Credit card theft is an $18 billion Internet-based business that victimizes at least 40 million people every year.
The hackers who caused the giant security breach last year at Target, affecting 13 million card accounts, then distributed credit card information to an underground web world that most people are unaware of.
Related: Could Target-style data breach happen to me?
Tom Galvin of the online watchdog group Digital Citizens Alliance, a coalition of consumers, businesses, and Internet experts focused on educating the public and policymakers about online threats, showed ABC News how it worked.
"Well, when we just did a search [on YouTube] for 'How to get credit card numbers that works in 2014,' we got 26,200 results," Galvin said.
Galvin contacted several people offering to sell credit card numbers, finally connecting with a man known as a "carder," a broker between those who stole the information and anyone wanting to buy it. The numbers can be used to make online purchases or a person can even make their own card, using the digits.
The carder Galvin spoke to said he could provide credit card and Social Security numbers for $10 to $20 a card.
"The minimum to buy is 10 cards but for what you're trying to do, you're going to want at least 50 cards on hand," the carder told Galvin over the phone.
Law enforcement estimates that there are 10,000 carders in the US and the rest of the world.
Matthew Ferrante, a former US Secret Service agent, specializes in identity theft and runs runs Aurora Information Security & Risk.
As a test, he duplicated his own credit card and took the fake one to a department store. The tools, often with legitimate uses, can easily be bought online. Ferrante bought a machine online for about $175.
Ferrante said the cashier took the fake card and swiped it for a purchase without even looking at it.
"To be honest, I'm not surprised," he said.
New security technology is already available in Europe and expected to come to the US next year.
In Europe and Canada, cards have smart chips installed and readers are used at retailers and restaurants, making it harder for thieves to profit from the sort of massive data breach that hit Target.
In the meantime, experts suggest that consumers be vigilant, check credit card statement frequently and report anything suspicious.