How hackers hack credit cards

When you hear about a data breach in which millions of credit card numbers here is what usually happens.

A person entering their credit card info to make a purchase online.

Have you ever wondered how hackers get value from millions of stolen credit cards and debit cards?

In short, there’s a big global market for stolen credit card numbers. When you hear about a data breach in which millions of credit card numbers here is what usually happens.

Hackers use a number of tools to steal data. 

  • For instance, a Remote Access Trojan (RAT) conceals itself inside legitimate software and, once installed, gives a hacker complete remote control of the victim's system.
  • Another popular tool is something called Angler exploit kits. These are programs concealed in websites which look for weaknesses in the security of a computer system to install malicious software. 
  • There are other methods too, and it’s fair to say that the hacker’s arsenal is constantly evolving though they do rely on tools that can exploit unprotected computers.

And these credit card hacks can be big, sometimes involving millions of credit card numbers. 

Generally, these stolen credit card numbers are offered for sale in online markets located on the dark web. ​

  • These markets are sometimes called carding forums.
  • The stolen credit card numbers will generally be offered for sale in batches.
  • On these forums are people who make fake cards. They take the card numbers and any other information such as the name of a bank, the card issuer, the name of the card holder, and create legitimate looking credit cards.
  • These cards are then resold to an army of buyers who use them to make purchases from shops.
  • These sales are often supplemented with information on how to use the cards, their expected shelf life, and what to do if a user is questioned by a store employee, for instance, because the card is setting off alarms.
  • That said, large criminal enterprises also have an army of soldiers who are trained in exploiting the fake cards.

Alternatively, some dark web buyers just buy up lots of stolen credit card information and use it to make online purchases. ​

  • This is often for high-end goods such as electronics and luxury items.
  • These items are shipped to a number of temporary addresses — the exact number depends on the scale of the operation.
  • The goods are collected and then resold

Sometimes these goods are offered for sale in dark web online stores. 

  • For instance, a popular smartphone might retail for around $1,000.
  • The dark web online store might offer it for half the price.

These themes vary, but the point is that there is a vast and thriving global underground market for stolen credit card information. 

  • Law enforcement sometimes poses are buyers on these forums to buy up the stolen information.
  • Banks have also been known to buy up stolen information to minimize the cost of fraud following a major hack.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.