What Is a Credit Card Dump?

A credit card dump is an unauthorized digital copy of the information contained in the magnetic strip of an active credit card, such as the card number and expiration date. The information can then be used to create a fake credit card to make purchases. "Credit card dump" is yet another term originally used underground that has found its way into wider public awareness because of the increasing prevalence of credit card forgeries, identity theft, and other types of cybercrime.

Key Takeaways

  • Credit card dumps steal consumers' credit card information, which the thief can either use or resell.
  • Information is stolen in multiple ways, such as installing a skimmer at an ATM or gas pump.
  • Hackers can also obtain dumps for thousands of cards by compromising a retailer's computer system.

How a Credit Card Dump Works

Credit card dumps can be obtained in a number of ways. A common method used by criminals is skimming, in which an illegal card reader, sometimes hidden in a legitimate automated teller machine (ATM) or gas station pump, copies the data from a credit card. Other methods include hacking into a retailer's network or using malware to infect point-of-sale devices at a retailer, allowing criminals to access the data. Despite security chips and other advanced measures to protect credit and debit cards, hackers continue to find new ways to exploit any weaknesses in electronic financial transactions.

In a credit card dump, criminals steal the information from your credit card rather than the card itself.

Criminals who obtain a credit card dump can either use that information themselves or sell it to others, often online or through social networks. A credit card dump that contains data for a U.S. card can reportedly be sold in the underground economy for an amount ranging from $20 to as much as $80.

In many cases, consumers may be unaware that a dump of their credit card data has taken place. Thieves try to ensure that credit card dumps will go undetected for as long as possible, since cardholders can simply cancel their cards if they suspect that their security has been compromised, making the stolen information worthless. The first indication that a data dump has taken place often occurs either when a consumer finds a purchase they don't recognize on their credit card statement, or when the consumer receives notice from a retailer that their credit card details may have been stolen as part of a broader hacking attack against the retailer.

While individual consumers are often the victims, some criminals operate on a larger scale by trying to break into the networks of established companies. If they're successful, they may obtain dumps of thousands of credit cards, which they can then resell. The spate of hacking attacks in recent years on a number of large, high-profile retailers is an indication that the problem is hard to stop and probably here to stay.

Protecting Yourself From a Credit Card Dump

While consumers have to depend on retailers to practice safe cybersecurity, they can at least reduce their odds of being the victim of a credit card dump by taking some precautions:

  • Be judicious in how and where you share your credit card information.
  • Don't let your credit cards out of your sight in stores or restaurants.
  • Check ATMs, gas pumps, and other machines where you use your card for anything that looks suspicious, such as an added device.
  • Review your credit card statements frequently for any unfamiliar transactions, including small ones, and alert the card company if you find something. Note that criminals will often test the validity of a credit card by making a small purchase, which is more likely to escape detection.

While the Fair Credit Billing Act limits a credit card holder's liability to $50 if their physical card is stolen, the Federal Trade Commission notes that "If your credit card number is stolen, but not the card, you are not liable for unauthorized use." Even so, consumers whose cards or card information is stolen can face considerable inconvenience and hassle, so it's better to prevent it in the first place.