Prices for stolen payment cards on dark web marketplaces have risen in most countries, according to new research from NordVPN and, while the global average remains around $8, some markets have jumped by as much as 444%.
In South Africa, the average price climbed from $4.06 (R69.98) in 2023 to $6.64 (R114.45) in 2025 – a 63,56% increase.
Many assume cybercrime happens to someone else, yet stolen payment card details change hands on these markets every day. It’s rarely just a card number: listings often include names, addresses, emails, and other details that help criminals pass fraud checks and impersonate real customers.
“Even with prices rising, card data remains cheap enough for entry-level criminals,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “On major marketplaces, a single stolen card often costs about the price of a movie ticket. Cards are frequently sold in bulk, stay valid for long periods, and can be cashed out locally – so for a few dollars, criminals choose between a night at the cinema or a ready-made route to fraud, account takeovers, and outright cashing of someone else’s money.”
From $1 to $23: The forces behind dark web card pricing
Compared with other countries, Americans are the most affected by payment card scammers. More than 60% of payment cards belonged to US users. Singapore is second at about 11%, and Spain is third at around 10%.
However, high prevalence doesn’t equal low price. Stolen US cards sit near the middle of the dark web range at $11.51 – while the most expensive listings come from Japan at roughly $23. Cards from Kazakhstan, Guam, and Mozambique go for roughly $16. At the low end, cards from the Republic of the Congo, Barbados, and Georgia can sell for around $1.
Why prices spiked: Supply, demand, and stricter anti-fraud controls
NordVPN says its analysis shows that over the past two years prices for stolen data have risen significantly. The largest increase was in New Zealand (more than 444%), followed by Argentina (368%) and Poland (221%), while France saw a modest rise of just 18%.
Pricing on the dark web mostly follows simple supply and demand. Criminals pay more for cards from countries where supply is low and anti-fraud controls are strict – such as Japan. In markets with abundant data like the US or Singapore, cards are cheaper and often sold in bundles which lowers the price per card.
“The strength of law enforcement and political stability also shape risk and price – where ‘risk’ refers to how advanced issuers are at detecting fraud and how quickly they respond,” says Warmenhoven. “Cards with longer expiration dates command a premium: about 87% of the cards we observed remain usable for more than 12 months, which makes them easier to resell.”
Carding: How criminals turn stolen cards into cash
Millions of cards are listed on the dark web, but the money is made in what happens next – the cash-out, a process usually called carding. Stealing or buying card data is just the start; the real skill is validating, monetising, and laundering that data so that it turns into actual profit.
Carding runs like an industrial supply chain. Different actors play specific roles: “harvesters” source or steal data; “validators” run bots that check thousands of cards per hour; and “cash-outers” convert validated cards into gift codes, goods, crypto, or cold cash.
“The crucial step in carding is validation,” says Warmenhoven. “Cybercriminals use bots to run tiny test charges or authorisation attempts to see which cards work. Sometimes they use small payment providers or merchant sites they control to spread attempts and hide failures.
“Once a card is validated, it can be used to withdraw cash from ATMs, buy gift cards or vouchers, or purchase travel and accommodation that can later be resold,” Warmenhoven says. “Monetisation and laundering are tightly coupled – multiple steps are used to obscure the origin of funds.”