In news accounts over the last year, we have all learned about security breaches leaking credit card data for millions of consumers. What we don't usually hear about is what happens to those credit cards once they are stolen, so we wanted to provide a synopsis of what happens once your credit card data is breached.
In most cases of massive breaches such as Target's case in 2014, cyber criminals sell your credit card data to other organizations. Since much of the data swept up in these attacks is no longer valid, one of the first orders of business for these criminals is to test the data and learn if the credit card is still current. When a valid credit card is found, actual physical cards can be produced then used at stores to purchase goods.
How do these criminals test for credit card validity? They find online merchants selling real products--using bots that mimic the actions of a consumer, the criminals test their bank of credit card numbers generally making very small purchases. When a purchase is successfully completed, the "live" credit card number is saved for replication.
Recently, one of ThunderTix's venues was targeted as a test site. Thousands of purchase attempts were made over the course of several hours coming at approximately ten per minute. Our fraud detection team recognized the problem, notified the venue, and our client was able to contact their gateway to mitigate the fraudulent activity. Additionally, our administrators also took the step of temporarily inactivating our client's account to ensure no further attempts would be made.
Inactivating an account is a choice of last resort. Our own system has been subject to these targeted tests, and our ThunderTix sales team has had to inactivate our own signup process. This prevents new clients from signing up for an account, but gives us the assurance that we are helping to prevent fraud.
You can help prevent fraud, too, by recognizing activity that is associated with credit card testing. On your Orders page, we list all transactions including declined purchase attempts. Should you notice a significant number of declined attempts, contact both your gateway and the ThunderTix team, so we can ensure your account is not a target. Working together, we can help fight credit card fraud.