Skip to main content

What happens to my stolen card details?

A hacker using stolen credit cards

Whether it is setting up a password that even you can’t remember or covering a pin number at the local ATM, we all take steps to protect our finances and credit in the real world. Yet, despite our best efforts, we can still be susceptible to credit card fraud. Over one million Australians have been victims of credit card fraud or identity theft and the number is on the rise. Cybercriminals are becoming more sophisticated operators, running like well-oiled businesses. It takes multiple skills and expertise to steal data and then sell that data on – here we look at how it is done.

As highlighted by Dr Karl (ABC science), cybercriminals stealing credit card details will be set up like businesses, with managed teams focusing on specific parts of the process.  A group will code malware that enables hackers to access secure data banks whilst another group carry out the actual hacking. The plan is to hack into secured databases containing credit card information of consumers and extract it before being detected. One of the most successful hacks happened to Target – a large retailer in the US where over 70 million records were taken, costing the company over $252 million.

After the data has been collected it needs to be validated to ensure the cards are still in working order. Expired cards may be stored on file or the bank may be actively cancelling the cards after learning about the breach. The remaining cards are then usually sold on the dark web.

The Dark Web?

Yes, the dark web actually exists! It can be accessed via an anonymity network called Tor – but not by anyone. To enter a website selling credit card dumps, you will need to be verified by at least two members who vouch that you are a crook.  Essentially, two references to your criminality will allow you to do business on the dark web. Once inside, you can purchase a host of illegal items with cyber currencies like BitCoin.

A criminal with the digital details of a credit card can buy items online and withdraw cash until the victim notices the fraudulent behaviour on the account and raises it with the bank/provider. If personal details are sold along with the card details, the chance for financial harm to the victim is huge.

The cost of my credit card

So how much does your credit card data get sold for? Well, considering it is an illegal act and takes a team of hackers to obtain, surprisingly it’s a small amount. Intel Security’s threat research division, McAfee Labs, reports that the average price of a stolen credit card ranged from $21 – $40. Login credentials for accounts with balances ranging from $400 to $1000 cost around $20 – $50 and credentials for accounts containing $5,000 to $8,000 cost $200 – $300.

The price for an individual credit card may appear low, but when you consider that 1,000’s of card details are hacked and sold at a time, it suddenly seems a lot more lucrative.

Who pays for the fraud?

Ultimately it is you, the consumer. When you notify your bank or provider of fraudulent purchases on your credit card they will usually look into the transactions and refund your account. They take on the cost of the crime, but at a premium, paid by you through high bank and service fees. However, you may see this as a small price to pay for an added level of safety, considering the potential drastic financial issues cyber fraud can cause.

You may be helpless when it comes to preventing company hacks that may cause your credit card details to be stolen, but that doesn’t mean you need to make it easy for criminals. Change your online password frequently and regularly monitor your accounts for suspicious activity and report it immediately to your provider. If your debit card or credit card has been compromised, you’ll want to cancel the card and freeze the account immediately.