Carding is a form of fraud in which criminals use stolen bank card information (card number, CVV code, expiration date, and sometimes cardholder details) to conduct unauthorized transactions, most often in online stores. This phenomenon poses a significant threat to financial institutions (banks) and retailers, especially in the digital age, where the volume of online transactions is rapidly growing. Carding not only leads to direct financial losses but also increases operational, reputational, and insurance costs. In this answer, we will examine in detail how carding affects insurance premiums for banks and retailers, the factors that shape these costs, and how market participants can minimize the impact. This answer is structured for educational purposes, with an emphasis on mechanisms, examples, and global context.
Carding puts a strain on the entire payment ecosystem:
Example: An average bank with 1 million clients can lose $50 million per year in fraud claims. If the insurer estimates the risk of payouts at 70% of this amount, the cyber insurance premium could be $5-10 million per year. If fraud increases by 20%, the premium will increase proportionally.
Example: An online electronics retailer with an annual turnover of $100 million can lose $2 million on chargebacks. Fraud insurance can cost $0,5-1 million per year, and with a 25% increase in incidents, the premium will rise to $2-5 million.
Global statistics:
Bonus calculation formula (simplified):
If the probability of fraud increases from 1% to 1.5%, and the average loss is $1 million, the premium can increase by $500,000 or more.
1. What is carding and its scope?
Carding is a form of payment card fraud (card-not-present fraud, CNP) in which criminals use stolen data to make online purchases, withdraw cash, or perform other transactions without the physical presence of the card. Card data is stolen through phishing, skimming, data breaches, or purchases on the dark web. In 2024, global losses from card fraud are estimated at $13.73 billion, a significant portion of which is attributed to carding. Banks losses from card fraud amounted to $1.4 billion in 2018, and this figure is expected to increase by 2023 due to the increase in online transactions.Carding puts a strain on the entire payment ecosystem:
- Banks are losing money due to the need to compensate clients for losses (in some country, banks have been required to offer write-off insurance since 2023).
- Retailers face chargebacks, lost inventory, and reputational risks.
- Insurance companies offering policies to protect against financial risks and cyber threats (cyber insurance) are forced to increase premiums to cover growing losses.
2. How does carding affect insurance premiums?
Insurance companies use actuarial models to calculate premiums based on the probability of insured events and their costs. Carding increases both: the frequency of incidents and the volume of claims. Let's look at how this works for banks and retailers.2.1. Influence of banks
Banks bear primary responsibility for compensating clients for losses in the event of fraudulent transactions. For example, in Russia, by law, banks are required to refund clients' money debited by fraudulent transactions if they report the issue within 24 hours. This makes banks a key link in the chain of losses from carding.- Direct losses from chargebacks:
- When a customer disputes a transaction, the bank returns the money and then attempts to recover it from the retailer or payment system. However, in the case of carding, the bank often bears the full loss if the retailer is not at fault (for example, due to a data breach by a third party).
- According to global research, every $1 of fraud loss costs banks $4.41, including the costs of investigation, reimbursement, and anti-fraud measures.
- Increase in insurance premiums:
- Insurers offering cyber insurance or financial risk insurance policies revise rates based on fraud statistics. If the number of carding incidents grows by 15-20% annually (as in the US and EU), premiums may increase by 10-20% annually.
- For example, a bank with a history of high fraud losses (say, $10 million per year) may face an increase in its insurance premium of $1–2 million to cover potential payouts.
- Additional costs:
- Banks are investing in anti-fraud systems (AI monitoring, machine learning, 3D Secure), which increases their operating costs. These costs are taken into account by insurers when calculating premiums, as they reduce risk but require significant investment.
- In Russia, banks are required to offer insurance against fraudulent charges to clients starting in October 2023. This increases administrative costs (policy issuance, payments), which also impacts the overall cost of insurance.
- Reputational risks:
- Frequent instances of carding undermine customer trust, which can lead to deposit withdrawals or reduced card activity. Insurers assess reputational risks as part of the overall picture, which indirectly increases policy costs.
Example: An average bank with 1 million clients can lose $50 million per year in fraud claims. If the insurer estimates the risk of payouts at 70% of this amount, the cyber insurance premium could be $5-10 million per year. If fraud increases by 20%, the premium will increase proportionally.
2.2. Impact on retailers
Retailers, especially those in e-commerce, are often the first target of carders, as online transactions are easier to counterfeit. They suffer double losses: the goods are shipped, and the money is returned via chargeback.- Direct losses from chargebacks:
- By 2024, global retail losses from chargebacks will amount to approximately $5 billion. On average, retailers lose 1–2% of their turnover due to fraud, especially in high-risk categories (electronics, clothing, digital goods).
- For example, an online store with a turnover of $10 million can lose $100–200 thousand just on returns due to carding.
- Increase in insurance premiums:
- Retailers insure themselves against chargebacks and cyber threats through merchant insurance or cyber insurance. The increasing number of incidents increases the cost of these policies by 15–30% annually, especially for small and medium-sized businesses.
