PhotoYou've seen the story countless times: “Keep an extra-sharp eye on your credit card activity! There's been another hacking.” The only difference is in the details: which particular retailer, service provider, financial entity, data broker or governmental institution got hacked? For how long? And how many customers got hurt this time?

You know why the hackers keep doing this: so they can use your personal information, such as credit card numbers, to fraudulently obtain money or other valuables for themselves. But have you ever wondered exactly how a criminal armed with nothing more than “your credit card number” uses that to steal things?

Security blogger Brian Krebs spent some time undercover (in the online sense of the word) at a professional “carding shop,” an online black market where unscrupulous people buy and sell stolen data to each other. As the name suggests, carding shops specifically focus on stolen credit card data.

Krebs investigated a particular carding shop called McDumpal's (“dump” is slang for the strings of data fraudulently lifted off the magnetic strips on the backs of most American credit cards).

Of course the thieves who operate McDumpal's have absolutely no affiliation with McDonald's hamburgers — despite McDumpal's using an obvious ripoff of the Golden Arches logo over the slogan “I'm swipin' it.”

Krebs made a slideshow of what he found at McDumpal's — in addition to providing a detailed written account of how the business works (other than the obvious “Try not to get caught, or even noticed by, the law-enforcement agencies of any country in the world, because you're a thief and what you're doing is rightfully illegal everywhere”).

Krebs' story and slideshow are definitely worth checking out if you have the time — although hopefully, in a couple of years words like “dumps” to refer to data stolen from magnetic credit-card strips will be completely obsolete, if and when all major American card providers make good on earlier promises to switch away from magnetic strips in lieu of adopting EMV chip technology.

Share your Comments