There’s been so many companies who’ve been hacked (Target, Home Depot, Wendy’s etc etc etc) and had so much credit card and other data stolen it boggles the mind.
So, what are the thieves doing with it? Is it being used for nefarious purposes and we just don’t hear much about it?
They buy stuff before the card gets canceled.
The hackers can make money selling the card info down the line, then the buyers can use it for nefarious purposes in ways that they hope don’t trip card security alerts. Or they can use it in a way that does get noticed but only after the purchase goes through. Or the card gets denied because of security alerts but the bad guy bought a thousand cards so they just move on to the next.
Nobody takes the data then turns around and uses it right away. The data can sit for months and years and be split up a million times before it gets used, and there’s no way to track it to the original theft.
For the big breaches like that, your credit card (and personally identifiable) information is usually sold in bulk on underground (or even not-so-underground) websites.
This is what the small timers do. It can net them 100’s to 1,000’s of dollars.
This is what the big timers do. It can net 100’s of thousands to millions of dollars.
This is what I am wondering about. It’s big news when credit card data is stolen but at that point nobody feels any “pain.” I don’t see many stories about those millions of dollars being stolen. [Conspiracy theory alert!] Is that information suppressed so we don’t lose confidence in the CC system?
I think it’s just diffused into the general realm of credit card fraud by then. Hackers steal some big list of data and sell it to criminal organizations in Russia or Eastern Europe who in turn sell access to it to other criminals who then actually misuse your information in various ways (CC fraud, identity theft, etc). But no one takes ten thousand credit card numbers and makes ten thousand orders to Amazon that week. By the time your particular info is being misused, it may be months from the event and just one more problem phone call for your bank to handle.
My wife’s and my credit card have both been compromised, and in both cases the thieves made (or attempted to make) a lot of online purchases for gift cards/long distance calling cards and other random shit. One was a year’s subscription to some online gaming thing - which I assumed was purchased by someone downstream from the identify thief, but I guess could’ve been the thief himself, either too stupid or too brazen to care about having a traceable account linked to a stolen credit card.
Then again, he may have just assumed that the police wouldn’t give enough of a shit to bother following up on it-- and they didn’t-- so I’m probably the stupid one, to think that there’s any risk involved with committing that kind of petty fraud.
The big guys don’t make their millions by charging stuff to the cards, they make theirs by selling the data to other fraudsters. It’s then resold until it gets to a “end user” who tries to charge stuff to the card, use the info to open another card, etc. The sale/resale totals are even counted in the fraud loss numbers, estimated to grow to $32 billion by 2018 from an actual $21 billion in 2014.
The loss numbers are being reported. The loss to any single card likely averages in the 100’s to 1,000’s of dollars, but considering over 1 billion data records were breached in 2014 the overall loss numbers are huge.
I think nobody notices it because it’s a steady trickle of losses to vendors at later dates, occurring when a criminal buys stuff with stolen credit card info, and then the card company denies the charge from the vendor.