Over 23 million credit and debit cards were on offer in underground forums in the first half of 2019, researchers claim.
On Thursday, cybersecurity firm Sixgill released its Underground financial fraud report, documenting the trends and trades taking place in the Dark Web in relation to stolen financial data.
The research team said that out of the 23 million cards, nearly two out of every three originated in the United States, and while the US accounted for roughly two-thirds of stolen information, no other nation claimed more than 10 percent.
Following the US was the United Kingdom as a popular source of stolen data whereas in comparison only 316 credit cards on sale came from Russia.
The researchers believe that two factors are in play which keeps the number of Russian payment cards low. The first is "underground criminal attitudes" to stealing Russian information given the prevalence of hackers originating from the country, and the second is Russia's economic position.
"Russia's financial straights are nothing new -- its GDP per capita is $11,000, a sixth of America's $62,000," the report reads. "With such staggering economic disparity between the two countries, we can certainly expect a sizable difference between the number of American and Russian cards offered for sale in underground markets."
Illegal trading posts and marketplaces are constantly being closed by law enforcement agencies. However, when it comes to the purchase and sale of stolen information, a handful of websites remain popular. According to Sixgill, three trading posts accounted for 64 percent of the cards on offer during the first half of 2019.
In total, 57 percent of stolen financial records were related to Visa cards, followed by Mastercard at 29 percent. AMEX accounted for 12 percent.
You can pick up stolen credit card data for as little as $5. Dumps containing potentially thousands of numbers usable in the creation of clone cards for physical purchases are common, but the most valuable commodities are records also containing CVV numbers -- the three-digit security code found on the back of payment cards.
Cybercriminals are also willing to shift their wares to other channels in response to market closures. The report says that Instant Relay Chat (IRC) and encrypted platforms, such as Telegram, are also providing a way for stolen data to be traded.
"The centralization of fraudulent activity in a handful of markets mirrors similar economic and commercial patterns in real-world financial markets," the researchers say. "This phenomenon may seem like a ripe opportunity for law enforcement agencies to effectively shut down a sizable portion of cybercriminal activity; however, as we've seen in the past with the shutting down of markets like Alphabay, Hansa, and Silk Road, threat actors quickly migrate their activities to other markets."