Cost of credit card data on dark web is falling – will this lead to a rise in ID fraud?

The value of credit card data on an underground dark web marketplace has dropped by about a quarter during 2021, according to a new report by Comparitech.

Comparitech’s researchers sifted through 13 dark web markets and found that stolen credit card data fetched an average of $17.36 (£12.61/€14.69) or about $0.00033 per dollar of credit limit. Prices in all cases tended to correlate to credit limits. The median credit limit on a stolen credit card is 24 times the price of the card.

Actual physically cloned credit cards traded for far more money, around $171 on average, or $0.0575 per dollar of credit limit.

Credit cards can be sold as physical or digital items on the dark web. Credit card details used for online fraud are cheaper and can be sent digitally. Physical cards are usually cloned from details stolen online, but can be used to withdraw from ATMs. Because the merchant requires equipment to clone the card and must send the buyer a physical product complete with PIN number, the price for cloned cards is much higher.

The most valuable credit cards to cyber criminals tend to be MasterCard products, worth 6.47 cents per dollar. Visa cards are worth 5.75 cents per dollar, whilst American Express products are worth less, 5.13 cents per dollar, presumably reflecting their often-limited acceptability among merchants.

But brand is just one of many considerations affecting price, said Bischoff, with other factors affecting price including the expiry date – for fairly obvious reasons, newer cards are more popular – the credit limit, whether or not the card verification value (CVV) number or ATM PIN is included, the cardholder’s location and whether or not it comes with other personal data (known as “fullz” in the trade).

The cost of personal data is now also falling with the average fullz costing around $12. However, if the fullz pertains to a deceased individual the cost is steeper. The stolen identity of someone that has passed away is considered more valuable by fraudsters as the period of fraudulent activity is typically longer than for ‘live’ data as being deceased the individual is unable to alert authorities that there are inconsistencies within their credit record.

With the cost of data on the dark web falling it is likely that there will be a related rise in identity fraud meaning that organisations will need to be even more conscientious when it comes to checking the identities of their customers.

For information about Halo, our deceased identity fraud solution please don’t hesitate to get in touch!