Credit card fraud is at an all-time high. Statistics say that online fraud is up more than 750% from where we were just one year ago today. With more and more companies utilizing ecommerce, thieves are looking to use ecommerce too as a way to steal from you.
We recently saw an erroneous comment on social media from someone who admonished merchants to always get the credit card number, the 3-digit security code, the expiration date and the billing address and you will be safe from fraud. While obtaining this information is necessary to qualify transactions at the lowest rate, it does not eliminate fraud. Processing a transaction with AVS and CCV data can help reduce fraud, but it’s not a guarantee your business won’t experience fraud. Nothing could be further from the truth. Thieves can obtain that same information from a variety of methods and use it later in fraudulent transactions.
The Skimmer
A credit card skimmer can easily capture all of the data from your credit card. In fact, the magnetic stripe is loaded with personal information that may include much more than just the credit card data. It includes the billing address of the card and some even carry such personal data as your date of birth. Skimmers are most commonly used at gas stations. They are easy to insert into the pump credit card reader and you likely won’t even know that your card has been compromised. Thieves capture your data from the skimmers on Bluetooth devices and don’t even need to get out of their car to do it. EMV cards can’t be “skimmed” in the same fashion as a traditional magnetic stripe card because of how data is encrypted within the chip of an EMV card. If your business accepts card present transactions, make sure you have the appropriate equipment to correctly process EMV cards as they should never be swiped.
The Hacker
Hackers are constantly trying to penetrate large servers that store credit card data. Examples of recent victims are Chipotle, Marriott, Target and most recently Click2Gov, an online portal that many city municipalities use for processing tax and license payments. Once thieves successfully breach a system, the thieves have access to thousands of cards along with the full data. It’s not just through data breaches that cyber thieves can steal credit card information. Cyber thieves are also using a strategy called “formjacking” where malicious code is used to steal credit card details during the checkout process on eCommerce sites. This type of fraud is on the rise, with reported attacks affecting major sites such as Ticketmaster and British Airways.
Selling Stolen Credit Cards
During the first half of 2019, 23 million credit cards were stolen worldwide, according to cyber threat intelligence company Sixgill. About two-thirds of those stolen card numbers were issued in the U.S. But what can a thief do with a stolen credit card number?
For many, gaining credit card numbers is about more than simply making fraudulent purchases — although they do that as well. Credit card numbers can be converted into cash by buying up gift cards and purchasing easily sellable items to resell through online marketplaces such as eBay. There are also criminals who are interested in the big hauls. In many instances, the fraudster is actually selling your credit card number to other cyber criminals. The data from a single credit card can be sold for more than $45 on the black market. In the case of Marriott’s 2018 data breach, hackers were thrilled to obtain a trove of data consisting of about 383 million previous Marriott guests. That’s equivalent to billions of dollars in potential profits.
If you have any questions regarding what your business can do to reduce fraud exposure, please reach out to one of our Account Representatives at 714-461-2200 and they’d be happy to answer any questions. Also, make sure to ask about our Data Breach protection plan that offers up to $100,000 in protection for as little as $9.99 a month.
Remedy is powered by Chosen Payments whom is a registered ISO and FSP of Wells Fargo Bank, N.A., Concord, CA and BBVA USA, Birmingham, AL., and Elavon, Inc., N.A., Atlanta, Georgia, and Evolve Bank & Trust; Memphis, TN., and Merrick Bank, N.A., Draper, UT.