The answer might surprise you.
When you hear about the security breaches at retailer like Target and Home Depot, you might think internal security audits found them but that typically isn’t how it’s done. Most companies are alerted by third parties, such as credit card companies, security experts or law enforcement when it’s determined a number of customer credit cards are being used or are up for sale on the black markets.
For instance, take the 40 million credit cards stolen from Target, of them only 5% were sold for around $20. The clearing houses that sell these cards even compete against each other and like so many online resellers, they even ran a sale on stolen credit cards yesterday, Cyber Monday 2014.