Stolen Card Prices Soar 225% in Two Years

The price of stolen credit card details and cybercrime tools has in many cases seen triple-digit growth over the past two years, according to new dark web research compiled by Flashpoint.

The risk intelligence firm trawled some of the more established cybercrime marketplaces across the deep and dark web, across eight categories: from government-issued IDs to DDoS-for-hire services, exploit kits, RDP server access and “fullz.”

The cost of credit card dumps soared 225%, from $12.44 in 2018 to $26.50 this year, it revealed. Fake US passports can reach around $525 while the price rises even higher ($3500) for UK versions.

DDoS-for-hire services have nearly quadrupled in price since 2017, to around $165 for a fully managed attack, or provider-specific options potentially hitting $250.

According to Flashpoint, the “as-a-service” model has become increasingly popular of late because it enables those managing the services to customize on-the-fly, in order to improve success rates in response to enhanced mitigation on the defender side.

Access to RDP servers is often paired with online payment accounts to facilitate quick and easy fraud — available for upwards of $575. US bank account and routing numbers can also fetch hundreds, going for $530 when additional linked accounts are included in packages, said Flashpoint.

Phishing kits with “how-to” guides go for as little as $35, while exploit kits targeting Office 365 can cost $125.

Flashpoint argued that stolen data and cybercrime tools have increased in price across 2020 thanks to more online activity in general over the past year.

“The pricing analysis we conducted heading into 2021 illuminates some of the unique market dynamics and trends we see throughout dark web marketplaces — such as the long-tail effects of the global coronavirus pandemic and changes in buying and selling behavior stemming from an increase in working from home and online shopping,” added head of intelligence, Tom Hoffman.