DATA DOCTORS

An explanation of how new credit cards have information stolen

Nov 19, 2022, 5:00 AM

Q: How can thieves steal a brand-new credit card that I’ve never used?

A: Anyone with a debit or credit card has likely experienced the unsettling notification of a fraudulent transaction that leads to questioning what they did to allow this to happen.

The natural assumption is that a recent transaction with a compromised retailer or an unscrupulous employee used a card skimmer to capture the card details.

Many retailers or restaurants are wrongly accused of being responsible for the compromise because the notification of a fraudulent transaction came right after the transaction with them.

Your situation where the card was never used clearly shows why jumping to conclusions about a recent transaction can be misguided.

Massive Guessing Attacks

There’s a form of “card cracking” that uses computers and online bots to guess your card number, expiration date, or the three-digit CVV (Card Verification Value) on the back.

Let’s start with the 16-digit card number, which may look like a complicated thing to guess, but they don’t need to guess all the numbers.

The first 6 numbers signify the card network and the issuing bank, which is clearly explained online.  Look at your credit cards and you’ll see that if it’s a Visa card, it starts with a 4. Mastercard starts with a 5 and American Express starts with a 3.Since the cyber thieves know which numbers are standard and which ones need to be guessed, they set up large online bots that can submit small transactions to thousands of e-commerce websites with the guessed numbers to see which ones are accepted.

This is why you often hear of a massive fraud incident that only targeted customers of a certain bank.

Another way they perform their guesses is by compromising a less secure credit card processing system, which gives them the ability to run thousands of transactions per second to quickly discover legitimate card numbers.

Known credit card numbers can also be purchased from the dark web to bypass the need to guess them at all.

Once they determine legitimate card numbers the rest is quite simple from a math standpoint.

The expiration date is one of the easiest to guess since the date is only up to 5 years or 60 different values. Your 3-digit CVV only has 1000 possible combinations, which is nothing when you consider bots can submit thousands of transactions in a very short period of time.

Recent Example

I recently chimed in on a news story from Arizona where a large number of Wells Fargo customers (including a close relative) were alerted to an attempt at a fraudulent transaction that had the incorrect expiration date.

A small computer shop in Alabama was used to attempt to process 560,000 transactions in the middle of the night with many of the transactions being rejected because of an incorrect expiration date.

The thieves clearly acquired a list of valid credit card numbers of Wells Fargo customers in the Phoenix area and used the credit card processor for the small shop in Alabama to execute their massive guessing scheme.Until the credit card industry changes its current methods, this very effective method of card cracking will continue to be a nuisance to us all.

Data Doctors

Which backup option is better: cloud storage or cloud backup?...

Data Doctors

How to compare and contrast cloud storage and cloud backup

So you're considering both cloud storage and cloud backup. Not sure which backup option is better for you? This guide can help.

6 days ago

If you’re on your computer all day long, you’ll wonder how you ever lived without it once you s...

Ken Colburn, Data Doctors

Here are some benefits of having dual displays

If you’re on your computer all day long, you’ll wonder how you ever lived without it once you start having dual displays.

13 days ago

A person holding up their smartphone....

Ken Colburn, Data Doctors

Here are the tips on how to enable crash detection on mobile devices

Various mobile devices have different ways to enable crash detection and here are the tips to enable them on certain devices.

20 days ago

Various versions of Windows include the option to use BitLocker, which is Microsoft’s built-in en...

Ken Colburn, Data Doctors

Here are the pros and cons of using Windows BitLocker

Various versions of Windows include the option to use BitLocker, which is Microsoft’s built-in encryption tool. Here are pros and cons.

27 days ago

College students will be fully responsible for managing their devices independently and preparing t...

Ken Colburn, Data Doctors

Here are cybersecurity tips for college students

College students will be fully responsible for managing their devices independently and preparing them for the most common dangers is important.

1 month ago

Want to upgrade to a mesh network? What to know first...

Ken Colburn, Data Doctors

Is it time to upgrade home internet to a mesh network?

Technology lovers who are wondering if it's time to upgrade to a mesh network can use these handy tips and tricks.

1 month ago

Sponsored Articles

...

DAY & NIGHT AIR CONDITIONING, HEATING AND PLUMBING

It wouldn’t hurt to get your AC checked after Arizona’s excruciating heat wave

A well-maintained air conditioning unit is vital to living a comfortable life inside, away from triple-digit heat in Arizona.

...

Sanderson Ford

3 new rides for 3 new road trips in Arizona

It's time for the Sanderson Ford Memorial Day sale with the Mighty Fine 69 Anniversary, as Sanderson Ford turned 69 years old in May.

...

DESERT INSTITUTE FOR SPINE CARE

Desert Institute for Spine Care is the place for weekend warriors to fix their back pain

Spring has sprung and nothing is better than March in Arizona. The temperatures are perfect and with the beautiful weather, Arizona has become a hotbed for hikers, runners, golfers, pickleball players and all types of weekend warriors.

An explanation of how new credit cards have information stolen