trending
Stolen UK payment card details are being sold on dark web marketplaces for around £9, according to research from NordVPN and threat exposure platform NordStellar.
Stolen payment cards become low-cost commodity
The finding underlines an uncomfortable reality for the payments industry: compromised card data has become cheap, abundant and easily traded.
The research analysed more than 28,000 dark web listings between January 2025 and February 2026, covering 16 categories of stolen digital assets across multiple markets.
Alongside payment cards, criminals were offering hacked social media accounts, streaming subscriptions, identity documents and full digital identity packages.
A stolen payment card had a median listed price of roughly £9. By contrast, a fuller digital identity bundle, often including personal details and account credentials, sold for about £30.
Digital scans of passports and driving licences were typically priced at around £26.
Why stolen card data is so cheap
The low price of stolen card details does not mean the data has little criminal value. It points instead to oversupply.
Dark web marketplaces are awash with credentials harvested through phishing campaigns, infostealer malware, account takeover attacks, credential stuffing and historic corporate breaches.
Criminal buyers do not need every card to work. They purchase data in bulk, test it through low-value transactions or automated scripts, and then exploit whatever remains active.
Even if a high proportion of cards fail, the economics can still be attractive when the initial purchase price is so low.
This has turned stolen payment information into a volume business. Fraudsters increasingly operate on industrial logic: acquire large datasets cheaply, validate at speed, monetise what works and discard the rest.
Identity is the more valuable prize
The pricing gap between card data and full identity packages is significant. A card number may enable limited fraud, but a complete digital identity can unlock far broader opportunities.
Names, addresses, email logins, financial information and scanned identity documents can be combined to support account takeovers, loan applications, SIM swap attempts and verification bypasses.
For banks, issuers and payment providers, this changes the nature of the risk. Fraud is no longer only about protecting a card credential. It is about defending the wider digital identity layer that surrounds a customer’s financial life.
Once criminals gain access to an email account, mobile number or online banking profile, a single compromised card can become a route into a much larger fraud event.
A warning for the payments sector
The UK remains an attractive target because of its highly digital payments market, extensive online banking usage and large card transaction volumes. The more consumers rely on interconnected digital services, the more opportunities criminals have to assemble fragmented data into a usable identity profile.
NordVPN has launched a dark web calculator to help consumers understand how their accounts and documents may be valued by criminals. For the payments industry, the broader lesson is clear.
Fraud prevention can no longer rely solely on transaction monitoring or card controls. It requires stronger identity protection, better breach detection, customer education and more resilient authentication.
Cheap stolen card data is not a sign of a weaker fraud market. It is evidence of a more efficient one.
Comments