Stolen payment card details are now being sold on dark web marketplaces for less than the price of a specialty coffee, according to research from NordVPN analyzing over 75,000 listings. The findings expose a troubling reality: personal financial data has become a commodity so cheap and abundant that criminals can acquire it for pocket change, making identity theft an increasingly industrialized operation driven by basic supply-and-demand economics.
Key Takeaways
- Stolen payment card details from North America sell for as little as $10 on dark web marketplaces.
- Streaming account credentials like Netflix or Spotify cost as little as $4.55, making subscription fraud trivially affordable.
- Complete identity packages including social media accounts sell for under $150.
- North American stolen card listings account for over 70% of all stolen card inventory online.
- Payment card prices vary dramatically by geography, with Japanese cards fetching $22.80 while DRC cards sell for just $0.94.
How Dark Web Markets Price Stolen Payment Card Details
The dark web has transformed identity theft into a marketplace where stolen payment card details are priced like bulk commodities. NordVPN’s research found that stolen payment card details from North America are sold for as little as $10, with the most common cards being Visa followed by Mastercard and American Express. The pricing structure reveals that debit card information is more widely available than credit card information in these markets, creating a glut that keeps prices depressed.
Geography drives pricing in ways that expose where breaches are most common. US card data costs around $11.51 per card, while Canadian cards average $5.88—both far cheaper than cards from Japan at $22.80. The Democratic Republic of Congo has the cheapest stolen card data at just $0.94, while Barbados and Georgia cards sell for $1.30 each. This geographic price variation reflects a simple principle: countries that experience the most data breaches flood the market with stolen credentials, which crashes the price through oversupply.
What makes this pricing structure so alarming is not just the absolute cost but the implication it carries. When stolen card data costs less than a coffee, the barrier to entry for would-be identity thieves collapses entirely. A criminal with minimal resources can now afford to buy hundreds of card numbers and attempt fraud at scale, knowing that even a small success rate will be profitable.
The Broader Identity Theft Marketplace
Stolen payment card details are only one piece of a much larger underground economy. NordVPN’s research shows that criminals can purchase complete identity packages—including social media accounts, email credentials, and personal information—for less than $150. Streaming service accounts like Netflix or Spotify sell for as little as $4.55, making subscription fraud almost frivolous in cost.
This tiered pricing structure reveals how criminals think about identity theft. They do not need your entire digital life to cause damage—they can buy specific pieces based on what they want to exploit. A fraudster targeting financial accounts focuses on payment card details. Someone interested in social engineering or account takeovers might buy email credentials and social media access. The modularity of the dark web marketplace means criminals can customize their attack based on budget and objective.
Prices in these markets have not remained static. Between 2023 and 2025, payment card data prices increased by as much as 444%, suggesting that even as supply has grown, demand from criminal organizations has grown faster. This is not a market cooling down—it is a market accelerating.
Why North American Data Dominates the Dark Web
North American stolen card listings account for over 70% of all stolen card inventory on dark web marketplaces, according to NordVPN’s analysis. This overwhelming supply comes from the sheer volume of data breaches affecting US and Canadian companies and consumers. Major retail chains, financial institutions, and tech companies have all suffered breaches that dumped millions of payment card numbers onto the dark web.
The abundance creates a vicious cycle: more stolen North American card data enters the market, which drives prices down, which makes fraud against North American cardholders more attractive to criminals because they can buy in bulk at low cost. Meanwhile, countries with fewer breaches—like Japan or Singapore—see stolen card data command a premium, because supply is scarcer and criminals know fewer cards are available.
This geographic concentration also reflects regulatory and security differences. Countries with stronger data protection laws, more sophisticated fraud detection systems, and better breach response procedures experience fewer large-scale leaks. Paradoxically, this makes the stolen data from those countries more valuable to criminals, because it is harder to obtain and may be fresher.
What This Means for Consumers and Defenders
The industrialization of identity theft pricing exposes a fundamental mismatch between the cost of stolen data and the damage it causes. A criminal might pay $10 for your payment card details, but the fallout for you—fraudulent charges, account freezes, credit monitoring, and hours of dispute resolution—far exceeds that trivial price tag. The attacker’s minimal investment creates maximum friction for the victim.
NordVPN released an interactive calculator as part of this research campaign, allowing consumers to estimate what their own stolen personal data might be worth on dark web markets. The tool serves as a sobering wake-up call: your financial data has a price, and it is shockingly low. This awareness is valuable not because it should frighten people into paralysis, but because it clarifies the scale of the problem. Identity theft is not a rare crime committed by sophisticated hackers—it is an industrialized operation run like any other business, with inventory, pricing, and customer service.
Are stolen payment cards really that cheap?
Yes. NordVPN’s analysis of dark web marketplaces found stolen payment card details from North America selling for as little as $10, with some regional cards—like those from the Democratic Republic of Congo—priced at under $1. The low cost reflects abundant supply from frequent data breaches rather than low criminal demand.
How much does a complete identity package cost on the dark web?
A complete identity package including social media accounts, email credentials, and personal information sells for less than $150 on dark web markets, according to NordVPN research. Streaming subscriptions like Netflix or Spotify are even cheaper at around $4.55.
Why is North American payment card data so cheap compared to other regions?
North American stolen card listings make up over 70% of all stolen card inventory on dark web marketplaces, creating massive oversupply that crashes prices. Countries with fewer data breaches, like Japan, see stolen card data command a premium—$22.80 per card—because supply is scarcer.
The dark web marketplace for stolen identity data reveals an uncomfortable truth: your personal information is worth far less to criminals than the damage it causes to you. As breaches continue and stolen data floods underground markets, the cost of entry for identity thieves only gets lower. The solution lies not in accepting this as inevitable, but in demanding stronger data security from the organizations holding our information and taking personal protective measures like credit monitoring and fraud alerts seriously.
Edited by the All Things Geek team.
Source: TechRadar


