There is some likelihood that your credit card number is for sale in a dark corner of the Internet. The selling price? As little as $3.50 per number. On Tuesday, a huge crackdown on a international credit card fraud ring revealed just how sophisticated -- and prevalent -- virtual credit card and identity theft has become.
Does this mean consumers should be paranoid about the prospect of some kind of credit card fiasco? Financial service companies say customers should not worry too much about stolen credit card numbers. Online security experts strike a different tone, however, warning that cyber thieves are everywhere, stealing personal information. Both groups agree that vigilance is the counter weapon.
"Just because a credit card is accessed, it doesn't mean it will be used for fraud," said Jennifer Fischer, head of U.S. payment system security for Visa, a card network with 704 million cards in the United States. Payments that are fraudulent are protected under the company's Zero Liability program. The company alerts card issuers anytime a third-party's data -- such as that of a merchant -- has been compromised. It's up to the issuer to contact the cardholder.
Following a two-year sting operation, this week's credit card fraud-ring bust resulted in the arrest of two dozen hackers who are alleged to have trafficked in everything from stolen credit-card numbers and Social Security numbers to bank account information on online forums. More than 400,000 people around the world have been affected by the alleged cyber theft, said to have been conducted from 13 countries, according to authorities.
This is just the latest incident in a growing list of cyber crimes that have put consumers at financial risk and added to their general sense of unease in an increasingly interconnected world. Credit card fraud accounted for 14 percent of identity theft complaints in 2011, according to the Federal Trade Commission.
In January, online shoe store Zappos.com said that information for at least 24 million customers had been exposed after a breach. In March, at least 1.5 million consumers were affected by a massive breach at Global Payments, a payment processing company. LinkedIn and dating site eHarmony have also reported that customer passwords have been leaked.
"No site is immune from a data breach, not even Google," said Sarah Downey, a privacy analyst and an attorney with the online security company Abine. "The question is not the site, but it's about [the consumer] maintaining good habits."
For consumers, it can be impossible to know if their data has been compromised -- until false credit card charges crop up or an incident of identity theft emerges. Such occurrences can lead to everything from delayed tax refunds to ruined credit. The only time consumers might suspect a data breach is when they get a new card in the mail not previously requested.
"If based on our fraud monitoring or information from the card associations, we believe that a customer’s card information may have been compromised at a third party/merchant, we’ll notify the customer and reissue the card," Betty Reiss, a Bank of America spokeswoman, wrote in an email in April.
Earlier this year, The New York Times reported that credit card fraud was prevalent at Apple's online shopping mall iTunes and consumers complained of false charges on their credit cards for apps and other products they had not purchased.
Thieves are putting their hands on the information in a variety of ways. Some gain electronic access to accounts and sell data to elaborate computer hacking operations.
Another growing threat comes from hackers' use of nefarious software programs, called malware, to illegally harvest credit card and personal data, said Mike Urban, director of financial crime solutions at Fiserv, a company that provides software to the financial services industry. He said criminals troll for information like access codes, one-time tokens and passwords used by customers access a banking system. Some software can be embedded into a browser and "watch" a consumer's online activities.
Once criminals have the stolen goods -- credit card numbers, log-in information, email addresses and personal data -- they may use Internet forums and chat rooms to exchange and sell big bundles of information.
For consumers, changing habits could be the best defense against being robbed of online information. A healthy distrust of sketchy looking websites and popup windows, virus protection software and complicated passwords are some essential ways to staying safe, say experts.
Consumers are advised to check purchases listed on a credit card statement right away to make sure there are no funky extra charges -- and call their credit card company or bank immediately to report any discrepancies.
Get top stories and blog posts emailed to me each day. Newsletters may offer personalized content or advertisements. Learn more