PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

How Much Is Your Stolen Credit Card Worth on the Dark Web?

A huge amount of credit card info is sold on the Dark Web, especially that of US cardholders—but the numbers aren't always stolen via a data breach.

Eric Griffith
 & Eric Griffith Senior Editor, Features

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

If you've never seen a fraudulent charge on your credit card statement, consider yourself lucky. It's no secret that card data is bought and sold on the Dark Web, but the extent and ease of this commerce might be worse than you imagined. A new report from NordVPN puts it in perspective.

Nord didn't go to a Tor server and download a bunch of illegal databases full of credit card numbers (we're taking it on faith). But it did partner with some unnamed cybersecurity researchers who were evaluating these databases—one in particular had obtained 4.5 million credit card records. But that data was redacted from what Nord worked with. Nord then calculated a risk index for every country in the world, mapped above. The closer your country is to a 1 on the index, the more likely your card is to be available already on the Dark Web.

It's easy to see that the United States is way up there, with 1.6 million card numbers for sale—the most of any country. Nord went further and broke it down by state.

HACKED PAYMENT CARD NUMBERS PER US STATE

The numbers are quite high in the well-populated states of California, Texas, Florida, and New York. The more cards you have, the higher your risk, naturally.

Recommended by Our Editors

Texas AG Sues What­sApp for 'Lying About Pri­va­cy'
Texas AG Sues What­sApp for 'Lying About Pri­va­cy'
Age Verification Laws Are Coming for Your OS. Here's What You Need to Know
Age Verification Laws Are Coming for Your OS. Here's What You Need to Know
This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans
This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans

Among the things Nord found is that the average cost of getting a credit card record is $10. The price seems low, which might make you feel even worse. But the actual worst part is that price can still net a hacker plenty if they have hundreds, thousands, or even millions of card numbers to sell.

Dark Web lists aren't compiled only from massive data breaches anymore. Some cards info is "brute forced," which is really more like highly educated guessing to figure out a card's numbers. It's easier than it sounds: Nord provides an interactive diagram explaining how it works. For example, bad guys don't have to guess all 16 numbers—most of the first four numerals on cards are identifiers for the type of card (Visa's always start with 4, for example) and the bank that issued it. A criminal with enough smarts can crack an account like this in about six seconds, and that includes guessing the three-digit code on the back of the card.

The takeaway is that even if you're never robbed or part of a breach, your cards are at risk, including your debit cards. The best option is to remain vigilant. Take a close look at your statement each month for potentially fraudulent activity. Banks are also increasingly using fraud detection systems, so don't be shocked if your card company calls to ask about any purchases made on your account that are out of the norm, or about charges you make when traveling. It's all part of the constant fight against fraud.

Read the full report at NordVPN.com.

About Our Expert

Eric Griffith

Eric Griffith

Senior Editor, Features

My Experience

I've been writing about computers, the internet, and technology professionally since 1992, more than half of that time with PCMag. I arrived at the end of the print era of PC Magazine as a senior writer. I served for a time as managing editor of business coverage before settling back into the features team for the last decade and a half. I write features on all tech topics, plus I handle several special projects, including the Readers' Choice and Business Choice surveys and yearly coverage of the Best ISPs and Best Gaming ISPs, Best Products of the Year, and Best Brands (plus the Best Brands for Tech Support, Longevity, and Reliability).

I started in tech publishing right out of college, writing and editing stories about hardware and development tools. I migrated to software and hardware coverage for families, and I spent several years exclusively writing about the then-burgeoning technology called Wi-Fi. I was on the founding staff of several magazines, including Windows Sources, FamilyPC, and Access Internet Magazine. All of which are now defunct, and it's not my fault. I have freelanced for publications as diverse as Sony Style, Playboy.com, and Flux. I got my degree at Ithaca College in, of all things, television/radio. But I minored in writing so I'd have a future.

In my long-lost free time, I wrote some novels, a couple of which are not just on my hard drive: BETA TEST ("an unusually lighthearted apocalyptic tale," according to Publishers' Weekly) and a YA book called KALI: THE GHOSTING OF SEPULCHER BAY. Go get them on Kindle.

I work from my home in Ithaca, NY, and did it long before pandemics made it cool.

The Technology I Use

My first computer was a Laser 128, an Apple II-compatible clone with an integrated keyboard, matched with an eye-straining monochrome green monitor. I used it to type papers in college for other people for money...until I discovered the Mac SE in the college computer room. That changed my life. My first cellphone was a Samsung Uproar—the silver one with the built-in MP3 player from the Napster days (the pre-iPod era).

I use an iPhone 15 Pro hourly and an iPad Air infrequently (but I'm always in the market for a cheap Android tablet). I have a PlayStation 5 just to play Spider-Man, and several Windows machines, including a work-issued Lenovo ThinkPad. I talk to Alexa and Siri all day long. I do the majority of my computing on a 15-inch LG Gram laptop attached to a Thunderbolt hub to run a multi-monitor setup—I overdid it on the power needed to simply work from home.

I'm most at home in Microsoft Word after decades of writing there. More and more, I turn to services like Google Docs, using tools like Grammarly. I use Google's Chrome browser due to an addiction to several extensions I think I can't live without, but probably could. I use Excel extensively on data-intensive stories, but for chart creation, we've switched over entirely to using Infogram for interactive features that are hard to find elsewhere. I do a lot of graphics work for my stories, but limit myself to the free and amazing Paint.NET software to edit images.

I'm a firm evangelist for using the cloud for backup and syncing of files; I'm primarily using Dropbox, which has never failed me, but I also have redundant setups on Microsoft OneDrive, plus extra picture backups on Amazon Photos and iCloud. Why take chances? For entertainment, mine is a streaming-only household—my kid has never seen network TV and barely been exposed to commercials, thanks to Roku and Amazon Music. The house is peppered with smart speakers from Amazon for instant gratification and control of smart home devices like multiple Wyze cameras and Nest Protect smoke detectors. I've got accounts on all the major social networks, to my horror. I have a robot vacuum for each floor of the house. I want a 3D printer, but not sure what I'd use it for.

Read the latest from Eric Griffith

Read full bio