Credit card fraud is at an all-time high. Statistics say that online fraud is up more than 750% from where we were just one year ago today. With more and more companies utilizing eCommerce, thieves are looking to use eCommerce too as a way to steal from you.
We recently saw an erroneous comment on social media from someone who admonished merchants to always get the credit card number, the 3-digit security code, the expiration date and the billing address and you will be safe from fraud. Nothing could be further from the truth. Thieves can obtain that same information from a variety of methods and use it later in fraudulent transactions.
A credit card skimmer can easily capture all of the data from your credit card. In fact, the magnetic stripe is loaded with personal information that may include much more than just the credit card data. It includes the billing address of the card and some even carry such personal data as your date of birth. Skimmers are most commonly used at gas stations. They are easy to insert into the pump credit card reader and you likely won’t even know that your card has been compromised. Thieves capture your data from the skimmers on Bluetooth devices and don’t even need to get out of their car to do it.
Hackers are constantly trying to penetrate large servers that store credit card data. Examples of recent victims are Chipotle, Marriott, Target and most recently Click2Gov, an online portal that many city municipalities use for processing tax and license payments. Once thieves successfully breach a system, the thieves have access to thousands of cards along with the full data. It’s not just through data breaches that cyber thieves can steal credit card information. Cyber thieves are also using a strategy called “formjacking” where malicious code is used to steal credit card details during the checkout process on eCommerce sites. This type of fraud is on the rise, with reported attacks affecting major sites such as Ticketmaster and British Airways.
Selling Stolen Credit Cards
During the first half of 2019, 23 million credit cards were stolen worldwide, according to cyber threat intelligence company Sixgill. About two-thirds of those stolen card numbers were issued in the U.S. But what can a thief do with a stolen credit card number?
For many, gaining credit card numbers is about more than simply making fraudulent purchases — although they do that as well. Credit card numbers can be converted into cash by buying up gift cards and purchasing easily sellable items to resell through online marketplaces such as eBay. There are also criminals who are interested in the big hauls. In many instances, the fraudster is actually selling your credit card number to other cyber criminals. The data from a single credit card can be sold for more than $45 on the black market. In the case of Marriott’s 2018 data breach, hackers were thrilled to obtain a trove of data about 383 million previous Marriott guests. That’s equivalent to billions of dollars in potential profits.