I'm constantly perplexed by the sensational headlines claiming this or that breach resulted in millions of credit cards being stolen. After all, cyber criminals can access your financial information, including your credit card data, almost at will.
As a matter of fact, I'm almost happy when my credit card gets caught up in a large, publicly known data breach. That means I'll get free credit monitoring for one or more years and my credit card, which has more than likely been compromised several times since it was issued, will be replaced with a new one and will be a bit more secure -- until the next breach.
Each year, tens to hundreds of millions of private records are compromised. You can see for yourself what's publicly known. That same source, Privacy Rights Clearinghouse, claims that 863 million records have been breached since 2005.
As high as the credit card abuse rates may seem, not everyone is a victim every year. Readers often ask me if what I say is true and my credit card number has probably been stolen, why hasn't it been abused? Two likely reasons:
- Your credit card issuer, or someone else in the financial transaction loop, spotted the fraudulent activity and stopped it before you were aware of it.
- The bad guys sell hundreds of millions of credit card numbers each year and yours simply didn't get sold.
Besides, they can't commit fraud against hundreds of millions of cards at once. Otherwise, someone in power would actually do something to minimize online credit card theft.
We don't spend money to kill gnats. Today's Internet thieves thrive only because they know they're merely a nuisance to the credit card issuers -- just overhead, a cost of doing business. If fraud actually caused substantial damage to credit card issuers and banks, the entire system would be transformed.