Stolen Credit Card Information Online

By Eva Maria Norlyk

Ever worry that your credit card information may have been lifted by fraudsters without your knowing? Well, there may be one easy way to find out: Try Google.

While doing a simple name query on Google, one California family inadvertently discovered that their personal and financial information had been stolen. Worse, it had been posted in an online forum for all to see, and for the Google search bots to index. There, in a Russian spreadsheet exposing the data of hundreds of unsuspecting victims, they found their credit card information, including expiration date, security code, and even their home address and the mother’s maiden name.

The family had unawares tapped into one of the secret online black market forums awash with stolen data, including credit card information and other personal financial information. A similar instance on a much larger scale happened in March of 2009, when a Google search returned credit card data for approximately 19,000 UK net users. Although the data was easily removed, it is unclear how long the credit card information, names, and addresses of the thousands of people had been available.

The two instances are a reminder of the growing problem of credit card fraud. They also give an unwelcome glimpse into the huge underground online markets through which stolen data is bartered. According to cybercrime experts, clandestine online forums function like an underground eBay where cybervillains market stolen credit card numbers, PIN numbers, email addresses, and other sensitive data used in identity theft.

In 2008, a record 300 million items of sensitive information like credit card numbers and other personal financial data was spirited away from supposedly secure online servers. As a result, the supply of stolen credit card information has become so abundant that the price for a credit card number has dropped from $16 to as low as 50 cents within a couple of months, according to the U.K. newspaper The Times.

The underground forums also provide venues for rogue IT experts to sell services for all sorts of mayhem. Other offerings include eBay accounts with apparent 100 percent buyer satisfaction levels, which provide an ideal platform for fraudsters to perpetrate frauds all over the world. Also for sale, according to The Times, are email addresses, Skype accounts, and software to intercept PIN numbers during debit card transactions.

Data attacks are not just growing in volume, hackers are also growing increasingly sophisticated and going after more valuable data, like getting mothers’ maiden name and PIN numbers along with the credit card numbers. It’s this kind of information—maiden name, home address, and so forth—that our Californian family discovered through their chance Google search.

Of course, the California family’s experience is likely to be a fluke. Expect cybercriminals to normally guard their online forums jealously from the prying eyes of the Google search bots. So it’s unlikely that a Google search will turn up your credit card data, if indeed it has been stolen. Of course, it never hurts to check.

The experiences above are reminders that cybercrime is alive and well, and it’s more important than ever for cardholders to be on the alert. For more information, read this article about how you can protect yourself from credit card fraud.

Published: October 30, 2009