LOUISVILLE, Ky. (WDRB) -- Cyber burglars are targeting millions of Internet users and if you think you're okay just because your bank gave you a new card, you're in for a rude awakening.
“2014 was called the year of the data breach and the difficult and the disappointing part is we haven't seen that slow down,” says TEKSystems cyber security consultant and former FBI Agent, Adam Keown.
Data breaches happen every day, but most aren’t as large as the ones we report on.
“The mega breaches are a rarity. Most breaches that occur in the US are between 10 and 100 thousand records,” explains Keown.
All of us are vulnerable, even former special FBI agents who focus on cyber-crime.
"We had put a large amount of money in our checking account to purchase our new home and found out our check card had been fraudulently abused, so lots of that money was gone," Keown said.
He wasn't surprised.
"I guard my card as well as I can but there are always going to be databases out there where your card information is going to be put in that you're not going to be aware of," he said.
How does it work?
It's just like a virtual burglar. They want to get in and they utilize their own tools. Once they get in the system, they want to get as much as they can and get out.
In mega breaches, the hackers are often located in places like China and Russia. U.S. Secret Service Special Agent Rick Nord is part of the Kentucky Electronic Crimes Task Force and investigates cases locally and internationally.
“It’s government sponsored at some points, there are literally cube farms,” Nord said. “They are looking at buildings that look like benign office buildings and you go inside and literally it’s a cube farm set up to where they're actively building profiles, on entities, individuals -- as well as corporations."
But hackers are everywhere. Yes, even in Louisville.
Nord showed us evidence from recent cases he’s worked on.
"This is actually from the Target breach. We found this in town on an individual who was processing it,” Nord said. “He purchased it on the dark web. He was placing the information onto credit cards and selling them locally."
In Louisville, hackers are also targeting gas stations. They either change out the card reader with a tampered reader or use a Bluetooth device to steal credit card numbers.
“The information still goes to the financial institution. Your card is still verified. The fuel is still delivered. However all of your information is captured onto there and pulled off on a later date,” explains Nord.
So here's how it works: once hackers get information from a database, they organize it and sell it on what's called the “dark web”. It’s a network of secret online forums where hackers are vetted before they're allowed onto these chat groups to trade, buy and exploit information.
Remember that information from the Target breach purchased on the dark web that was located here in Louisville at a counterfeit credit card processing plant?
"They will highlight the information they want. Load it on to here. Then swipe it and load it onto a gift card,” says Nord.
Yes, innocent looking gift cards could be loaded with your credit account information.
So when do you notice your money is gone?
“The moment it's used. Your card could be out there right now. It could still be in a pile like this somewhere else in the world. Sorry,” says Nord.
New cards, new risks
So your bank gave you a new card after a major breach, but every time you use it -- there's still a risk. Keown says people get trapped in a way of thinking that a new card means the danger is over. But he says you need to be on guard at all times.
All of these data breaches and constant security concerns are pushing up fees at banks.
“Banks, credit unions or eventually retailers who have to put that money back into your account -- they're losing money. But guess what? You'll likely end up paying the in the end. What happens is they spread it out in fees," Keown said.
John Rippy, Chief Risk Management Officer for Republic Bank explained how much it’s costing banks every time there’s a major breach and new cards have to be issued to customers, “Depending on the type of card about $5 a card.”
Banks are trying to get ahead of the problem with a new type of card that utilizes a smart chip technology. You may have this kind of card already.
Retailers, like Kroger on Goss Avenue in Louisville, are switching over to a new style of credit card machine. Instead of swiping -- now you'll be inserting your card to read the smart chip.
“Readers are now being replaced at all these merchants so they'll recognize these chips,” explained Rippy.
Rippy says, right now, banks incur most of the cost associated with data breaches, but that’s about to change. Retailers are required to switch over to new machines by the end of the year that will have retailers sharing the damage costs.
How does a smart chip card better protect you?
“The way it works is that chip is a one-time algorithm code that is processed at your bank. If they try and get that chip and replicate it, it will not work because of that algorithm,” explains Nord.
So even if they steal the data on your card and load it onto another. That chip can't be replaced because of the unique identifier associated with each one.
However, But Keown says you can never be too careful and he said domestic companies aren't taking enough precautions to ensure safeguards work.
"Since the United States has gone to chip and signature and not chip and pin. It's not going to help,” said Keown.
Basically, the more unique identifiers associated with accounts -- like PINs and smart chips -- the harder it is to duplicate data and access money.
Just the Beginning? Targeting our children
Hackers are even taking aim at kids, targeting medical offices to steal children's names, addresses and Social Security numbers so they can run away with their credit.
"We have issues unfortunately where children are becoming 18 and finding their entire credit line or their history associated with their credit card number has been ransacked,” said Keown.
The reality is we all need to be more vigilant in keeping our information secure. According to our experts this is likely just the beginning.
“They're going to keep attacking we have to defend. They have to be right one time out of 100. We have to be right 100 percent of the time,” says.
Here's a list of what you should do to better protect yourself and your family:
For more tips and advice, the Better Business Bureau offers more fraud protection information here.
Copyright 2015 WDRB News. All rights reserved.