• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

Credit Card Payment Fraud: Statistics & How to Avoid Theft

04/24/2019

Security and compliance often appear to go hand-in-hand these days. Problematically, many companies start with compliance then reverse-engineer security in a nearly futile attempt to protect data. In the payment card industry, the Payment Card Industry Security Standards Council (PCI SSC) established PCI Data Security Standard (PCI DSS) which sets the “gold standard” for compliance. Meanwhile, despite meeting the compliance standard, cardholder data (CD) remains a primary target for cybercriminals. By understanding the seedy underbelly known as the Dark Web and the way Cybercrime-as-a-Service (CaaS) works, merchants and payment card processors can better secure CD from fraud and theft.

What is payment card fraud and why is card information so valuable?

Payment card fraud, also known as credit card fraud, is defined as the unauthorized use of a credit card, debit card, or similar payment tool. Cybercriminals often fraudulently utilize payment data to steal money or property from their victims. Credit and debit card numbers can be taken from unsecured websites or can be obtained via identity theft schemes like phishing or social engineering.

Cardholder data is defined as the primary account number (PAN) in conjunction with either the cardholder name, expiration date and/or service code. Considered personally identifiable information (PII), the data that cybercriminals extract from breaches can allow them to create fraudulent accounts, engage in fraudulent purchases, or steal identities.

Payment card fraud statistics

The statistics indicate that while overall fraud decreased in 2018, evolved threat methodologies continue to undermine merchants and vendors’ data security measures.

  • New account fraud increased from $3 billion in 2017 to $3.4 billion in 2018
  • Worldwide payment card fraud losses reached $27.85 billion in 2018 and are forecasted to reach $35.67 billion in five years and rise to $40.63 billion in 10 years
  • The U.S. accounted for $9.47 billion in fraud losses in 2018
  • The United States lead fraud losses reporting 38.6 percent of global losses
  • Credit card fraud accounted for 35.4 percent of all identity theft fraud in 2018
  • Mobile phone account takeovers increased from 380,000 in 2017 to 679,000 in 2018
  • Data breaches resulting in record exposure increased 54 percent year over year in 2019

Thus, while merchants, vendors, and payment card processors attempt to protect cardholder data, they continue to find themselves at the mercy of cybercriminals.

Types of credit card fraud and ways cybercriminals obtain PII and CD

Cybercriminals and identity thieves use many tactics to obtain your information and commit payment card fraud. To obtain PII and CD, malicious criminals can use in-person or digital strategies.

In-person card theft strategies

  • Physically stealing a credit card
  • Finding and utilizing a lost or misplaced card
  • Making counterfeit cards using skimmer technology to steal legitimate card information and create duplicate cards

Digital payment theft strategies

  • SQL injections
  • Malware infections
  • Social engineering attempts
  • Phishing schemes
  • Leveraging unprotected backups
  • Targeting vulnerable third-parties for purposes of a data breach
  • Account hacking and account takeover
  • Committing identity theft using fraudulent credit applications to apply for new credit in the victim’s name using stolen data

What is the Dark Web?

Browsers like Chrome, Firefox, and Safari access the layer of internet data that traditional search engines such as Google, Bing, and Yahoo access. These browsers and search engines use indexes to find information.

To access the dark web, users need specific browsers that can overcome the limitations of traditional browsers and search engines. These specialized browsers incorporate encryption and multiple server locations to maintain anonymity primarily because users can search for illicit information such as historical medical records or forums trading in illegal information.

Dark web forums and social websites act as brokerages for sales of credentials. Cybercriminals know which forums to seek out, build their reputations, and share their wares. Although downloading dark web browsers may be easier in 2019, the 2018 article “Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets” explains “Commoditization allows these entrepreneurs to substitute specialized technical knowledge with “knowing what to buy” – that is, outsourcing parts of the criminal value chain.” The dark web provides criminals with the connectivity of the surface web and the anonymity of the back room.

What is the value of payment card data on the Dark Web?

As CaaS becomes more popular, cybercriminals no longer need to be highly technical. On the Dark Web, cybercriminals can purchase tools that simplify data breach attacks.

For example, account checkers are software that can be purchased on the Dark Web to validate a username. Meanwhile, phishing kits are a downloadable tool that contains prebuild code so that cybercriminals can more easily deploy an attack. Additional tools include merchant checkers, automated attack scripts, and leaked shop scripts.

PII and CD remain valuable underground commodities because they are low cost and high impact. According to Privacy Australia, different information levels have different values:

  • Credit Card Details:
    • With CVV: $5
    • With Bank Identification Number: $15
    • With Fullz Information: $30
    • Untested Card: $10-20
  • Online Payment (i.e. PayPal) Login Information: $20-$200

The different types of information bought and sold on the Dark Web can enable different levels of fraud. CVV, the three-digit code on the back of a credit card, allows the cybercriminal to access funds or buy items for resale later. Meanwhile, online payment login information often links to bank accounts or social media accounts which can enable cybercriminals to not only engage in fraudulent purchases but identity theft and other login/password information as well.

How SecurityScorecard protects organizations from Dark Web activities

SecurityScorecard not only monitors for financial crime malware but also tracks dark web forums and websites to monitor for leaked credentials – both customers and employees. One of the ten factors used in our security ratings is “hacker chatter.” A lower score for that factor sheds light on the dark web conversations about an organization.

For financial institutions, merchants, and retailers, visibility into the supply chain can protect customer information. A single weak link in the supply chain can compromise data across the ecosystem. Thus, the valuable insights from SecurityScorecard’s platform not only protect data security among business partners but provide assurance to customers as well.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube