Leakage of credit card data

Apply for SearchInform DLP TRY NOW

Information about bank accounts is in demand from fraudsters. Credit card information is used for blackmail, extortion and fraud, for example, for obtaining loans using forged documents. And no matter how well the security system of banks and non-bank credit institutions works, leaks are not always avoided.

Data sources for scammers

To organize fraudulent schemes using bank cards, cybercriminals do not always need data about card accounts, personal data is enough. According to the head of the information systems security department of the Ural Bank for Reconstruction and Development, Alexander Paderin, in addition to data on accounts and bank cards of clients, scammers "hunt" for passport data, phone numbers, home and email addresses of victims. The criminals get the information they need from databases compromised as a result of large-scale incidents.

For example, a national leak occurred in Sweden in July 2017. The transport department transferred the personal files of the car owners to the contractors, which was a fatal mistake: the data of millions of citizens, including the police and the military, were in the public domain.

At the same time, hackers attacked the Italian financial organization UniCredit. As a result, the data of 400 thousand clients of the company was leaked.

In August 2017, the American company ES&S, which supplies electronic voting machines, reported a personal data breach of nearly two million US voters.

In each of the three examples, the scammers have received an invaluable database. In addition, cybercriminals buy databases with addresses for sending spam and advertising, phone sales. And then they massively send fake messages on behalf of the bank with the requirement to provide the password for Internet banking or CVV code.

However, this is a job that does not generate instant profits, so mailing lists are inexpensive. Archives with already collected information on credit cards are more appreciated. The research firm Secureworks estimated that the kidnappers sell ready-made kits for $ 10-20. The data of corporate cards, which often have no limits, are even more expensive.

Information security

Matt Masterson, a financial consultant at Regent Atlantic Capital, said that in order to protect data from leakage and fraud, a bank client will have to act on his own. The main task is to closely monitor all monetary transactions with the account. To secure your own funds, you need to systematically request information about your credit history, monitor active loans and card balance.

If the fraudster has learned the credit card information through the fault of the client, it will no longer be possible to defend himself. The only way out in this case is to report the incident to law enforcement agencies. If the bank is to blame for the loss of data, the client has the right to go to court. The difficulty lies in the fact that information about data breaches does not always become known outside the bank. For example, the bank does not suspect that fraudsters manage the client's account, or they prefer not to disclose such incidents.

Dosing the volume of transmitted information helps to reduce the potential harm from cyber attacks. For example, when receiving a discount card in a store, it is not at all necessary to indicate the customer's mailing address, a phone number is enough, or vice versa. When transferring personal information through open channels, it is better to archive scanned copies of documents, put a password in the archive, which is sent to a phone number.

Self-defense techniques for credit card data

To keep your personal credit card details safe, you just need to follow these simple rules:

  • Make purchases on proven Internet resources. Transaction security is ensured by data transfer protocols with support for encryption - HTTPS.
  • Do not transfer your credit card to other people when paying bills at a cafe or store. It takes three seconds for fraudsters to steal information from a card.
  • Check ATMs and info kiosks before work. If the equipment has additional cameras or keyboard overlays, you should refrain from operations and find another device.
  • Immediately block the card in case of loss or theft. If there is a suspicion that information has been leaked, you must immediately notify the bank.
  • Do not indicate your personal mail and mobile phone number when shopping at retail outlets and online stores, but create a separate box for purchases. The same is true for social networks, where you should not post personal information.