An explanation of how new credit cards have information stolen

Nov 19, 2022, 5:00 AM
(AP Photo/Jenny Kane, File)...
(AP Photo/Jenny Kane, File)

(AP Photo/Jenny Kane, File)

Q: How can thieves steal a brand-new credit card that I’ve never used?

A: Anyone with a debit or credit card has likely experienced the unsettling notification of a fraudulent transaction that leads to questioning what they did to allow this to happen.

The natural assumption is that a recent transaction with a compromised retailer or an unscrupulous employee used a card skimmer to capture the card details.

Many retailers or restaurants are wrongly accused of being responsible for the compromise because the notification of a fraudulent transaction came right after the transaction with them.

Your situation where the card was never used clearly shows why jumping to conclusions about a recent transaction can be misguided.

Massive Guessing Attacks

There’s a form of “card cracking” that uses computers and online bots to guess your card number, expiration date, or the three-digit CVV (Card Verification Value) on the back.

Let’s start with the 16-digit card number, which may look like a complicated thing to guess, but they don’t need to guess all the numbers.

The first 6 numbers signify the card network and the issuing bank, which is clearly explained online.  Look at your credit cards and you’ll see that if it’s a Visa card, it starts with a 4. Mastercard starts with a 5 and American Express starts with a 3.Since the cyber thieves know which numbers are standard and which ones need to be guessed, they set up large online bots that can submit small transactions to thousands of e-commerce websites with the guessed numbers to see which ones are accepted.

This is why you often hear of a massive fraud incident that only targeted customers of a certain bank.

Another way they perform their guesses is by compromising a less secure credit card processing system, which gives them the ability to run thousands of transactions per second to quickly discover legitimate card numbers.

Known credit card numbers can also be purchased from the dark web to bypass the need to guess them at all.

Once they determine legitimate card numbers the rest is quite simple from a math standpoint.

The expiration date is one of the easiest to guess since the date is only up to 5 years or 60 different values. Your 3-digit CVV only has 1000 possible combinations, which is nothing when you consider bots can submit thousands of transactions in a very short period of time.

Recent Example

I recently chimed in on a news story from Arizona where a large number of Wells Fargo customers (including a close relative) were alerted to an attempt at a fraudulent transaction that had the incorrect expiration date.

A small computer shop in Alabama was used to attempt to process 560,000 transactions in the middle of the night with many of the transactions being rejected because of an incorrect expiration date.

The thieves clearly acquired a list of valid credit card numbers of Wells Fargo customers in the Phoenix area and used the credit card processor for the small shop in Alabama to execute their massive guessing scheme.Until the credit card industry changes its current methods, this very effective method of card cracking will continue to be a nuisance to us all.

Data Doctors

Ken Colburn, Data Doctors

Here are some tips on how to speed up slow starting computers

Here are some ways you can identify and solve potential issues that may be causing your computer to start up slower than normal.
7 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

Here are the differences between Google Chrome and Microsoft Edge

Half of the United States uses Google Chrome as a default browser, but here are the key differences between Chrome and Microsoft Edge.
21 days ago
(Pexels Photo)...
Data Doctors

Tips on how and when to use the iPhone screen recording feature

Here are some tips on when and how to use the the screen recording feature located on the dropdown bar on your iPhone.
28 days ago
In this photo illustration a spam 'Phishing' email is displayed on a laptop screen on March 21,2022...
Data Doctors

Tips and tools to detect and avoid computer phishing scams

Far and away, the method of choice for compromising users is through sophisticated phishing messages in email, via text messaging and through social media accounts.
1 month ago
(Pexels Photo)...
Data Doctors

Tips for helping the elderly spot and avoid phishing emails

Here are things you should look out for and avoid if you are helping someone detect phishing emails on their mobile devices.
1 month ago
Ken Colburn, Data Doctors

Here are a few tips for detecting keyloggers on a MacBook

If you think you might have a keylogger on your computer, here are a few tips to help you navigate through the situation.
1 month ago

Sponsored Articles

Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
Children’s Cancer Network

Children’s Cancer Network celebrates cancer-fighting superheroes, raises funds during September’s Childhood Cancer Awareness Month

Jace Hyduchak was like most other kids in his kindergarten class: He loved to play basketball, dress up like his favorite superheroes and jump as high as his pint-sized body would take him on his backyard trampoline.
An explanation of how new credit cards have information stolen