A credit card dump is the unauthorized digital copy of data stored on a payment card's magnetic stripe. It contains the cardholder's name, card number, expiration date, and service code, all extracted through skimming devices attached to ATMs or point-of-sale terminals, or through data breaches of payment processing systems. Criminals use dumps to produce counterfeit cards or make fraudulent purchases online.

The term originates from the data dump process itself: the data is literally "dumped" from the card's magnetic stripe into a digital file that can be copied, sold, or encoded onto blank card stock.

Thieves gather dump data through several methods, all targeting the point where card data is captured or transmitted.

Physical skimming: A small device placed over a card reader captures magnetic stripe data as cardholders swipe. Gas station pumps and outdoor ATMs are common targets because access is easy and oversight is minimal.

Point-of-sale malware: Malicious software installed on retail payment terminals reads card data in memory during the transaction, before it is encrypted and sent to the processor. The 2013 Target breach, which exposed 40 million card records, used point-of-sale malware.

Network interception: Attackers compromise network connections between terminals and payment processors to intercept unencrypted or weakly encrypted data in transit.

Dark web marketplaces: Stolen dumps are sold in bulk on dark web forums. Prices range from a few dollars to over $20 per dump, depending on the card type, geographic region, and whether the balance is known.

How Dumps Differ From Card Not Present Fraud

Credit card dumps specifically enable in-person fraud at physical terminals, because the thief encodes the stolen data onto a blank card with a magnetic stripe writer and uses it at retail locations. This is different from card-not-present fraud, which uses card numbers stolen online to make purchases on websites without requiring a physical card.

EMV chip technology has significantly reduced the value of dumps for in-person fraud in countries where chip-and-PIN terminals are standard. Chips generate a unique cryptographic code for each transaction, making cloned magnetic stripe cards useless at chip-enabled terminals. This shift has pushed fraudsters toward card-not-present attacks, where chip technology offers no protection.

Possession, sale, or use of stolen card data is a federal crime in the United States under 18 U.S.C. Section 1029, which covers access device fraud. Penalties include fines and up to 15 years in prison per offense. The Computer Fraud and Abuse Act provides additional grounds for prosecution when the data was obtained through unauthorized computer access.

You cannot prevent a data breach at a retailer or processor. You can reduce your exposure by using contactless payments or chip-enabled cards rather than swiping a magnetic stripe whenever possible. Regularly reviewing your card statements and enabling transaction alerts through your bank lets you catch unauthorized charges within hours rather than weeks. Most card issuers offer zero-liability policies for unauthorized transactions reported promptly.