If you’ve never seen a fraudulent charge on your credit card statement, consider yourself lucky. It’s no secret that card data is bought and sold on the Dark Web, but the extent and ease of this commerce might be worse than you imagined. A new report from NordVPN puts it in perspective.
Nord didn’t go to a Tor server and download a bunch of illegal databases full of credit card numbers (we’re taking it on faith). But it did partner with some unnamed cybersecurity researchers who were evaluating these databases—one in particular had obtained 4.5 million credit card records. But that data was edited from what Nord worked with. Nord then calculated a risk index for every country in the world, mapped above. The closer your country is to a 1 on the index, the more likely your card is to be available already on the Dark Web.
It’s easy to see that the United States is way up there, with 1.6 million card numbers for sale—the most of any country. Nord went further and broke it down by state.
The numbers are quite high in the well-populated states of California, Texas, Florida, and New York. The more cards you have, the higher your risk, naturally.
Among the things Nord found is that the average cost of getting a credit card record is $10. The price seems low, which might make you feel even worse. But the actual worst part is that price can still net a hacker plenty if they have hundreds, thousands, or even millions of card numbers to sell.
Dark Web lists aren’t compiled only from massive data breaches anymore. Some cards info is “brute forced,” which is really more like highly educated guessing to figure out a card’s numbers. It’s easier than it sounds: Nord provides an interactive diagram explaining how it works. For example, bad guys don’t have to guess all 16 numbers—most of the first four numerals on cards are identifiers for the type of card (Visa’s always start with 4, for example) and the bank that issued it. A criminal with enough smarts can crack an account like this in about six seconds, and that includes guessing the three-digit code on the back of the card.
Recommended by Our Editors
The takeaway is that even if you’re never robbed or part of a breach, your cards are at risk, including your debit cards. The best option is to remain vigilant. Take a close look at your statement each month for potentially fraudulent activity. Banks are also increasingly using fraud detection systems, so don’t be shocked if your card company calls to ask about any purchases made on your account that are out of the norm, or about charges you make when traveling. It’s all part of the constant fight against fraud.
Read the full report at NordVPN.com.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.