Digital Transactions Authoritative, insightful and timely information for payments professionals
A new report from Surfshark, a provider of virtual private network services, finds that the United States far outpaces the top nine other major economies when it comes to the rate of breached payment card details.
Based on 5.7 million payment card data points that have been compromised since 2004, the data show that for every 100,000 residents there are 773 breach card data points for the U.S., accounting for nearly 46% of the world total. The United Kingdom, at 248 data points, or 3% of the world total, is in a distant second place.
In the 20-year span of data, the 2.6 million payment card data points compromised in the United States is nearly half the total global amount, Surfshark says. Amsterdam-based Surfshark included data-breach statistics from January 2004 through September 2024. The data were collected by independent partners and anonymized for analysis.
The largest share of breached U.S. card details belongs to expiration dates, at 36%, followed by payment card numbers, 34%, and card-verification codes, 30%. Globally, which also includes China, Germany, Japan, India, France, Italy, Brazil, and Canada, breached card numbers accounted for 38% of stolen payment data, followed by expiration dates, 33%, and CVVs, 28%.
“Notably, 28% of the compromised data is CVV security codes, which are crucial for verifying transactions,” the report says. “Their exposure poses considerable risks, as they can be used to authorize fraudulent transactions. Additionally, 33% of the dataset consists of payment card expiration dates. While not directly exploitable on their own, these dates can increase the risk of cybercrime when combined with other details.”
Within the U.S., Alaska residents had the highest cybercrime complaint rate per 100,000 adult Internet users at 537. Trailing are Nevada at 473 and Delaware at 361.
Such complaints may increase during the holiday shopping season. “The holiday shopping season, especially during high-spending events like Black Friday, Cyber Monday, and the pre-Christmas rush, is a prime opportunity for cybercriminals,” Miguel Fornés, a Surfshark cybersecurity expert, says in a statement. “As consumers engage more actively in online shopping, they face risks such as fake Web sites mimicking legitimate stores, strategically placed QR codes, or phishing emails, all designed to steal payment card details. Additionally, cybercriminals actively seize publicly available leaked data to access accounts on legitimate Web sites.”
