More Than 1.5 Million Payment Cards in the US Are Hacked
A new study on credit card fraud has reveled that over 4 million payment card details, belonging to users across 140 countries, are being traded on the dark web. But w good share of that affects Americans.
According to the study, a total of 1,561,739 American payment cards were found by independent researchers to be for sale on the dark web. AÂ Neilson report from December found that the US accounts for a disproportionate amount of global card fraud. Based on those 2020 figures, the U.S. accounts for 35.83% of global card fraud even though it accounts for only 22.40% of total card volume.
Card theft is also categorized by state in the study. California is on top with a total of 88,802 hacked payment card numbers. Texas is second with 74,063 and Florida third with 62,346.
If ordered per capita, then Alabama is worst, with one card hacked for every 223 residents. After that is Wyoming with one per 244 and Washington State with one per 249. The safest state to be in is Vermont apparently, with one card hacked per 551 residents.
These credit card and debit card numbers are being sold online, often between $6 and $10 USD each.
Here are some of the key findings in the NordVPN study:
- An average hacked payment card’s data costs less than $10, and hackers have millions of these ready to sell.
- Visa cards were the most common, followed by Mastercard and American Express.
- Debit cards were more common than credit cards in the markets the independent researchers surveyed. Hacked debit cards put their victims at greater risk because there tend to be less protections in place for debit.
- The independent researchers found 1,561,739 sets of card details for sale on the dark web from the US during their research. This was far more than from anywhere else. But this does not necessarily mean people in the US are more at risk. Turkey, for example, had less than half the cards per capita that the US has, but the high proportion of non-refundable cards gives Turkey a higher Risk Index.
- The risk index is based on one card per person, so the more cards you have, the more likely it is that one of them could be hacked! This is particularly a problem in the US where there are more cards in circulation per person.
Lower Spend - Chase Ink Business Preferred® 100K!
Chase Ink Business Preferred® is a powerful card that earns 3X Ultimate Rewards points in a broad range of business categories on the first $150K in spend per year. Right now earn 100K Chase Ultimate Rewards points after Learn more about this card and its features!
Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities.
[…] More Than 1.5 Million Payment Cards in the US Are Hacked. – This is why you should NEVER make purchases with a debit card. Even if you are careful, that doesn’t mean that the merchant is safely storing your card info. And, even when you’re using a credit card, you should review your statements every month to look for suspicious purchases. If you have access to virtual card numbers, use them when shopping online or over the phone. […]
Maybe the credit card companies could anonymously buy a list of the stolen credit card numbers on the web and automatically replace those cards to avoid bogus charges. That’s an oversimplification but it might turn out to be cost effective for them.
I had my Chase Visa hacked several weeks ago. I have text alerts set up on my phone for all my cards so I caught it immediately. Both of our cards were still in our possession. The biggest problem was that it took Chase/USPS 8 days to get me new cards!, and that was going from Ohio to Delaware. Luckily I also have AmEx and Discover to use. My Samsung Pay was updated the same day I reported the card hacked so I could use it in store but not online which is where I do most of my shopping. I think AmEx does a better job to get you back up again than Visa, well at least Chase.
Yet US merchants have resisted moving to chip+pin because they don’t want to have to buy a new card reader. While Europe has had it for years, it won’t be fully mandated in the US for roughly another decade.
Yes and no. This is more on the banks and processors than the merchants. Apparently fradulent card presented in store is lower risk than online fraudulent numbers or online theft. The banks didn’t want to slow the purchase process down by adding a step of entering a PIN and worse we don’t have a smooth way to get everyone to program a PIN onto their cards other than assigning people random PINs. And US banks believed that people would confuse a credit card PIN with their debit card or ATM PIN since we’re not used to the concept of a credit card PIN. They also didn’t want people locking themselves out when they forgot their PINs. This happened in Canada when PINs were issued too early by some bans and when merchants made the switch to PIN, people forgot their PINs and locked their cards.
@Nathan’s comment below shows that the card number is being obtained and a fake card being created for in-store use, likely being swiped not chip read or contactless tapped.
I had fraud on my Amex just yesterday. $220 at Publix and then $340 at Target.com. Card has never left my possession. Amex declined the charges and cleaned it up and are already sending me a new card. Well handled but it’s still annoying.
I know for those of us in this racket, we are fairly careful, but folks, please urge all your friends and relatives that are not clued in on stuff to ALWAYS ALWAYS examine any credit card or bank statements. Many times, people do not notice shenanigans going on until far later than they could have.
Just a PSA!