Annual Payment Fraud Intelligence Report: 2023
In 2023, the payment fraud underground showed signs of recovery following Russian law enforcement's crackdown on domestic cybercriminals and the Russian invasion of Ukraine in 2022. The dark web carding shops saw a rebound in the volume of stolen payment cards, with 119 million cards posted for sale online. The median fraud charge was $79, resulting in $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers.
Fraudsters refined their techniques, using sophisticated social engineering tactics, phishing, scams, and advanced cyber-based tools like 3-D Secure bypass software. The report suggests that the trend toward hybrid cyber-fraud threats is likely to accelerate in 2024, requiring financial institutions and stakeholders to allocate resources for improved collaboration between cyber threat intelligence (CTI) and fraud teams.
Magecart actors continued to use Google Tag Manager, Telegram Messenger, and attack-carrier domains for e-skimmer infections in 2023. Restaurants, bars, and online ordering platforms were targeted, and phishing and scam pages gained prominence for card compromise. Most breaches and e-skimmer infections targeted US merchants, but a significant portion affected merchants in other countries with developed e-commerce sectors.
Threat actors engaged in card-testing activity, and workflows for 3DS bypass gained popularity in 2023. Cybercriminals utilized artificial intelligence workflows for fraud schemes, and social engineering tactics exploiting victims became more prevalent. Telegram sources became increasingly important for free full card data, but the threat remained lower compared to for-sale card data on dark web carding shops.
Looking ahead to 2024, fraudsters are expected to refine their tactics, continuing to compromise cards using both old and new methods. Stolen payment cards from North American and European financial institutions led in volume throughout 2023 and are likely to persist in 2024. The report concludes that in 2024, fraudsters will likely combine sophisticated technical solutions, nuanced workflows, and social engineering tactics to bypass rules-based fraud detection.
To read the entire analysis, click here to download the report as a PDF.