How market forces determine data value on the dark web
We all know that following a data breach the stolen information is likely to turn up for sale on the dark web. But what's this information worth and how is its value arrived at?
Researchers at consumer website Comparitech have analyzed over 40 dark web marketplaces to find out how much credit card, Paypal, and SSN details are worth to cybercriminals.
In terms of 'fullz' (full sets of credentials) American identities are the cheapest averaging $8 per record, while Japan and the UAE have the most expensive identities at an average of $25.
This seems to be largely down to how much data is available; around two-thirds of stolen credit card details are for cards issued in the US, with no other country accounting for more than 10 percent of stolen cards. Consequently US card details change hands for as little as $1.5, while UK cards go for $2.5, Canadian cards for $3.5 and Australian and Japanese cards for $7.
A credit card number on its own might be worth as little as $0.11, since more information is needed before it can be used to conduct a 'card not present' transaction. It's not entirely worthless though as it could be used to make a magnetic-strip duplicate to be used where magnetic strip readers rather than chip and pin or contactless payments are still in use.
Dark web vendors are keen to keep their customers happy too. Paul Bischoff writes on the Comparitech blog:
One listing, for example, listed a PayPal account for US$811. The vendor promised the balance on the account would be €5000 +/- €200 with a 48-hour replacement guarantee in case of chargebacks. The customer can request a date and time that the account be handed over. If an account with the full amount is not available, the vendor will split it into separate transactions.
I wish my bank had that kind of customer service.
While credit cards, PayPal accounts and fullz are most popular, other data like passports, driver's licenses, frequent flyer miles, streaming accounts, dating profiles, social media accounts, bank accounts are traded too but are less in demand.
You can read more along with tips on how to keep your data safe on the Comparitech blog.
Image credit: rimom / Shutterstock