Are your credit or debit card details being sold on the dark web? How fraudsters use tech for ‘brute-forcing’ to GUESS numbers
- 4m card details found for sale on the web with 135,000 belonging to Britons
- Average British card for sale for just £11.06
- Criminals can guess card numbers without having to hack into a company’s data
- Card users urged to regularly check their card statements for suspicious activity
Hundreds of thousands of Britons are unaware that their debit or credit card numbers are being sold on the dark web.
That’s according to analysis of four million payment card details found for sale on the internet’s underbelly belonging to citizens of 140 countries unearthed in a new study by cybersecurity firm NordVPN.
It found that 134,607 of those credit and debit card details belonged to Britons making the it the second most card hacked European country, after France.
In total, researchers analysed 4 million payment card details that were found for sale on the dark web and belonged to citizens of 140 countries.
The research also found that the average price of a British card for sale on the dark web is £11.06.
Marijus Briedis, chief technology officer at NordVPN said: ‘The UK still remains a popular target for criminals because of its big population and high quality of life.’
He adds: ‘However, the losses that Britons experience are falling every year because banks feel the pressure to take extra precautions to keep their clients safe.
‘British payment cards on the dark web are pretty expensive compared to the £9.70 worldwide average, despite the country’s user-friendly payment card fraud-prevention policies.
‘If a lost or stolen payment card is used in an illegal manner, the liability falls onto the bank and that is why many British banks have extra security measures in place to protect their customers.’
134,607 of the payment card details found belonged to Britons. The average price of a British card was found to be £11.06.
The research uncovered mountains of data on the dark web that helped to map out the scope of payment card detail hacking online.
It revealed what types of card details are being sold and which card providers are the most exploited.
Visa cards were the most common cards found for sale on the dark web, followed by Mastercard and American Express.
Debit cards were also found to be more common than credit cards.
How is this happening?
Clever hackers can significantly cut down how many numbers they need to guess and check to find your payment card number.
Most of us believe that as long as our card and our card data hasn’t been stolen we are safe from this sort of crime.
However, there is a way for criminals to crack payment card numbers without having to steal someone’s wallet or break into a company’s database.
The most common form of which according to NordVPN is called brute-forcing where criminals essentially try to guess the card number and CVV.
Hackers can significantly cut down how many numbers they need to guess and check to find your payment card number.
‘The first 6-8 numbers are the card issuer’s ID number,’ explains Briedis.
‘That leaves hackers with 7-9 numbers to guess, as the 16th digit is a checksum and is used only to determine whether any mistakes were made when entering the number.
‘Brute-forcing is a little bit like guessing. Think of a computer trying to guess your password.
‘First it tries 000000, then 000001, then 000002, and so on until it gets it right. Being a computer, it can make thousands of guesses a second.
‘Most systems limit the number of guesses you can make in a short space of time to prevent these kinds of attacks, but there are ways to get around this.
‘After all, they don’t target specific individuals or specific cards. It’s all about guessing any viable card details that work to sell.’
How can people stay secure?
Unfortunately there is little people can do to protect themselves from this threat, unless they are prepared to abstain from card use entirely.
But the fact that your card could be guessed by criminals means that this should serve as a wake up call to at least stay on your guard.
This could mean checking your credit card or bank statements each month to make sure no suspicious transactions have occurred.
It may also be wise to choose a bank with adequate security measures in place.
Briedis says: ‘Proper security measures in banks can help users to be safer.
‘Banks can use tools like fraud detection to track payment attempts to weed out fraudulent attacks.
‘Stronger password systems are also a huge step towards preventing card fraud, but fortunately multi-factor authentication is becoming the minimum standard.
‘So if your bank doesn’t offer it already, demand it or consider switching banks.’
THIS IS MONEY’S FIVE OF THE BEST CURRENT ACCOUNTS
Lloyds Bank’s Club Lloyds account will pay £125 when you switch. There is a £3 monthly fee but this is waived if you pay in at least £1,500 each month. You also earn monthly credit interest on balances up to £5,000 and can choose a reward each year, including 6 cinema tickets.
Virgin Money’s M Plus Account offers £20,000 Virgin Points to spend via Virgin Red when you switch and pays 2.02 per cent monthly interest on up to £1,000. To get the bonus, £1,000 must be paid into a linked easy-access account paying 1% interest and 2 direct debits transferred over.
HSBC’s Advance Account pays £170 when you switch to the account. You need to set up two direct debits or standing orders and pay in at least £1,500 into the account within the first 60 days.
First Direct will give newcomers £150 when they switch their account. It also offers a £250 interest-free overdraft. Customers must pay in at least £1,000 within three months of opening the account.
Nationwide’s FlexDirect account comes with up to £125 cash incentive for new and existing customers. Plus 2% interest on up to £1,500 – the highest interest rate on any current account – if you pay in at least £1,000 each month, plus a fee-free overdraft. Both the latter perks last for a year.