Dark Web Financial Fraud Spikes in Second Half of 2019: Over 76 million Credit Cards for Sale

By Sixgill – January 27, 2020

The number of stolen credit cards offered for sale on dark web markets swelled in the second half of 2019 to more than 76 million, more than three times the number that had appeared for sale in the first half of the year. 

These underground markets on the deep and dark web provide anonymous channels for criminals and hackers to sell their wares, often illicit data and products. As our research reveals, there is a particularly large market for stolen credit card information which is often sold for as little as $5.

Our analysis also found that nearly two out of every three stolen cards being sold belonged to Americans. Interestingly, this was a similar finding in our research for the first half of 2019.

Several factors drive the over-representation of U.S. cards in criminal marketplaces. For one, U.S. consumers tend to use more credit cards, and they are perceived to have higher credit limits than consumers in other countries. Additionally, U.S. businesses and card issuers lagged behind other wealthy countries, such as ones in Europe, in the implementation of more secure chip-card technology. 

The number of stolen cards originating in Russia continue to be underrepresented. In our previous report, just 336 cards came from Russia. In our most recent review, that number stayed relatively low at 238. These findings stand in stark contrast to the large proportion of Russian speakers found in criminal underground forums. In fact, our research found incidences in which threat actors selling digital crime tools forbid those tools from being used in Russia or CIS countries. One possible explanation for this occurrence, is that Russian threat actors are oftentimes allowed to operate with impunity, if their activities do not target Russians or align with the government’s interests.

Get the Full H2 2019 Financial Fraud Report

Don’t miss out on the latest

Get notified on Industry updates.
we promise not to spam