Stolen credit and debit cards sold for $20 on dark web: survey

A new report has put a hard price on an individual data breach — and demonstrated just how cheaply cybercriminals sell off our sensitive stolen financial data.

The latest research reveals that credit and debit card information taken from unsuspecting Canadians is often packaged up and sold for less than the price of a tank of gasoline on the black market. The report from Intel Security and McAfee Labs, titled The Hidden Economy: The Marketplace for Stolen Digital Information, shows that Canadian card information sells for as little as $20 to $40 to prospective buyers and cybercriminals.

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behaviour,” said Raj Samani, CTO for Intel Security EMEA, in a statement. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

The research examined prices for various types of stolen data — primarily card data, bank account login details, online payment service credentials and hospitality loyalty login info — for victims from a swath of Western nations and provided an intriguing comparison. For example, the sticker price for debit/credit info dipped even further for cards from South of the Canadian border — American card info only fetched $5 to $30.

Based on the report’s findings, any cybercriminal with an extra $40 could also obtain every detail of a particular Canadian card and its owner. And the loss of this kind of information could lead to disastrous results for the data’s owner — including drained bank accounts and potential identity theft.

“A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” said Samani. “Provide that criminal with extensive personal information which can be used to ‘verify’ the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual.”

To compile the information for the report, the McAfee Labs team partnered with IT security specialists and law enforcement to observe and assess dark web destinations where sensitive data was bought and sold on the digital black market.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lindsey Peacock
Lindsey Peacock
Lindsey Peacock is a freelance writer, editor and American expat based in Toronto. This proud Atlanta native has written for a variety of news and business publications across North America, including Business in Vancouver, BCBusiness magazine, Fort McMurray Today and The Atlanta Journal-Constitution. Blogging, sweet tea and black-and-white movies are a few of her favourite things.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs