How Credit Cards Are Sold Online – Including Mine
By Mary Johnson, Editor
Your credit card may have been stolen and sold and you don't even know it – at least, not yet. Chances are you won't learn about it until you spot suspicious charges on a statement, or get notification from your lender of potentially fraudulent activity on your account.
Last year alone, 680 cyber hacking breaches involving the information of more than 24 million people were publically reported. This can affect you even if you don’t own a computer. One of those data breaches, for example, involved the South Carolina Department of Revenue. As many as 3.6 million Social Security numbers were compromised, 387,000 credit and debit cards were exposed. The stolen data included names and addresses as well.
How do cyber crooks unload millions of credit cards? They sell them, to other crooks. It's been said that you can buy anything online. That apparently applies even to stolen credit cards. There's a good chance that's how crooks recently got two of my credit card numbers and then used them to go on shopping sprees totaling about $1,000.
According to computer security experts in cyber crime, hackers sell and trade stolen credit cards and personal information online in secret underground markets. In an incredible NPR story, "How to Buy A Stolen Credit Card", Zoe Chace describes online "megamalls" for stolen cards.
The websites are closed to the public and people who get in have to persuade those on the inside they are not from law enforcement, or as Chace adds, "journalists." Posts on the websites list the type of information for sale, including names and addresses associated with the cards, and a price that's negotiable which can be about $3.50 to $10 a card.
Recently, two different lenders contacted me warning of potentially fraudulent charges on my accounts. Unwilling to respond directly to the email or phone call, and wary of scam attempts, I looked up my lenders' 800 numbers from my own records and placed calls to the companies directly. I wound up identifying about $1,000 in fraudulent charges on two different credit cards. Each charge had occurred within 24 hours of the lender contacting me.
Fortunately, in both cases consumer protection laws limited my liability for the losses, and I paid nothing, under the lenders' zero liability policies. I closed both accounts, but opted only to open one new one to replace the two I had closed.
Here are a few tips to protect yourself:
- Close credit card accounts that you are not using.
- Use only one card for transactions online and by mail.
- Keep receipts of all transactions and email confirmations in order to check your statements every month. File and keep statements since they have your lender’s phone number and contact information in case of questions.
- Take action if you receive alerts of data breaches of websites or companies with whom you do business. At the very least check your personal information and credit card, if any, on file with the company whose data was breached. It's a good idea to close any of the credit card accounts that are affected. When you do so, say that you were notified of a data breach and ask your lender to open a new account to replace it to prevent fraudulent charges.
- If you receive notification of a problem on your account from someone purporting to be a lender, don't immediately respond, but don't ignore it either. Unfortunately, email notices and phone calls "about your account" could be a scam attempt to steal your credit card and Social Security number. Tell the person calling that you will contact your lender yourself. Look up your lenders' 800 number from the statements you have on file and place the call. Your lenders' automated menus give you the option of a number to press to "question charges on your account." Once the customer service agent confirms your identity, he or she will review the charges with you.
Sources: "3.6 Million Social Security Numbers Hacked In S.C.," Noelle Phillips, The State.com, October 26, 2012. "How To Buy A Stolen Credit Card," Zoe Chace, NPR radio, June 17, 2011. "How Credit Card Data Is Stolen And Sold," Nick Bilton, The New York Times, May 3, 2011.