What Is Credit Card Sniffing?

Albert Gonzalez might have been the biggest credit card “sniffer” of all time. Gonzalez had a bold plan: Make $15 million from stolen credit card information. Gonzalez didn’t make his $15 million, but he did get 20 years in a federal penitentiary. Before he was nabbed, however, Gonzalez became one of the most prolific identity thieves the nation has ever seen, stealing information from more than 40 million credit cards. His crime affected more than 250 financial institutions.

According to the U.S. Justice Department, Gonzalez and his co-conspirators broke into retail credit card payment systems through a series of sophisticated techniques, including “wardriving” and installation of sniffer programs to capture credit card and debit card numbers used at retail stores. Wardriving involves driving around in a car with a laptop computer looking for unsecure wireless computer networks of retailers.

So what is sniffing? Visa describes it as the practice of using computer software or hardware to intercept and log traffic passing over a computer network. People in the industry have described it as “a wire tap” device that allows eavesdropping on network traffic. The sniffer, also known as a network analyzer, captures and interprets a stream of data as it travels over a network.

There are legitimate uses for sniffing, including helping to maintain networks. Criminals use sniffing to steal credit card and debit card data, usernames, passwords and Social Security numbers. Credit card information is collected as payments are being transmitted over the network during authorization, then retrieved later by the criminals.

Some of the biggest names in retail and restaurants -- including Dave & Busters, Boston Market, Barnes and Noble and Forever 21 -- have been hit by sniffing. Gonzalez and his accomplices got credit card information from more than 80,000 Dave & Buster customers. They gained access to 5,000 cards from one restaurant alone, resulting in more than $600,000 in fraudulent transactions.

So what can you do to protect yourself? Here are a few tips from the credit card industry and the Federal Trade Commission:

-- Change your passwords from time to time. Don’t publicly post anything you may use as a password, such as your date of birth, pet’s name, mother’s maiden name or your school.

-- Do not email your credit card number to anyone. Don’t provide your account number to anyone by phone -- other than to a reputable company, and then only if you initiate the call. No financial institution or legitimate company will contact you by phone or email to ask for your Social Security number, credit card number or other personal information.

-- Save your receipts to compare with your statement.

-- Open your bills promptly -- or check them online often -- and reconcile them with the purchases you’ve made.

-- Report any questionable charges to the card issuer.

-- Check your credit reports. You can get one free credit report every year from each of the three credit bureaus. Go to AnnualCreditReport.com or call (877) 322-8228 to order.

-- If you use a wireless router, use password protection and enable encryption to scramble the data you send online.

-- Use a credit card instead of a debit card. Credit cards offer stronger fraud and identity theft protections.