The dark web is home to all kinds of illegal activity, and while authorities have made efforts in order to clamp down on markets that enable these illicit activities, there's still a lot left to do. A new report by cyber threat intelligence (CTI) organization Sixgills (via ZDNet), revealed that, in the first six months of 2019, over 23 million stolen credit cards were on sale on the dark web.
Cards originating in the United States constitute the overwhelming majority of stolen cards being sold in these obscure markets, adding up to over 64% of all cards on the dark web. The United Kingdom is the second most popular source of stolen credit card data, but its 7.4% is a far cry from the U.S. numbers. On the opposite end of the spectrum is Russia, with just 314 cards out of the more than 23 million sourced from other countries - that's about 0.0014%.
The report also reveals that the majority - about 57% - of stolen cards are Visa, with MasterCard taking second place with 29% and American Express sitting at 12%.
Stolen credit card details can be had for as little as $5, according to the report, and there are two options available. The ones that include the numbers and security code (CVV) on the card were the most popular kind, since the information can easily be used to make purchases online, but there are also "dumps", which contain all the information in the magnetic stripe of a card. This can be used to replicate the card to be used use in real-life locations.
As to how the data is obtained, there are a few methods. Hackers can place skimmers on credit card readers and ATM machines to copy the card data, or, for online platforms, it can be possible for computers to be infected with malware that collects credit card information when it's used to make a purchase. Websites themselves can be hacked to harvest information from customers, as was the case with Newegg last year.
There are a few things that can be done to reduce the risk of being affected by this kind of fraudulent activity. Sixgills says that financial institutions can protect customers by monitoring activity on the dark web, which some companies are already doing. Customers can set up alerts for suspicious activity on their accounts, and monitor them on a regular basis to see if there's anything out of the ordinary. Should consumers suspect their data has been stolen, they should get in contact with credit reporting agencies such as Equifax or TransUnion.