Credit Card Dump

What Is a Credit Card Dump?

A credit card dump is a type of crime in which the criminal makes an unauthorized digital copy of a credit card. This type of crime has existed for decades, but it has seen wider public awareness in recent years due to the rising prevalence of credit card forgeries, identity theft, and other types of cybercrime.

Key Takeaways

  • A credit card dump is a type of crime in which credit card information is stolen from customers and made available to potential buyers.
  • Thieves do so either by physically copying data from the card or by hacking the payments network of the companies in question.
  • In recent years, criminals have undertaken increasingly large scale credit card dump attacks, sometimes with millions of victims.

How Credit Card Dumps Work

There are many ways in which a credit card dump might occur. One common method is skimming, in which an illegal card reader, sometimes hidden in a legitimate automated teller machine (ATM) or gas station pump, copies the data from a credit card. In other cases, cybercriminals are able to obtain a large number of card numbers at once, by compromising the computer systems of companies handling customer credit card information. For example, criminals might access thousands of retail customers’ credit card numbers by infecting the point-of-sale (POS) devices of a large retail chain. 

Although measures such as personal information numbers (PINs) and security chips can help make this theft more difficult, hackers nonetheless continue to find new ways to exploit weaknesses in the electronic payments system in order to capture valuable credit card information. To profit from this theft, cybercriminals resell the credit card information on the black market. Alternatively, hackers could also use the information themselves in order to make unauthorized online purchases using stolen credit cards.

Protecting Against Credit Card Dumps

Ultimately, consumers have limited means to protect themselves against the risk of cybercrime. After all, even the most cautious individuals might fall victim to credit card theft if hackers manage to compromise the systems of the companies where they shop. Nevertheless, there are steps individuals can take to reduce some of their risks. These include refraining from sharing their credit card information with others, keeping their credit cards close at hand when in public places, checking for any suspicious objects on or around ATMs, gas pumps, and POS machines; and regularly reviewing their credit card statements for any unfamiliar transactions.

Examples of Credit Card Dumps

Unfortunately, there is no shortage of examples in which hackers managed to compromise vast amounts of credit card data from unsuspecting customers. Here are just a few examples:

Capital One, the fifth-largest credit card issuer in the United States, revealed in July 2019 that a hacker accessed the personal information of around 106 million customers and applicants in the U.S. and Canada. The information that was accessed included highly personal details on consumers and small businesses, including names, social security numbers, income, and dates of birth as of the time they applied for one of several credit card products from 2005 through early 2019. To date, the Capital One hack is the second-largest such data dump of all time.

Data dumps don't only happen in America. In May 2019, for example, the popular Australian graphic design website, Canva, was breached by hackers, with nearly 140 million user accounts compromised. In addition to personal information such as names, usernames, and email addresses, the hackers also managed to access users’ credit card information.

Another notable incident occurred in October 2013, when Adobe (ADBE) lost nearly 3 million customer credit card records in a large scale attack by hackers. The breach was part of a larger effort in which data from over 150 million users was also stolen. The company ultimately reached a roughly $1 million settlement with its customers over the incident.

What Was the Biggest Credit Card Dump to Date?

In terms of the number of customers exposed, the largest credit card dump so far was a hack on credit bureau Equifax in September of 2017, which exposed personal data of more than 147 million customers, including credit card details.

What Was the First Credit Card Dump?

Card theft, scams, and black markets for personal IDs have been around since the advent of credit cards in the 1960s and '70s. The first large-scale credit card dump, however, is often attributed to the year 1984, when the New York Times reported that the password for a leading credit union, TRW, was stolen from a Sears store on the West Coast. That password unlocked the credit histories and personal information of many Sears customers that would subsequently be used to obtain their credit card numbers.

How Can I Avoid Being a Victim of a Credit Card Dump?

Unfortunately, since credit card dumps involve security breaches of companies that you may shop at, having your card numbers stolen may be out of your hands. If you are aware of a breach, contact your credit card issuer immediately to put a freeze on your account and cancel & replace your cards.

Another, newer, innovation is the use of virtual credit card numbers. Many banks and card companies today allow you to generate a temporary credit card number online that can be used for online shopping. This number, however, would not be able to be used again for subsequent purchases.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. CNN. "A hacker gained access to 100 million Capital One credit cards."

  2. Codeburst.io "Decrypting Canva's Security Breach."

  3. CSO. “The 15 Biggest Data Breaches of the 21st Century.”

  4. Federal Trade Commission. "Equifax Data Breach Settlement."

  5. New York Times. "CREDIT FILE PASSWORD IS STOLEN."

Take the Next Step to Invest
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Service
Name
Description