During the first half of this year, 23 million credit cards were stolen worldwide, according to cyber threat intelligence company Sixgill. About two-thirds of those stolen card numbers were issued in the U.S.
But what can a cyber criminal really do with a stolen credit card number?
For many, gaining credit card numbers is about more than simply making fraudulent purchases — although they do that as well, cyber-security expert Joseph Steinberg tells CNBC Make It. Credit card numbers can be converted into cash by buying up gift cards and purchasing easily sellable items to resell through online marketplaces such as eBay, Steinberg says.
Then there are the criminals who are interested in the big hauls. In many instances, the fraudster is actually selling your credit card number to other cyber criminals. The data from a single credit card can be sold for more than $45, data security provider Symantec reports. Let's say you have a trove of credit card data, such as the 2018 Marriott data breach which compromised, among other pieces of data, credit and debit card payment information for 383 million people. That's equivalent to billions of dollars in potential profits.
It's not just through data breaches that cyber thieves can steal credit card information. Criminals are using a strategy called "formjacking," where they use malicious code to steal your credit card details and other information during the checkout process on online retail sites. This type of fraud is on the rise, with reported attacks affecting major sites such as Ticketmaster and British Airways, Symantec reports.
Thankfully, if your credit card number is compromised and used fraudulently, you're typically not on the hook for that money. The Fair Credit Billing Act makes it so consumers are only liable for up to $50 in fraudulent charges. And major credit card companies, including American Express, Discover, Mastercard and Visa offer "zero liability" policies, so you don't have to pay for any fraud. That's why many experts recommend that you use credit cards instead of debit cards.
If you suspect your credit card number has been stolen, report it immediately to your credit card company. They will typically close the account, investigate the reported charges and issue you a new credit card.
Still, if your personal information was compromised in a recent data breach, such as the Capital One hack announced in July, you may want to take some extra steps to protect yourself, such as freezing your credit report, which "is the best way to prevent a criminal from opening an unauthorized account in your name," says CreditCards.com industry analyst Ted Rossman. Yet only about one in four U.S. adults have frozen their credit — despite major data breaches like Equifax in 2017 and Marriott in 2018.
If you want to freeze your credit reports and haven't already done so, you need to contact the three major credit bureaus, Equifax, Experian and TransUnion, separately. Keep in mind that you will need to unfreeze your credit if you're applying for any credit products in the future, such as a personal loan, credit card or mortgage.
While a credit freeze will stop anyone from taking out a credit card or loan in your name, it may not be a comprehensive solution if you have multiple pieces of information leaked, experts say. "Sometimes the risk is compounded when criminals have multiple pieces of data," Steinberg says.
For example, a credit freeze doesn't do much for identity theft. "Everybody comes [to these breaches] with the assumption that there's something to do, and the reality is, sometimes, there isn't anything a consumer needs to do," Steinberg says.
Ultimately, the best protection is staying vigilant about suspicious activity. "The best an individual can do is keep an eye open for scammers contacting them," says independent computer security analyst Graham Cluley.
Like this story? Subscribe to CNBC Make It on YouTube!