There are many ways that stolen credit card data can be used profitably by a fraudster – too many to list and explain in a reasonably sized Quora post – so I’ve picked one of the more common and lucrative types of fraud in my explanation below.
As you no doubt already know, the vast majority of credit cards issued worldwide include a magnetic stripe on the back of the plastic which is encoded with the permanent account number (PAN) or card number, expiration date, card security code, and the cardholder name. If all four of these pieces of data are available to the fraudster, it is a relatively simple and inexpensive process to encode this information on one, but more often several, other plastics, thus creating a family of counterfeit cards that, from an electronic perspective, look identical to the original. The counterfeit cards can then be distributed to accomplices that go on a few, well-planned shopping sprees. The items purchased will vary depending on the fraud strategy. For instance, some may purchase prepaid debit cards (which are roughly equivalent to cash) while others will target products (such as large, flat screen TVs). The latter has to be sold in order for the fraudster to turn the stolen card data into cash and, in order to cash in quickly, will be obligated to offer the products at a significant and attractive discount – thus reducing the net amount he or she will ultimately earn. Note that these purchases aren’t limited to brick and mortar merchants although the choice of online merchants will be limited to those that don’t use address verification services as part of the payment authorization process, since the fraudster may not have the cardholder’s address information.
Its important to remember that credit card issuers are well aware of and have suffered substantial losses from this type of fraud and, in reaction, have invested in some very sophisticated, fraud-prevention tools that work hand in hand with their payment authorization process. These tools may, for example, watch for anomalies in spending pattern and flag transactions that fall into a high risk category. Recently, the data for my primary business credit card was stolen and, apparently, encoded on to another plastic. The fraudster attempted to purchase nearly $2,000 in goods at the Target store in my neighborhood but, thanks to my issuer’s use of one of those fraud-prevention tools, the transaction was flagged and declined. Thanks to the Zero Fraud Liability policies, I wouldn’t have suffered any loss if the payment had been approved but I was still grateful that my bank caught the fraud and stopped it before the fraudster had gained anything from my card data.
There are a number of websites, articles and white papers on this subject that will provide you with additional information, if you’re hungry for more. As one example, try the WePay site ().