NordVPN, a virtual private network provider, says analysis of four million payments cards found for sale on the dark web show nearly 50,000 were New Zealand cards.
The company says the 4,481,379 payment cards belonged to people from 140 countries. Of the total 49,668 were NZ cards. NordVPN says the average price of all the cards was US$9.70, with the average price of a NZ card US$18.54.
At 38,429, a large majority of the NZ cards were Visa cards, followed by 6,565 Mastercard cards, and 197 American Express cards. Visa has the biggest share of the NZ market.
NordVPN says 60% of the cards were debit cards and 40% credit cards. Visa Classic cards were 17 times more likely to be found on the dark web than premium cards.
"Since 2014 we have been seeing a constant growth in payment card fraud around the world. We decided to look into how much a payment card costs on the dark web and why there’s a booming underground black market for them,” says Marijus Briedis, Chief Technology Officer at NordVPN.
“And the answer is that hackers can easily make a lot of money. Even if a card costs only $10 on average, a hacker can make $40 million by selling a single database, like the one that we analysed.”
At 1,561,739, the highest number of cards came from the United States. At 419,806 cards, Australia was second.
Based on NordVPN's risk indexing, NZ was found to be the third most vulnerable country behind Hong Kong and Australia. The Netherlands was determined to be the least vulnerable.
Briedis says "brute forcing" is a key way the cards got onto the dark web.
“Increasingly, the card numbers sold on the dark web are brute-forced. Brute-forcing is a bit like guessing. Think of a computer trying to guess your password. First it tries 000000, then 000001, then 000002, and so on until it gets it right. Being a computer, it can make thousands of guesses a second. After all, criminals don’t target specific individuals or specific cards. It’s all about guessing any viable card details that work to sell,” says Briedis.
"There is little users can do to protect themselves from this threat, short of abstaining from card use entirely. The most important thing is to stay vigilant."
“Review your monthly statement for suspicious activity and respond quickly and seriously to any notice from your bank that your card may have been used in an unauthorized manner. Another recommendation is to have a separate bank account for different purposes and only keep small amounts of money on the one your payment cards are connected to. Some banks also offer temporary virtual cards you can use if you don’t feel safe while shopping online,” Briedis says.
NordVPN says its data was compiled in partnership with what it describes as independent researchers specialising in cybersecurity incident research. These researchers evaluated a database with the details of 4,478,908 cards, including details of the type of card being credit or debit, the issuing bank, and whether it was refundable.
The researchers compared the card data between countries with United Nations population statistics and the number of cards in circulation by country or region from Visa, Mastercard, and American Express. NordVPN says this allowed it to calculate the risk index to compare by country how likely a card is to be available on the dark web.
*This article was first published in our email for paying subscribers. See here for more details and how to subscribe.