What Is a Credit Card Dump?

Definition & Examples of Credit Card Dumps

Cyber crime in action
••• South_agency / Getty Images

A credit card dump is credit card information that is stolen from a physical location. It's often used by criminals to create a clone of the compromised card and make unauthorized purchases.

Learn how a credit card dump works, what to do if you suspect that your card information has been stolen, and how to avoid it.

What Is a Credit Card Dump?

A credit card dump refers to credit card information that has been stolen from a physical location like a point-of-sale (POS) device. Fraudsters commonly use a dump to clone a credit card. Victims of a credit card dump can incur fraudulent charges when the clone is sold at a so-called carding shop and later monetized by criminals known as carders.

How a Credit Card Dump Works

A credit card dump usually functions as part of a larger credit-card trafficking scheme involving the theft, acquisition, sale, and monetization of ill-begotten card information or a credit card.

In the first stage, a consumer's card information or the physical card itself is stolen by a criminal to obtain a "dump." Criminals often obtain credit card dumps by stealing card information from the servers that store it when cards are swiped through malware-infected POS systems at brick-and-mortar stores. Alternatively, when a customer swipes their credit card through a credit card skimmer installed at an ATM or gas station pump, it can capture the credit card number and other information held in the credit card’s magnetic stripe.

The magnetic stripe contains three tracks of information. The first track contains alphanumeric data, including the credit card number, the credit cardholder’s name, and the credit card’s expiration date. The second track contains numeric data, like the credit card number and the expiration date. The third track may contain the country code or currency code.

Next, the credit card dump is acquired. That is, a carding shop acquires the stolen data with the aim of selling it.

The dump is then sold. The carding shop then sells the dump to other criminals, usually via the internet (the dark web or online forums) and using payment methods like wire transfer or cryptocurrency that are difficult for the authorities to trace.

The dump is eventually monetized. The buyer of the dump often uses it to clone the compromised credit card and make unauthorized purchases with it. Alternately, the buyer may sell the dump to other buyers. In the former case, as long as the dump contains enough information to clone the magnetic strip on the back of the card (usually with a card writer), the cloned card will be a physical card that can be used at brick-and-mortar stores. Otherwise, the clone will be a "CVV" card, which amounts to credit card information that can be used for online transactions but not physical stores as it lacks the magnetic stripe information.

To illustrate the magnitude of losses that can result from a credit card dump, in 2019, ZDNet was tipped off by a Russian cybersecurity firm that two rounds of credit card dumps containing the card details of 2.15 million Americans (collectively worth $3.5 million) had been advertised in multiple underground card shops. The information was priced at $50 per card, a small price considering the amount of damage a thief could do with a credit card before the credit card issuer or the cardholder noticed.

What Are the Penalties for a Credit Card Dump?

Generally speaking, stealing and selling credit cards or using counterfeit cards are forms of credit card fraud, which is prohibited at every level of government. The penalties range from misdemeanor charges when no items are obtained through the stolen card or items of a modest value are obtained, to felony charges that may come with fines and incarceration when property of significant value is fraudulently obtained.

However, if your credit card information becomes compromised in a credit card dump, your maximum liability for credit card charges is $0 if you manage to report the theft before any authorized charges are made. You'll also have zero liability if your credit card information but not the card itself is stolen. That amount tops out at $50 if you report unauthorized charges after learning about them.

Unfortunately, as these dumps are sold on the internet via hard-to-trace payment methods, it’s near impossible to know if your information has become part of a credit card dump unless it’s been used. In addition to seeing unauthorized credit card charges in your credit card statement, other signs that your card has been used fraudulently include a suspicious low-balance notification alert from your bank or a text or email notification of an unusually high balance.

If you see charges you didn’t make, contact your credit card issuer immediately to have the charges investigated. Your credit card issuer can replace your credit card if your information has been compromised in a credit card dump.

Credit card issuers are getting more sophisticated at detecting fraudulent purchases. They may decline transactions that don’t fit your normal purchasing habits and contact you via text or phone call to determine whether you actually tried to make the purchase. While it may be a nuisance when you’re trying to make a legitimate transaction, such features come in handy if a criminal is trying to use your information obtained in a credit card dump.

How To Protect Yourself From a Credit Card Dump

These days, just having and using your credit card puts you at risk of having your credit card information stolen. Credit card thieves operate in large networks to steal cardholder information. However, there are measures you can take to avoid having your credit card information compromised in a dump:

  • Use EMV chip cards: Credit cards with an EMV chip are one of the ways the credit card industry has worked to combat stolen credit card information. When you use the chip, your credit card information is encrypted, making it virtually impossible to steal card information and create clone cards. But your credit card information is still at risk when you swipe your credit card at places that don’t have chip readers installed or enabled.
  • Monitor your credit card account balance and statements: Check your online account often to spot any unauthorized credit card charges. Likewise, keep a close eye on your credit card statements closely.
  • Use credit cards at safe locations: One of the best ways to protect yourself from having your information stolen for a credit card dump is to be careful where you use it. Because skimming devices may be placed on gas station pumps and other places, check the credit card swipe machine carefully, especially before inserting your credit card. If something looks out of the ordinary, don’t use it and report the machine to the clerk.

Key Takeaways

  • A credit card dump is credit card information that is stolen from a physical location.
  • Through a process of theft, acquisition, sale, and monetization, criminals can make unauthorized purchases using a credit card dump.
  • Victims of unauthorized credit card use stemming from a dump are liable for a maximum of $50 in losses.
  • Using EMV cards, regularly monitoring credit card account balances and statements, and being careful about where you use credit cards can keep your card information out of a credit card dump.