Throughout 2023, many indications suggested that the payment fraud underground has begun to recover from Russian law enforcement’s crackdown against domestic cybercriminals and the subsequent full-scale Russian invasion of Ukraine in 2022. The volume of cards posted for sale on dark web carding shops has rebounded, and cybercriminals have refined their techniques for stealing funds and data. With 119 million stolen payment cards posted freely or for sale online and a median fraud charge of $79 in 2023, the implications are alarming: the stolen cards we analyzed this year represent $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers. Even more alarming is that fraudsters in 2023 increasingly used refined social engineering tactics (via phishing and scams) and sophisticated cyber-based tools and fraud schemes (such as 3-D Secure [3DS] bypass software and scrupulous new account fraud [NAF] workflows) to bypass rules-based fraud detection programs and enact their fraud schemes.
The 2023 events and fraud trends analyzed in this report offer a glimpse into the payment fraud threat landscape for 2024, which will likely witness a persevering payment fraud underground along with continuing growth in sophisticated, hybrid cyber-fraud threats. These dynamics suggest the trend toward hybrid cyber-fraud threats is likely to accelerate and that financial institutions (FIs), payment processors, merchant services companies, and other stakeholders should allocate business resources accordingly. This can be achieved through increased resource-sharing between cyber threat intelligence (CTI) teams and fraud teams along with the concerted development of specific use cases for CTI-fraud coordination. A primary use case would be establishing an “analytical loop” for collaboration between CTI and fraud teams. For example, fraud team analysis of card activity for payment cards that have suffered fraud events can help identify where the cards were compromised, which can lead to the identification of additional at-risk cards. Subsequent CTI analysis of these likely points of breach may reveal indicators of compromise (IOCs) that CTI and fraud teams can extrapolate for analysis across a broader sample to surface more potential breaches and compromised cards.
This cyber-fraud fusion approach would likely increase the value derived from fraud prevention efforts in exchange for increased operating costs, particularly with regard to implementation. Most stakeholders — particularly FIs — would likely garner net financial benefits from this cyber-fraud fusion approach as a result of improved business outcomes and operational efficiencies. We advance additional use cases in the “Mitigations” section of this report.