- If a retailer fails to comply with PCI DSS (Payment Data Security) standards, insurers may increase premiums by 50% or deny coverage.
- Operating costs:
- Retailers are investing in security systems (tokenization, 3D Secure, anti-fraud platforms) to reduce risks. These costs amount to 5-10% of turnover for large players, which also impacts insurance rates.
- For example, implementing tokenization (replacing card data with a unique token) can cost $100,000–500,000, but it reduces the likelihood of leaks, which insurers take into account when calculating premiums.
- Reputational and regulatory risks:
- Frequent fraud cases can lead to fines from payment systems (Visa, Mastercard) or temporary suspension of acquiring services. This increases insurance risks, as insurers add surcharges for potential disruptions to business processes.
- Reputational losses (for example, reviews about the unreliability of a store) are also taken into account in insurance models.
Example: An online electronics retailer with an annual turnover of $100 million can lose $2 million on chargebacks. Fraud insurance can cost $0,5-1 million per year, and with a 25% increase in incidents, the premium will rise to $2-5 million.
3. Quantitative indicators and comparison
| Aspect | Banks | Retailers |
|---|---|---|
| Major losses | Customer Refunds, Chargebacks, Investigations | Loss of goods, chargebacks, reputational damage |
| Average increase in premiums | 10–20% with increasing fraud | 15–30% with increasing fraud |
| Additional measures | AI monitoring, 3D Secure, mandatory insurance (Russia, since 2023) | PCI DSS, tokenization, anti-fraud platforms |
| Global losses (2024) | Part of $13.73 billion (including all types of fraud) | Up to $5 billion from chargebacks |
| Russian context | Losses of 1.4 billion rubles (2018), growth since 2020 | Losses of 0.5–1% of e-commerce turnover |
Global statistics:
- According to the Nilson Report, card fraud will account for 0.06% of card transaction volume ($40 trillion) in 2023, but absolute losses are growing due to the increase in transactions.
- The share of fraud is higher — approximately 0.1–0.2% of transactions — due to weak implementation of protective measures in some segments.
4. How insurers assess risks
Insurance companies use the following factors to calculate premiums:- Historical fraud data: The frequency and volume of incidents in a specific company or industry. For example, e-commerce is considered a high-risk segment, which increases premiums by 20–30% compared to offline retail.
- Security Level: Having PCI DSS, 3D Secure, tokenization, or AI monitoring can reduce premiums by 10-15% as it reduces the likelihood of incidents.
- Geography: In regions with high fraud rates (e.g., the US, India, Russia), premiums are higher. The rise in fraud from 2020 to 2023 led to an increase in insurance rates of 15-25%.
- Business type: Banks with millions of customers pay more due to the scale of the risks, but retailers with high e-commerce turnover may pay similar amounts due to vulnerability to chargebacks.
Bonus calculation formula (simplified):
Code:
Premium = (Probability of fraud × Average loss amount) + Insurer's operating expenses + Reputational risk premiumIf the probability of fraud increases from 1% to 1.5%, and the average loss is $1 million, the premium can increase by $500,000 or more.
5. How to minimize the impact of carding on insurance costs
For banks:
- Implementing anti-fraud systems: Using AI to analyze transactions in real time (e.g., detecting anomalies) reduces the likelihood of successful carding. Example: Sberbank uses AI to block up to 90% of suspicious transactions.
- Customer education: Financial literacy programs (phishing recognition, PIN protection) reduce incidents.
- Partnerships with insurers: Personalized policies tailored to your level of protection can reduce premiums by 5-10%.
For retailers:
- PCI DSS Compliance: Data security certification is mandatory for major players. This reduces the risk of data breaches and insurance premiums.
- Tokenization and 3D Secure: Replacing card data with tokens and two-factor authentication reduces the likelihood of fraud by 30–50%.
- Anti-fraud platforms: Integrating solutions from companies like Riskified or Forter can reduce chargebacks by 20–40%, which positively impacts insurance premiums.
General measures:
- Regular risk audit: Conducting penetration testing helps reduce insurance risks.
- Cooperation with payment systems: Visa and Mastercard programs (for example, Visa Account Updater) help minimize fraud.
- Deductible Insurance: Deductible policies can reduce premiums by 10-20% but require businesses to cover a portion of the loss themselves.
6. Forecasts and Prospects
- Global Fraud Growth: Losses from carding and CNP fraud are projected to reach $20 billion by 2027 due to the increase in online transactions. This will lead to a 20–50% increase in insurance premiums in high-risk regions.
- Russian market: Tighter regulations (for example, mandatory write-off insurance) and rising cyber threats will increase demand for cyber insurance, but will also raise rates. The average premium for banks could increase from 5-100 million rubles to 75-150 million rubles by 2025.
- Technology as a solution: The implementation of biometrics (facial and fingerprint recognition) and blockchain technologies for transaction tokenization could slow the growth of fraud, but will require investment that insurers will factor into their rates.