What Happens to Credit Card Numbers That Have Been Stolen?

Chilling read for students interested in how stolen credit card data circulates on the web.

From Verge:

Earlier this year, security firm BitGlass decided to test the underground marketplace with a little experiment. The company created an Excel file with 1,568 fake profiles, complete with names, phone numbers, addresses, social security numbers, and credit card numbers. Along with the phony data, the file had a hidden watermark that would report back to BitGlass every time the file was opened, operating like a homing beacon. Then the company dropped the file onto a public Dropbox account and posted it to a few cybercrime forums and waited for the beacon to phone home.

How quickly did the fake credit card numbers spread?

The results were surprising because of both the broad reach of the data and how slowly it traveled. Within the first eight days, the file seems to have stayed confined to the forums where it was posted, chalking up only 200 views in the first eight days after release. Then, suddenly, the file blew up, clearing another 800 views in the next four days. After twelve days, Bitglass’s Excel file had been opened at least 1,081 times in 22 different countries.


Want to teach your students how to protect against identity theft?  Check out the NGPF Lesson on Scams, Fraud and Identity Theft