According to cybersecurity company NordVPN, British bank cards for sale on the dark web – a hidden group of websites only accessible by specialised web browsers – go for anything from £1 to £20.

The majority of UK-issued cards are sold to fraudsters for £16 but the overall average price was £11.06.

The most expensive cards could be found in Japan, with an average price £30, while the cheapest cards on the dark web belonged to Honduras with an average price of less than £1.

Some 134,607 UK-issued cards were found for sale on the dark web. It was the second most affected European country after France which had 154,016 cards hacked.

NordVPN says the UK remains a popular target for criminals because of its big population and high quality of life.

Marijus Briedis, CTO at NordVPN, said: “British payment cards are pretty expensive (compared to the £9.70 world average) despite the country’s user-friendly payment card fraud-prevention policies. If a lost or stolen payment card is used in an illegal manner, the liability falls onto the bank. That is why many British banks have extra security measures in place to protect their customers. So even if the UK remains a potential target because of its high credit card penetration, the payment card fraud losses in the country are decreasing every year.

“Prices of cards depend mostly on demand. The greater the demand, the more money criminals can charge for certain data they try to sell. In this case, the demand directly correlates with how easy it is to steal money from a card and how much money could be stolen. That is why the most expensive cards come from countries with a higher quality of life or poorer bank security measures.”

Last year it was reported that personal details of customers of estate agency Foxtons Group were for sale on the dark web. About 16,000 credit and debit cards belonging to customers of Alexander Hall, Foxtons’ mortgage broking business, as well as address and private correspondence, were freely accessible to potential scammers.

A Foxtons spokesperson said: “A full forensic review was conducted and the ICO and FCA confirmed that the attack did not result in the loss of any data that could be damaging to customers.”