Experts warn that bundled private information poses a grave threat, with 47,000 payment cards from South Africa among the compromised data
In the relentless battle against payment card fraud, financial institutions have implemented robust security measures to safeguard customers. However, a recent study conducted by NordVPN has revealed that criminals are still managing to infiltrate victims’ wallets. The analysis of 6 million stolen payment cards retrieved from the dark web exposes a disconcerting reality: 63% of the cards were bundled with additional private information, including addresses, phone numbers, email addresses, and even Social Security numbers.
Remarkably, among the stolen cards, 46,737 (0.9%) were traced back to South Africa, ranking the country as the twelfth most affected globally. The researchers further estimated that the average price of South African cards on the dark web stood at R74.46, in contrast to the global average of R128.56. This data highlights the vulnerability of South African payment cards, as evidenced by the country’s payment card fraud risk index of 0.65, according to NordVPN.
Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, cautioned, “The cards researchers found are just the tip of the iceberg. The information sold alongside these cards makes it much more dangerous.” The presence of victims’ email and home addresses indicates that the stolen data was acquired through more sophisticated methods like phishing and malware, rather than brute-forcing attacks, where criminals attempt to guess payment card details.
The Perils of Identity Theft through Payment Card Fraud
With the potential sale of the database analyzed in this research, cybercriminals could amass over R340 million. Once purchased, these payment card details open up avenues for criminals to generate far more substantial gains than their initial investment.
Among the 10,000 payment cards available for sale, the researchers discovered that South African owners’ home addresses were disclosed for 5,000 cards, telephone numbers for 5,000 cards, email addresses for 7,000 cards, and approximately 300 cards even included their owners’ date of birth.
The exposure of card details, combined with personal information such as addresses, poses a severe risk of identity theft. Armed with the victim’s name, home address, and email address, perpetrators may exploit legal methods, including invoking the General Data Protection Regulation’s (GDPR) right to access, to obtain further personal information and execute elaborate identity theft schemes or other malicious activities.
Cyber Risk Index Reveals Alarming Trends
Drawing on their findings, NordVPN researchers compiled a risk index to assess the vulnerability to credit card theft and related cyberattacks across 98 countries. Topping the index were Malta, Australia, and New Zealand, while South Africa ranked 25th.
Conversely, Russia boasted the lowest risk score, while China found itself third from the bottom. These rankings seem to align with existing assumptions regarding the geographic concentration of large-scale hacking operations and the intentional targeting of Anglo-European nations.
United States Emerges as a Hotbed for Stolen Cards
Over half of the 6 million stolen credit card records analyzed in the study originated from the United States. This concentration can be attributed to the country’s high card penetration rate, substantial population, and robust economy. However, stolen U.S. cards fetched a comparatively lower price on dark web marketplaces, averaging R125.8, in contrast to the global average of R128.56. Surprisingly, the most sought-after cards, commanding an average price of R211.64, were those from Denmark.
Protecting Yourself from Payment Card Fraud
As criminals increasingly employ sophisticated techniques, the need for informed users to protect themselves becomes paramount
Adrianus Warmenhoven offers the following recommendations to enhance online security:
- Utilize impenetrable passwords: Employ different passwords for each account and store them securely in an encrypted password manager, such as NordPass. Ensure that your passwords consist of a minimum of 20 characters, including letters, numbers, and symbols.
- Download your bank’s app: Monitor your financial transactions through your bank’s app, paying close attention to any unusual deductions. Some apps offer real-time transaction notifications, enabling prompt action in case of suspicious activity.
- Respond to data breaches: If a company notifies you of your involvement in a data breach, immediately change your username and password. It is also advisable to modify credentials on other platforms where you have used the same information.
- Deploy anti-malware software: Protect your devices from malicious files and information-stealing viruses by employing anti-malware software, such as NordVPN’s Threat Protection.
By adopting these proactive measures, you can significantly mitigate the risks posed by payment card fraud and safeguard their personal and financial information from falling into the wrong hands.
