There have been several well-publicized security breaches lately of some major national retailers. The breaches have been in their credit and debit card payment processing servers. Unknown hackers have been able to extract data that should have been encrypted to prevent unauthorized usage of this credit card data.
Anytime a credit or debit card is used at a cash register, the card machine captures the information on the magnetic strip. From there the information is scrambled about (encrypted) as it is sent to the respective banks to make the actual charge on the payment cards.
It was during the transmission of this encrypted information that hackers were able to capture the actual data, not the encrypted version. This left millions of consumers with compromised credit/ debit card information.
Now that this information is out there, the criminal element has access to it. Many underground websites will offer batches of credit card numbers, expiration dates, and often the verification codes on the backs of the cards. All of this information is sold for the right price.
Once the information is in hand, the criminals can make a new credit card. A typical process is to take a blank credit card and emboss the name (or alias) of the person going to use the card. If a cashier were to check the ID, it would then match.
The stolen information is put onto new magnetic strips, and these strips are put onto the card blank. Since the criminals will use the same card blank with multiple stolen card numbers, a generic credit card number is embossed on the card blank. The magnetic strip is the only thing changed out for each new stolen card number.
Since larger retailers are keeping a more watchful eye out for stolen cards, many criminals are going to smaller business that may not have the same level of security in place, but might carry just as desirable merchandise. To protect your business, the easiest way to verify a legitimate credit card vs. a criminal made stolen card is to verify the last four digits of the card being used.
The actual credit card (the stolen card) information is what your cash register will capture. It is extremely unlikely that the last four digits of the stolen card information will match the last four digits of the credit card number embossed into the card being presented. Any discrepancy in the two numbers should immediately be declined.