Nobody likes dealing with credit card fraud. It can be embarrassing and difficult to admit that you’ve been a victim. At Sift Science, we often hear from our customers about 2AM nights at the office spent triaging thousands of orders that were placed with stolen credit cards. Today, we thought it would be helpful to understand how it all starts. To do this, we need to go underground deep inside criminal territory. It goes without saying that credit card fraud is malicious and illegal. It can result in felony charges added with several years of imprisonment in jail.
Simply put, credit card fraud starts with theft. With determination and time, fraudsters can obtain credit card numbers and information at any price. In fact, an entire underground economy, complete with moderators and reviewers, exists for criminals to buy and sell your information online. Databases of people’s names, credit card numbers, and even complete bank account login information (also known as “FULLINFO” or “FULLZ”) can be sold anywhere from $2 to $50. “Carders” as these thieves are called, even share tutorials and spread information on which sites are vulnerable to attack.
The act of the theft itself can take shape in a number of ways. The most common is through hacking databases, sending phony emails (also known as “phishing”), and exploiting security holes. Sophisticated carders usually hoard the information and sell them in bulk to consolidators. The consolidators then sell them on the black market lurking in secret online forums or chat rooms. They even offer flash sales on bulk discounts. Here is a sampling of “products” and prices we found on our own research via Google: