[sponsored] A new study by cybersecurity company NordVPN has analysed information from 400,000 payment cards from Hong Kong that were sold on the dark web. According to this research, the average price of a Hong Kong payment card is HK$156.
“Hong Kong payment cards are expensive (compared to the HK$76 world average) because of the country’s image as a financial centre and its difficult relationship with China. Many hackers from China target Hong Kong solely for political reasons and the market for those cards is growing,” Marijus Briedis, CTO at NordVPN, says.
Hong Kong cards cost HK$156 on average
The prices of the discovered Hong Kong payment cards varied from HK$8 to HK$194. The vast majority (391,778) of payment cards cost HK$156.
The most expensive cards could be found in Japan (average price HK$335), while the cheapest cards on the dark web belonged to Honduras (average price less than HK$7).
“Prices of cards depend mostly on demand. The greater the demand, the more money criminals can charge for certain data they try to sell. In this case, the demand directly correlates with how easy it is to steal money from a card and how much money could be stolen. That is why the most expensive cards come from countries with a higher quality of life or poorer bank security measures,” says Marijus Briedis.
Hong Kong affected by 400K leaked cards
A total of 399,537 payment cards found hacked belonged to Hong Kong. The most affected county was the US with 1,561,739 out of 4,481,379 payment cards found for sale. The second most affected nation was Australia, with 419,806 cards discovered for sale on the dark web.
Knowing that Hong Kong has the 8th highest credit card penetration in the world, 400,000 is understandable, but still a very high number. The reason for that could be that a lot of hackers worldwide come from China and they try to target Hong Kong for political reasons. However, the number of payment fraud incidents is decreasing every year because of the security systems that country’s’ banks have in place.
Is it possible to prevent card fraud?
“The most common way those payment cards end up for sale is brute-forcing. That means that criminals basically try to guess the card number and CVV. The first 6-8 numbers are the card issuer’s ID numbers. That leaves hackers with 7-9 numbers to guess, as the 16th digit is a checksum and is used only to determine whether any mistakes were made when entering the number,” Marijus Briedis explains.
To protect themselves, users are recommended to stay vigilant and review their monthly statements regularly to make sure no suspicious transactions have occurred. It is also important to choose a bank according to the security measures it has implemented.“
The Hong Kong example shows that proper security measures in banks can help users to be safer. Banks can use tools like fraud detection to track payment attempts to weed out fraudulent attacks. Stronger password systems are also a huge step towards preventing card fraud, but fortunately, multi-factor authentication is becoming the minimum standard. So if your bank doesn’t offer it already, demand it or consider switching banks,” Marijus Briedis from NordVPN concludes.
Data collection: The data was compiled in partnership with independent researchers specializing in cybersecurity incident research. They evaluated a database that contained the details of 4,478,908 cards in total, including details of the type of card (credit or debit), issuing bank, and whether it was refundable. The data NordVPN received from the third-party researchers did not contain any information that relates to an identified or identifiable individual (such as names, contact information, or other personal information). We do not operate with exact numbers of payment card details sold on the dark web, as NordVPN has only analysed a set of statistical data provided by independent researchers.
Analysis: The raw numbers only provide part of the picture. Population size and card usage vary between countries, and these are just two factors that can change the impact of these numbers. Researchers compared the card data between countries with UN population stats and the number of cards in circulation by country or region from Visa, Mastercard, and American Express. This allowed us to calculate the risk index to more directly compare how likely your card is to be available on the dark web by country.