a collaborative lens since cybercrime is a key enabler of the vast majority of fraud. “It’s extremely important that our response to these two threats is a collaborative effort at both an international and national level.” 

Key Takeaways

To combat the rising threat of payment fraud and identity theft, compliance teams may choose to consider some of the following actions to ensure their fraud detection programs work effectively and efficiently: 

• Update risk assessments: A regularly-updated, company-wide risk assessment is crucial for a solid AML/CFT program, as well as for fraud prevention and mitigation. Given fraud’s status as a predicate crime to money laundering, it’s critical to ensure all risk assessments are updated to include fraud, money laundering, and terrorist financing risks.
• Recognize red flags: Although risk indicators are highly contextual and often rely on a combination of other factors to establish high risk, there are some general areas of concern to lookout for. Warning signs include behavior deviations atypical for a customer profile, such as: 
  • Shipping addresses too far from an IP address.
  • Unusual transaction types or merchant categories.
  • Transactions exceeding the account balance or credit limits.
  • Unusual cross-border transactions.
  • Repetitive refunds or chargebacks.

• Implement effective measures: Alongside the encryption of transactions, regular changing of login credentials, and the use of up-to-date software, measures to consider include: : 

• • Dynamic fraud detection solutions that can monitor risks in real-time, with practical case management that helps analysts prioritize the most high-risk alerts.
  • The completion of regular training programs. Europol, for example, has organized courses on the forensics of payment card fraud. Topics include examining skimming devices, ATM logical attacks, and malware attacks.