What Retailers Should Know About The Dark Web

  • March 6, 2020 at 8:07 AM EST
  • By Milica Kostic, DataProt
Share on linkedin
Share on twitter
Share on facebook
Share on reddit
Share on email

Owning an online store brings a different set of challenges compared to owning a traditional brick-and-mortar mom-and-pop bodega.

Online retailers have to safeguard copious amounts of their customers’ delicate and personally identifiable information. Legally binding protocols like the GDPR in Europe and HIPAA hold store owners to a high standard of cybersecurity.

For instance, the Magecart javascript infects “shopping cart” pages on online stores. It redirects the unsuspecting customer’s payment information right into the hands of cybercriminals.

The bad actors then move the valuable loot to the online underground market known as the Dark web. What exactly goes on in the murky waters of the Internet that even Google dares not tread, and what do retailers need to know about it?


Before we dive in, let’s first define the Dark web and clear the ambiguity between it and the Deep web.

Dark Web Vs. Deep Web — What’s The Difference?

These two terms often get taken as synonyms, when actually they denote different things.

They both refer to the part of the Internet that’s invisible to common consumers and search engine crawlers alike.

The Deep web lacks the ominous overtones of its Dark counterpart. The Deep web is the backroom storage of the Internet — it’s where archives, user databases, bank transactions and similar protected information is stored and exchanged.

According to DataProt’s useful and informative infographic (link below), the Deep web is 500 times larger than the visible part of the web.

The Dark web is what sends chills down a decent person’s spine.

It is accessed by TOR (The Onion Router) — a specialized browser that completely encrypts traffic sent through it. The secrecy TOR provides makes a fertile ground for all kinds of criminal activity.

Data Breaches

It’s no longer a matter of whether a retailer will fall victim to a data breach — it’s a matter of when. In the first half of 2019, there were more than 20 leak reports per day, according to DataProt. A breach is nothing but bad news for a retailer. It hurts the company’s reputation, it compromises its internal security and, most importantly, hurts their customers.

Aside from providing a platform for illicit information trade, the Dark web is also a knowledge hub for hackers to exchange experience and know-how, as well as plot out future attacks in real time.

Retailers are advised to periodically check the Dark web for leaked company email credentials. These are a definite sign that something is about to go down.

Gift Cards

Gift cards have become an essential strategy for retailers — they facilitate stronger bonds between store and customer, raise brand awareness, attract new customers and increase sales. It’s no wonder Allied Market Research predicts that the gift card industry will grow to more than $1.5 trillion by 2025.

Gift card credentials are excellent loot for cybercriminals. They are easy to obtain and it’s a breeze to harvest information from them. Once the hacker loads credentials on a card using a simple and readily available magnetic strip writer, counterfeit gift cards can be used with ease. Shop clerks rarely check their validity.

The Dark web markets are brimming with stolen gift card credentials. According to the Internet Security Threat Report by Symantec, restaurant and online retailer gift cards on the Dark web black market go for 15%-50% of their face value.

Retailers can take a few steps to protect their gift cards and loyalty programs from criminals.

First, keep the gift cards locked behind glass or in cabinets. The hackers often need to be in possession of physical cards in order to brute force already existent accounts with funds on them.

Next, retailers should require a PIN for gift cards. On a logistical level, the PINs and the cards should be kept separate.

Lastly, retailers should limit the online balance checking procedure to one per hour.

Counterfeit Goods

The global market for counterfeit goods is $461 billion, according to a report by the U.S. Chamber of Commerce Global Intellectual Property Center. Everything from relatively harmless products like handbags to things like prescription drugs have their bootleg counterparts.

Fake goods are abundantly traded on the Dark web. In 2017, an international effort took down the largest Dark web market, AlphaBay. According to a report by Europol, the market had more than 10,000 listings under the category “Counterfeit”.

Brand managers have a myriad of tactics for battling this scourge — from registering an e-Commerce site on a Chinese IP (where most bootleg merchandise originates) to frequently updating their product packaging and design.

Smaller retailers can do little to battle the fencers on the Dark web, but investing in consumer education is one of the possible cures. Not a lot of people are even aware of the damage counterfeit goods do, nor do they buy bootleg items on purpose. A simple reminder can jolt a portion of consumers from complacency.


Shoplifting remains a huge problem for retailers across the globe. Shoplifting and organized retail crime accounts for 35% of inventory shrinkage, according to data published by the National Retail Federation.

Shoplifted items are frequently fenced on the Dark web markets. The anonymity and speed of trade on the Dark web makes it a perfect platform for quickly getting rid of stolen goods.


The Internet made things more efficient and accessible — that goes for everyone and everything, even criminals.

It’s much tougher now to get in the tracks of criminals. There are tools that retailers can use to search the Dark web for information telling of a data breach or an imminent attack on a web site.

To learn more about the Dark web and how to browse it, check out this infographic.

Milica Kostic is a cybersecurity awareness advisor and contributor at DataProt. She is committed to raising awareness of the importance of cybersecurity through her publications and initiatives. Kostic became a writer after earning a degree in sociology. Today she focuses on technology’s effects on society. In addition to cybersecurity, she writes about finance, marketing, blockchain technology and customer experience strategies. 



Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below:

Access The Media Kit