The volume of compromised credit cards offered for sale on cybercrime markets has dropped sharply over the past few years, although UK figures rose, according to Cybersixgill.
The security firm collects 10 million “intelligence items” daily from the deep, dark, and clear web to better understand the cybercrime economy.
Its State of the Cybercrime Underground 2023 report revealed a 94% drop in compromised cards offered for sale on underground markets between 2019 and 2022 – from over 140 million four years ago to just nine million last year.
Over that time the market has declined sharply, with the number of cards available to fraudsters falling 28% from 2019 to 2020, and then by 60% a year later. There was a final 78% drop in volume between 2021 and 2022.
Read more on card fraud: UK Banks Best in Europe at Reducing Card Fraud Losses Last Year.
“It’s not only the supply of cards that has been affected, but also the platforms dedicated to selling them,” the report explained. “Since 2019, the deep and dark web marketplaces catering to the transaction of stolen credit cards have suffered significant blows – both in size and scope.”
A large part of this is down to law enforcement action, which has helped to take down large carding markets and led to several arrests of high-profile cyber-criminals.
On the other side, Cybersixgill pointed to improved user authentication mechanisms and behind-the-scenes real-time fraud detection from banks and card companies, as well as e-commerce firms, as helping to depress the market for stolen cards.
That said, the average monthly price of card details including CVV numbers stayed relatively consistent during 2022, according to the report.
Interestingly, while the share of compromised US cards on dark markets dropped from 58% to 49% between 2021 and 2022, the UK’s share increased from 5% to 13%.
“The United Kingdom has the most compromised cards per capita in the world, with one compromised card for every ~68 residents. In contrast, the US has one compromised card for every ~88,” Cybersixgill noted.
UK card fraud losses increased by 9% to £204m ($255m) in the first half of 2022, compared to the same period in 2021, according to UK Finance.
Dov Lerner, head of threat research at Cybersixgill, told Infosecurity there was no obvious reason for the UK’s unenviable status as a leader in compromised cards.
“This finding may be simply an anomaly, or it may have been influenced by a number of factors, including but not limited to: failures of measures to prevent or detect credit card fraud, increased targeting of UK entities by threat actors, and/or a higher incidence of data breaches in UK e-commerce sites,” he added.
Separate research from Recorded Future pointed to the war in Ukraine as a major cause of declining volumes of stolen cards on dark markets. It reported a 24% year-on-year decrease in the volume of card-not-present records in 2022 and a 62% slump in card present records.
It said part of the blame rested with “mobilization, refugee and voluntary migration, energy instability, inconsistent internet connectivity and deteriorated server infrastructure.”
Editorial image credit: RichartPhotos / Shutterstock.com