"Back in the beginning, they got the imprint of credit cards from the carbon copies they dug out of the trash," says William Noonan, assistant special agent in charge of the Secret Service's criminal investigative division. "Technology has changed things."
The number of compromised records has been on the decline the last two years, according to the Secret Service, after reaching a record high of 361 million records in 2008. The trend might reverse this year, however, after a recent string of mishaps.
This spring criminals hacked, phished or skimmed their way into the systems of Michaels Stores, Sony, marketing firm Epsilon, Citibank and even security expert RSA, among others. In some cases, they only obtained names and emails. In the worst cases, they got credit card numbers.
The schemes are simpler than you think. Bankrate presents the most common ways thieves pilfer your credit card information.
Modus operandi: The waitress whisks away your credit card and swipes it through the restaurant's register. Then, she pulls out a small device, about the size of an ice cube, from her apron and swipes it through that, says Sergeant David Schultz of the Fort Bend County Sheriff's Office in Texas. While you're scraping the last of the chocolate frosting from your plate, your credit card information has been stored in the device, known as a skimmer. The waitress returns your card and performs the same magic trick on dozens of credit cards in a week.
Known whereabouts: The data-stealing waitress has been known to moonlight as a bartender, sales clerk or at any place where she can take your credit card out of sight.
Known whereabouts: The trio will hit other retailers and restaurants, but sometimes the threesome will instead be a duo or a solo criminal.
Known whereabouts: The Gas Lass installs skimmers over ATMs, parking meters, vending machines and any other places with unmanned credit card readers.
Phishing Phil uses malware to go after your laptop. He sends emails with attachments that promise dancing kittens or some other bait. When the user opens the attachment, malware instantly downloads onto the computer and leaves confidential information vulnerable. Phil also sends emails from a familiar sender with a link to a contaminated website that installs malware onto your computer. Some malware, called spyware, allows Phil to capture every keystroke including passwords to your financial accounts.
The waitress, trio or Gas Lass sells each swipe for $20 to $40 a pop, says Urban. Harry the Hacker and Phishing Phil will get $5 to $10 a card and often sell the information online at the eBay of credit card activity. The person who buys the information verifies it and then sells it to a person who creates fraudulent credit cards with your account information attached to it. The card maker then sells it to other criminals who buy goods such as stereos or baby formula and sells them to regular consumers.
More From Bankrate.com