Following the surge in dark web activity, stolen credit cards belonging to South Koreans—along with Korean passports—are now among the most valuable items traded in the cyber underworld, according to data provided by NordVPN.
SEOUL, Nov. 5 (Korea Bizwire) — The price of stolen South Korean credit card information traded on the dark web has more than doubled over the past two years, reflecting rising demand among cybercriminals despite stronger global security measures, a new report found.
According to cybersecurity firm NordVPN, data collected in May from its threat monitoring platform NordStella analyzed more than 50,000 stolen card listings. The report showed that while American cards accounted for about 60 percent of the total, Korean card data saw one of the steepest price increases worldwide.
The average price of a stolen Korean credit card jumped from $2.66 in 2023 to $7.15 in 2025, up roughly 168 percent. Although still below the global average of $8, the surge ranked 12th highest among all countries analyzed.
The most expensive cards were Japanese, averaging $23 per card, followed by those from the United States at $11.51. NordVPN said dark web pricing is largely driven by supply and demand, with card data from countries that have tighter anti-fraud systems typically commanding higher prices due to limited availability.
Most listings included not only card numbers but also personal data such as names, addresses, and emails—information that enables identity theft and fraud verification. About 87 percent of the stolen cards still had more than a year left before expiration, making them particularly valuable for resale and prolonged criminal use.
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, warned that card data is now “so cheap that even novice criminals can buy and cash out stolen information,” comparing the price of a stolen card to “the cost of a movie ticket.”
He urged users to monitor statements regularly, enable real-time payment alerts, use strong passwords, avoid saving payment details in browsers, and activate two-factor authentication to minimize the risk of fraud.
Ashley Song (ashley@koreabizwire.com)
