“The “dark web” is an internet shadow world where the good and the bad co-exist… On the bad side, the dark web has emerged as an important hub of criminal commerce, a fully functional marketplace where hidden customers can buy from hidden sellers with relative confidence, often with customer ratings available, just as on the public-facing web.”
– National Institute of Justice, 2020
We live in a digital world where information can be the most valuable currency and the dark web serves as the commercial hub. Over the first eight months of 2023, an estimated 360 million people were impacted by data breaches and by the end of the year, $2.9 billion was lost in these attacks. While money is certainly a key motive for criminal activity, what else is driving the push? For many cybercriminals the real target is personally identifiable information (PII), used to facilitate further illicit activity or to command shocking prices from other nefarious actors. From credit cards and account details to licenses and passports, on the dark web everything has a price.
The Dark Web: A Market for PII
“Much of the illicit activity on the dark web occurs on darknet markets, where administrators provide a forum for buyers and sellers to communicate and leverage transactions.”
– Congressional Research Service, 2022
The dark web is a layer of the internet purposely concealed from mainstream users and only accessible using special software. Frequented by at least half a million Americans in the first half of 2022, dark web content is unindexed with the publisher’s identity concealed. Within this layer of the internet, markets for contraband thrive and your customer’s most intimate PII may be auctioned wholesale.
Prices are surprisingly low, from $110 for credit card details, to anywhere from $30 to $500 for login details for major financial institutions and $60 for a New York driver’s license. These markets offer buyers an arsenal of sensitive information — and produce substantial revenue for sellers. In one recent case unsealed by the U.S. Department of Justice, an Illinois man led a group of criminals in marketing almost 50,000 stolen payment cards on dark web marketplaces, generating at least $1 million in cryptocurrency. But from stolen account details to manufactured identification, the true threat to financial institutions is from criminals weaponizing the PII they acquire on the dark web to commit fraud, create synthetic identities to bypass identity processes, and more.
Defending your Institution & Customers
Purchased credentials can give fraudsters immediate access to online bank accounts that were compromised in a data breach, and the ability to move or empty the funds in these accounts at will. Financial institutions must implement strong anti-financial crime controls to protect their customers and themselves when this information is in the wrong hands. This includes protecting online customer accounts, which are a vulnerable target for cyber-criminals looking to commit unauthorized transfers and harvest further data.
Verafin’s Online Account Takeover solution effectively uncovers unusual online activity that indicates a potential account takeover and alerts you in time to prevent loss. With online event analysis, visual investigation tools and more, you are alerted when a session deviates from a digital fingerprint specific to each of your customers and can quickly determine if the online activity you are investigating was performed by your customer — or a cybercriminal.
To learn more about our Online Account Takeover solution, read our Feature Sheet.