by John Biggs
With the news that Target and Neiman Marcus revealed more than 70 million pieces of customer data to hackers, I thought it would behoove me to inspect my credit card bill. Sure enough, my card number had been stolen and used to buy $10 worth of something somewhere in Ohio.
I won't go into what to do when someone steals your credit card (cancel it immediately, report fraudulent charges, subscribe to a credit watch service, keep track of your bills like a hawk) or how to prevent it in the first place (use Paypal online, cut up your debit card, use one credit card for "unsafe" purchases at companies that have been compromised). Instead, let's look at how my credit card information was stolen and where it probably went.
First, let's figure out how the hackers got the numbers in the first place. As far as anyone can tell, they were most likely able to "sniff" the numbers and data out of the stores themselves, although the breach could have been far more comprehensive. All anyone knows at this point is that more than 70 million pieces of data, including credit card numbers, were stolen. It's staggering.
Once a thief gets your card number, there's no telling when or even if it will be used. Credit card numbers are bought and sold on the black market by hackers who call themselves carders. Carding is actually quite dangerous - it's rare you can actually make purchases anymore with only a stolen number - but there are some tricks they use to grab your cash.
For one, remember that most credit card fraud is caught at the bank level. Those calls you get from the credit card company usually work, and even though they are sometimes annoying, they're important. Once a card is canceled, it can't be used anymore.
Carders buy and sell cards in large, thousand-number packets. When you "check out" on black market sites, the carders will scan every single number to ensure it's at least active and not locked. Card numbers are inherently insecure. You can make sure a card is valid by using a simple mathematical equation (this site will check your number for you) because, in the old days, you had to ensure a number was real without access to a networked computer. Without major human fraud prevention, we'd have a much bigger card problem on our hands.
Once a card is checked, carders can start using it. Most of them don't clone cards -- meaning create copies of existing cards. That's expensive. Instead, they use a variety of techniques to buy items and ship them to themselves. For example, those "get rich quick" schemes often require you to be a drop for a carder. Carders ship stolen items to your house, give you a little cash, and ask you to ship the items to another location. You, then, are the one in possession of stolen goods and you're the one arrested.
Some bolder carders will simply have items sent to themselves or request bulk orders from businesses, offer up a credit card, and then take delivery a few days after the business owner discovers that the card has been canceled.
Most stolen cards are shut down sooner than later. But folks with a debit card or an unfriendly bank can be on the hook for hundreds in charges. Credit card fraud is a messy, nasty business and it pays to know what to look for when it happens to you. It's also good to be aware of how carders take advantage of a broken system to make a quick buck.
Have you ever had your credit card stolen? What did you do?