Dear Straight Dope,
Say I surreptitiously swipe someone’s credit or debit card. I write down their card number, cvv code, expiration date, and find out their zip code for good measure. I then put back the card without them noticing. Am I able to commit a crime with the information I have? What safeguards are in place? Maybe this is a question for Cecil? I’m just dreaming. Don’t get your hopes up, Dave. He would never answer this.
Pianodave
They can make purchases online, the same that you can do with your own card with the same info. Although some vendor/card combos require an additional password login (e.g. Newegg if I use a Wells Fargo card). These safeguards otherwise seem somewhat rare among online transactions.
The safeguards include the cardholder noticing and disputing charges. Depending on how fast they notice, their liability can be $0 or some portion (credit is safer than debit). Now the thief has a large financial corporation after them. Or they may notice even faster if you get greedy and make a transaction that isn’t typical for the cardholder.
Depends - for deliveries, perhaps routing a package to somewhere other that the billing address could set off alarm bells, or at least a closer look by the vendor or card issuer. They also have pattern checks - so wildly unusual purchases or those at riskier vendors may also trigger alarms. At one time, before the pattern detection systems, I read the most common fraud was for online porn services. Presumably you could buy online license codes for expensive software, but I think a lot of software nowadays “phones home” to verify licensing regularly, so you’d be giving you IP address to whoever wanted to track you down.
I got a call once from American Express (on a Saturday at 7AM) telling me they were cancelling my card and sending another one, since a charge had been attempted for a Columbian telco(?). The day after they said the card was cancelled, someone used the card to buy a ticket from Manila to Hong Kong and I had to dispute the charges. “Duh! You told me you cancelled the card the day before! What gives??” But in the end I paid nothing.
Unless you have the equipment to physically make a card (& if you do have that equipment, you’ve just ratcheted up the charged when you do get caught), you’re limited to online purchases. I guess you could use it to download some movies/books/music & get away with it, but anything physical needs to be delivered to you.
Pro tip: If you’re paying with a fraudulent credit card, it’s best not to give your address for when the police or postal inspector decide to investigate it. That doesn’t mean send it to your neighbor, friend, or relative; they’ll sing like a canary when the cops show up & realize that you unknowingly made them into a drop for your crime.
IOW, throw that CC info in the trash as the risk/reward profile sucks.
Find abandoned, for sale, or unoccupied house. Use that address, sit outside in car waiting for delivery to be made, take when they drop it off.
In my experience, the actual address can be very flexible and still work in websites. For example, for work I can use the official street address which is unmarked and very nondescript. Or I can use an internal mail stop, and either way websites don’t care what I put, it doesn’t need to match the official. But as stated, the alarm algorithms might chime if you use a weird address, particularly if it’s a different city or even country.
Ok, this question confused me at first. I think “swipe” in this sentence means “steal”, not “run through a card reader” as I originally interpreted it. Correct?
^^IKR?
IKR means what now?
I agree with markn+ that choosing to use the slang “swipe” for “steal” was a misleading word choice in the OP.
My bad, I meant swipe as in steal. I use my Square app to sell my album of piano music, and I frequently enter in people’s card information. I thought one day, “Wow, this is something really personal that these people are letting me access. Could a bad person take advantage?”
I have personal and corporate credit cards, and with each of them there needs to be a billing address on file with them. You can’t simply add an alternative shipping address without being an authorized user to begin with. I’ve had vendors refuse to ship to my home address from the corporate card or to my business address with my personal credit card because that address wasn’t on-file.
So if a crook were using the above information you mentioned, a crook wouldn’t be able to have anything ordered that involved an address unless it matched the one on-file. So that’s one of the safe guards.
Also, I’ve had credit card companies contact me if the charge was unusual. It wasn’t just the amount, but it was the location and the type of purchase. I once went into a wireless phone store and bought a second charger about 10 miles from home. It wasn’t expensive and I was contacted by the credit card company immediately to verify that I actually made the charge.
Oh, come on, you know, right?
Nope. No clue. Honest. Have never seen it on the Dope before. Didn’t bother to Google then either.
To avoid continuing the hijack (much), I did just Google. Apparently it means “I know, right?” IOW a sarcastic rhetorical question implying agreement. ISTM these internet initialisms are hard. 
At which point I get eschereal’s little joke.
And we’re all blinded by the flash of illumination!
BTW, “I know, right” isn’t always ironic or sarcastic, but it is always rhetorical.
My cite is my wife and her circle of gossipy friends, who always seem to use it as in-group signaling mechanism of conformity and concurrence.
Tons of thieves do all kinds of crimes like this, all the time. Though I would imagine that now that chip cards are commonly available, the window for the thieves is closing. (chip cards are much harder to steal from)
Sometimes they are caught, sometimes not. Identity theft in the United States - Wikipedia
Apparently the thieves collectively steal 24 billion dollars, more than twice the total of all other crime. The reason for this is that it is fairly easy to get away with for a long time.
Physical theft of unoccupied structures? Someone will eventually show up and report the thief to the cops. The stolen goods, if it’s expensive stuff, often has serial numbers and other things.
Cash and goods stolen by identity theft doesn’t leave this kind of trail, and it is possible for the identity thieves to get the information they use online. The problem when the OP’s hypothetical is that if the OP worked as a clerk somewhere, and stole from a few hundred customer’s credit cards, it is quite straightforward for investigators to notice that there’s a cluster, that all the customers who are victims bought from the same place.
That lets them figure out it was the OP. But if the OP bought credit card info from anonymous russian hackers, there’s no such place correlation. Those same crooks online of course sell all the physical card making equipment, etc.
Like any crime, it carries a significant risk of being caught and jailed. The risk is obviously lower but it’s still substantial. It’s also morally wrong, the victims are not just the banks and credit card companies, the individual victims often lose substantial time and money as well, especially if there is a delay before they notice the thefts.
To summarize : yes there are safeguards, no they are not airtight, and there are many thieves out there, collectively stealing a lot of money. Most of them probably eventually run out of luck and go to jail, however, and I am not recommending this conduct, simply pointing out that it is apparently in fact a profitable crime for a time.
Probably $0 (but limited by federal law to no more than $50) and the merchant’s liability is also probably $0 if they perform the CVV check and zip code check.
Doubtful. Going after someone who steals 1M credit card numbers from a merchant’s database pays off. Going after a single thief usually doesn’t.
I once had someone in Atlanta get my card number. I do not know how that happened. He bought two pizzas from Papa John’s and a membership on a porn site. My bank suspended my card for unusual activity before I even knew about the transactions. I doubt they ever tried to track the guy down. I called the Papa John’s and they said it happens all the time.
Yes, as noted above.