Criminals continue to infiltrate the wallets of unsuspecting victims despite the efforts of banks and financial institutions to safeguard against payment card fraud. The latest research conducted by NordVPN reveals a staggering six million stolen payment cards discovered on the dark web.
Disturbingly, almost two-thirds of these cards were bundled with additional private information, including addresses, phone numbers, email addresses, and even Social Security numbers (SSNs).
No ad to show here.
Of the analysed payment cards, a significant 46 737 (0.9%) belonged to South Africans, positioning South Africa as the 12th most affected country globally. The study also found that the average price for South African cards on the dark web was R74.46, compared to the global average of R128.56. This data highlights the vulnerability of South African payment cards, further substantiated by the country’s payment card fraud risk index of 0.65, according to NordVPN.
Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, warns that the findings represent only “the tip of the iceberg.” The inclusion of additional personal information alongside the stolen cards amplifies the level of danger.
Warmenhoven explains that the criminals behind these thefts employ sophisticated methods such as phishing and malware, rather than brute-force attacks, as evidenced by the sale of email and home addresses alongside the stolen cards.
The potential consequences of payment card fraud and the associated identity theft are deeply concerning. By selling the database compiled during the research, cybercriminals stand to make over R340 million in total. Purchasers of these payment card details gain the ability to exploit victims far beyond the initial theft.
Alarmingly, the database revealed that 10 000 payment cards for sale included the home addresses of South African cardholders, 5 000 contained telephone numbers, 7 000 featured email addresses, and around 300 even included victims’ dates of birth.
When a data breach exposes not only card details but also addresses and other personal information, the risk of identity theft significantly escalates. Attackers armed with victims’ names, home addresses, and email addresses can exploit legal mechanisms like the GDPR’s right to access to acquire further personal information for identity theft schemes or other malicious activities.
NordVPN researchers assessed the risks associated with credit card theft and cyberattacks in 98 countries. The risk index revealed that Malta, Australia, and New Zealand faced the highest levels of vulnerability, with South Africa ranking 25th. Conversely, Russia had the lowest risk score, while China occupied the third-to-last position. These findings align with prevailing hypotheses regarding the location of large-scale hacking operations and the deliberate targeting of Anglo-European nations.
More than half of the analysed 6 million stolen credit card records originated from the United States, likely due to its high card penetration rate, sizable population, and robust economy. Surprisingly, stolen US cards commanded a relatively low price of R125.8 on dark web marketplaces, compared to the global average of R128.56. The most valuable cards, averaging R211.64, were from Denmark.
To safeguard against payment card fraud, Warmenhoven offers valuable advice tailored for South Africans. He emphasises the importance of creating strong, unique passwords for each account and storing them securely in an encrypted password manager.
Additionally, Warmenhoven recommends downloading and using a bank’s app to closely monitor financial transactions, paying particular attention to any unusual deductions. Promptly changing usernames and passwords in the event of a data breach notification is crucial, and employing anti-malware software provides essential protection against malicious files and info-stealing viruses.