Macau is at a relatively high-risk level of payment card detail leaks, VPN provider NordVPN recently announced in a blog post.
By payment card, the company refers to both credit and debit cards.
The company commissioned a team of researchers to analyze payment card data from 4 million cards collected on the dark web.
On a scale of 0 to 1 (0 being least risky and 1 being most) Macau has scored 0.8 on the risk index. Meanwhile, the Chinese mainland has scored 0.1 and Portugal has scored 0.4.
The risk index was calculated based on three elements: 1) the number of cards per capita in the database for in the financial jurisdiction; 2) the official number of cards in circulation, as reported by card brands, for the jurisdiction; and 3) the proportion of non-refundable cards in the database for the jurisdiction. The third element has reduced influence on the overall index, however.
The level of the risk index, as NordVPN explains, is based on the assumption of one card per person. It emphasized that the more cards a person has, the more likely one of the cards will be hacked.
However, it also explained that as far as place of issuance is concerned, there is no direct correlation between the risk level and the number of card details obtainable on the dark web.
For example, NordVPN’s independent research found 1,561,739 sets of card details for sale on the dark web from the US during their research, the largest number across all financial jurisdictions, but they did not see US card bearers more prone to risks of leakage. By contrast, the high proportion of non-refundable cards in Turkey gives the country a higher risk index.
Nonetheless, based on this reasoning, the company did not explain why the Chinese mainland is less at risk than Macau.
In terms of popularity, Visa cards were most common, followed by Mastercard and American Express. The data on mainland China did not coincide with this average trend. In the jurisdiction, Mastercard topped the list with China’s own payment card brand, China UnionPay, being only in third place.
On average, a set of card details costs less than USD10.
NordVPN also revealed the very troubling finding that the blind-sorting of payment card details, such as card verification value (CVV), can take as short a time as six seconds, provided that the numbers visible on a payment card were generated using a known set of rules.
Discussing how payments can be made more secure, the company recommended that passwords – strong ones – must be used during payment. Moreover, multi-factor authentication, such as verification by biometric elements, should be introduced.
It urges banks to adopt fraud detection tools, so that when a suspicious transaction takes place, the computer system can detect it and warn customers immediately.
Local law-enforcement authorities and banks have blamed vendors such as Apple for requiring too little information when a transaction is processed, leaving significant loopholes for payment card abuse.