SkipToMainContent

ID Theft

How hackers hack credit cards

By a NortonLifeLock employee

September 1, 2022

Have you ever wondered how hackers get value from millions of stolen credit cards and debit cards?
In short, there’s a big global market for stolen credit card numbers. When you hear about a data breach in which millions of credit card numbers here is what usually happens.

Hackers use a number of tools to steal data. 

  • For instance, a Remote Access Trojan (RAT) conceals itself inside legitimate software and, once installed, gives a hacker complete remote control of the victim's system.
  • Another popular tool is something called Angler exploit kits. These are programs concealed in websites which look for weaknesses in the security of a computer system to install malicious software. 
  • There are other methods too, and it’s fair to say that the hacker’s arsenal is constantly evolving though they do rely on tools that can exploit unprotected computers.

And these credit card hacks can be big, sometimes involving millions of credit card numbers. 

Generally, these stolen credit card numbers are offered for sale in online markets located on the dark web. ​

  • These markets are sometimes called carding forums.
  • The stolen credit card numbers will generally be offered for sale in batches.
  • On these forums are people who make fake cards. They take the card numbers and any other information such as the name of a bank, the card issuer, the name of the card holder, and create legitimate looking credit cards.
  • These cards are then resold to an army of buyers who use them to make purchases from shops.
  • These sales are often supplemented with information on how to use the cards, their expected shelf life, and what to do if a user is questioned by a store employee, for instance, because the card is setting off alarms.
  • That said, large criminal enterprises also have an army of soldiers who are trained in exploiting the fake cards.

Alternatively, some dark web buyers just buy up lots of stolen credit card information and use it to make online purchases. ​

  • This is often for high-end goods such as electronics and luxury items.
  • These items are shipped to a number of temporary addresses — the exact number depends on the scale of the operation.
  • The goods are collected and then resold

Sometimes these goods are offered for sale in dark web online stores. 

  • For instance, a popular smartphone might retail for around $1,000.
  • The dark web online store might offer it for half the price.

These themes vary, but the point is that there is a vast and thriving global underground market for stolen credit card information. 

  • Law enforcement sometimes poses are buyers on these forums to buy up the stolen information.
  • Banks have also been known to buy up stolen information to minimize the cost of fraud following a major hack.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.