On dark web marketplaces, identity has just been another commodity since the days of the infamous
Silk Road, if not before. But a recent review of 25 easily accessible dark web markets and forums by
analysts at AMLTRIX, an open-source anti-money laundering framework, shows just how far this trade
has expanded, and how easy and cheap it has become to attempt defeating the biometric algorithms
used by major fintechs and traditional banks.
Bypassing the Know Your Customer (KYC) process became the simple question of spending $30
Verification bypassing became industrialised. For roughly $30, criminals can purchase a “verified”
existence: a high-resolution ID scan, a matching selfie, and a dossier of personal data. Although a lot of
verification systems now require a live video with an ID or passport, such data can be fed into camera
emulators that bypass at least some standard live checks.
“A full identity pack with ID scan and selfie is now cheap enough and accessible for criminals to buy in
bulk, and if that is not enough, the dark web offers other, more reliable, although more expensive
options,” says AMLTRIX co-founder Gabrielius Erikas Bilkštys. “That reflects how often the same
personal data is stolen and resold, and how industrialised this market has become.”
Once online, the same identity can be used repeatedly to open bank accounts, crypto wallets, or
payment app profiles, with the original victim often unaware until debt collectors or law enforcement
become involved.
The consequences for victims extend beyond a damaged credit score. Because these “Full Identity
Packages” are specifically used to build mule accounts for laundering, victims whose faces and IDs are
sold may find themselves flagged not just by debt collectors, but by criminal investigators.
While a stolen credit card offers a one-time payout, a full identity package allows criminal syndicates to
open mule accounts, laundering huge sums through a legitimate banking infrastructure before the fraud
is detected. In its September 2025 report, UNODC notes that in organised fraud schemes, “bank
accounts are commonly registered to fake, stolen, or borrowed identities”.
Prices of identifying document sets are dictated by how rigorous the target country’s banking
compliance is. According to the analysis:
● US Profiles: $45 – $100.
● Polish/Danish Profiles: $30 – $40.
● UK Profiles: $30 – $35.
● Russian/French/Australian Profiles: $20 – $30.
Dark web marketplaces are also full of high-priced promises. Listings for physical documents such as an
Irish passport for $2,500 or a UK “frequent traveller” passport for $2,600 suggest a trade in border-
crossing capabilities.
However, analysts note that these high-ticket items are often “honey pots” or scams targeting other
criminals. This dynamic has forced the trade downstream, and the reliable trade has consolidated
around low-cost digital goods.
The black market is no longer driven solely by one-off thefts, but by the demand for components used to
build synthetic identities. When vendors list verified crypto accounts for $200 – $400, they are
effectively selling an easy solution for money laundering.
The steep markup for a pre-verified account, jumping from $30 for raw data to $300 for a functioning
crypto account, indicates a high failure rate for criminals attempting to do the verification themselves.
Criminals are paying a premium to outsource the risk of getting caught by biometric filters, suggesting
that while the “entry fee” for fraud has dropped, the technical barrier to success remains significant.
Market fueled by hacks and scams
For organisations, one of the key misunderstandings is seeing the dark web as a completely separate
world. “Many organisations still think of the dark web as a distant, exotic threat,” says Gabrielius Erikas
Bilkštys. “In reality, it is tightly connected to everyday phishing campaigns, large data breaches, account
takeovers, and money laundering cases that compliance teams are already dealing with.”
For financial institutions, simply collecting more documents or selfies is not enough. They need to assess
how plausible those identities are over time, and to spot behavioural patterns that suggest accounts are
being controlled by criminal networks rather than genuine customers.
As the barrier to entry for identity fraud drops, the defence can no longer rely on static documents. The
challenge for 2025 is not just verifying who a customer is, but verifying that the person behind the
screen isn’t coming from the marketplaces of the dark web.
