Stolen UK Payment Cards Sell for £9 as Dark Web Fraud Market Industrializes

Stolen payment card details from the UK are being offered on dark web marketplaces for as little as £9, according to recent findings from NordVPN. This trend underscores a significant shift in cybercrime towards operations that leverage automation and mass data harvesting, leading to a thriving underground economy.

A dataset analyzing over 28,000 dark web listings from January 2025 to February 2026 revealed that the median price for stolen card details is approximately £9. In contrast, comprehensive digital identity packages, often referred to as “fullz,” are priced around £30, while scanned passports and driving licenses average about £26. These low prices do not signify a decrease in the value of stolen identities; rather, they reflect an oversupply of compromised data. Criminal marketplaces are now inundated with information obtained through various means, including phishing campaigns, infostealer malware, credential stuffing attacks, and legacy corporate breaches.

Buyers in this market operate on a probability basis. They purchase large batches of stolen cards at low prices and conduct low-value transactions to determine which accounts are still active. Even if the majority of these cards fail, the overall economics remain favorable when scaled.

The Evolution of Cybercrime into a Service Economy

Dark web operations are increasingly resembling structured supply chains rather than isolated hacking groups. Various actors specialize in distinct functions, such as credential theft, phishing infrastructure, SIM swaps, money laundering, and account takeovers. This specialization has lowered the technical barriers to entry for fraud operators, who no longer require advanced expertise to execute scams. Instead, they can assemble services and stolen data from multiple vendors across underground marketplaces.

The structure of this market mirrors broader platform economies: suppliers offer stolen credentials, service providers deliver bypass tools and laundering infrastructure, and buyers integrate these components into scalable fraud operations. The result is an ecosystem optimized for throughput rather than precision. Automation tools and phishing kits are widely available, enabling attackers to continuously replenish their inventories of compromised accounts and payment details.

The Value of Full Identity Profiles

The pricing disparity between standalone card data and complete identity bundles highlights the true value within modern fraud networks. A single card number may facilitate limited fraudulent activity, but a full identity profile allows for extensive financial exploitation. These identity bundles typically include names, addresses, email credentials, financial data, and identity documents. Together, they empower attackers to conduct account takeovers, apply for loans, bypass verification checks, and gain access to banking platforms.

In many instances, the payment card serves merely as an entry point. Once access is gained, attackers often pivot to connected services, including email accounts and mobile carriers. Techniques such as SIM swap attacks and password resets become tools for deeper compromise. Data aggregation plays a pivotal role in this model; individual pieces of information may possess limited standalone value, but when combined, they significantly enhance monetization opportunities.

The UK as a Prime Target for Cybercrime

The UK remains an attractive target for cybercriminals due to its advanced digital payment infrastructure and the widespread adoption of online banking and card-based transactions. High transaction volumes create ample monetization opportunities for attackers. Consumer protection frameworks also play a role in this dynamic. Fraud losses are frequently absorbed by financial institutions rather than directly by criminals, which diminishes deterrence and allows large-scale attacks to remain financially viable.

The continuous influx of compromised credentials into underground marketplaces has intensified price competition. As more stolen data becomes available through recurring breaches and malware campaigns, unit prices continue to decline while overall market activity expands. This trend suggests that cybercrime markets are becoming increasingly industrialized. The availability of cheap data at the point of sale obscures a larger system characterized by repeated exploitation, resale, and automated monetization across interconnected digital platforms.

The implications of these developments are significant. Cybercrime has evolved into a scalable service industry driven by automation and specialization. The low prices for stolen data reflect operational efficiency and oversupply, rather than a decrease in criminal demand. The highest-value targets are not merely payment cards but the linked digital identities that enable broader financial exploitation. As consumer accounts and verification systems become more interconnected, the risk of fraud escalates.

Source: financefeeds.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.