Carding is a form of financial fraud in which criminals use stolen bank card information (credit, debit, or prepaid) to conduct unauthorized transactions. This type of fraud encompasses both physical transactions (such as using a stolen card in stores) and card-not-present (CNP) transactions, which dominate the online environment. Carding causes significant damage to the global economy, affecting card issuers, banks, merchants, payment processors, and end consumers. In this answer, we will examine in detail the scale of losses, their structure, causes, regional characteristics, indirect consequences, and countermeasures for educational purposes.
These figures only account for direct losses (e.g., chargebacks, stolen funds). Indirect costs, such as the cost of fraud prevention systems, legal fees, and loss of consumer trust, can increase the total damage by 1.5–2 times.
If you would like to delve deeper into a specific aspect (such as countermeasure technologies or regional data), let me know!
1. The scale of economic losses
According to the Nilson Report (a leading source of payment system analytics), global losses from payment card fraud will amount to $33.83 billion in 2023. This is a 1.1% increase from the 2022 estimate ($33.45 billion), even though card transaction volume grew by 4.7% (to $51.435 trillion). The loss rate is 6.58 cents per $100 in transactions, down from the 2012 peak of 8.01 cents, but still significant.Historical dynamics (according to Nilson Report):
- 2018: $27.85 billion (6.9 cents per $100).
- 2020: $28.65 billion (growth slowed by pandemic restrictions on physical transactions).
- 2021: $32.34 billion (+13.8% compared to 2020 due to the surge in online shopping).
- 2022: $33.45 billion (up 3.5%).
- 2023: $33.83 billion (up 1.1%).
Forecasts:
- By 2026, losses are expected to increase to $43 billion (Nilson Report).
- By 2028 – up to $43.47 billion (Statista).
- Cumulative losses over the decade (2023–2033) could exceed $400 billion.
These figures only account for direct losses (e.g., chargebacks, stolen funds). Indirect costs, such as the cost of fraud prevention systems, legal fees, and loss of consumer trust, can increase the total damage by 1.5–2 times.
2. Loss structure
Losses from carding are distributed among several parties:- Card issuers (banks): The bulk of the losses are borne by banks that issue cards. They are obligated to reimburse customers for losses from unauthorized transactions if the customer is not at fault (for example, in the case of data theft). In 2023, issuers covered approximately 60% of losses in the US ($8.59 billion out of $14.32 billion).
- Merchants: In cases of CNP fraud, merchants are often responsible for chargebacks. This is especially true for small businesses, which don't always employ advanced security systems.
- Payment processors: Payment systems (Visa, Mastercard) and processors (Stripe, PayPal) lose money on fees for cancelled transactions and investments in security.
- Consumers: While consumers are generally protected from direct losses (in most countries), they face indirect losses: temporary card blocking, loss of confidence in online payments, and higher prices for goods/services due to increased fees.
3. Regional features
Carding losses vary greatly across regions due to differences in payment infrastructure, digitalization, and security measures:- The United States accounts for 42.32% of global losses ($14.32 billion in 2023), despite generating only 25.29% of global transaction volume. The main reason is the high level of CNP fraud (online purchases). PIN-less cards are widely used in the US, as is the weak implementation of 3D Secure for some transactions.
- Europe: Europe has a lower fraud rate (around 25% of the global average) thanks to strict standards such as PSD2 (Payment Services Directive 2), which requires two-factor authentication (SCA, Strong Customer Authentication). For example, in 2023, the fraud rate in Europe was approximately 4.5 cents per $100 of transactions.
- Asia: The rapidly growing e-commerce market (especially in China and India) is leading to increased losses. In China, for example, fraud increased by 15% from 2020 to 2023 due to the popularity of mobile payments.
- Developing countries: In regions with low EMV (Electronic Mobile Module) chip penetration and weak cybersecurity (such as some countries in Africa and Latin America), losses are growing faster due to outdated systems.
4. The Main Reasons for the Growth of Carding
- E-commerce growth: The COVID-19 pandemic has accelerated the shift to online commerce. In 2022, e-commerce fraud losses were $41 billion, and in 2023, $48 billion (Statista). By 2029, this figure is projected to grow to $107 billion.
- Data theft: Cyberattacks (phishing, database leaks, skimming) remain the primary source of data for carding. For example, in 2023, more than 2.6 billion personal data breaches were recorded (Surfshark), including card numbers.
- Social engineering: Fraudsters use complex schemes (such as fake calls from a "bank") to obtain data.
- Dark Web: Card data is sold on darknet markets for low prices (from $5 to $50 per card), making carding accessible to a wide range of criminals.
- Outdated technology: Some regions still use magnetic stripe cards, which are easily counterfeited.
5. Indirect economic consequences
In addition to direct losses, carding creates additional costs:- Investments in security: Banks and merchants spend billions annually on fraud prevention systems (AI, machine learning, biometrics). For example, global cybersecurity spending in the financial sector will exceed $80 billion in 2023 (Gartner).
- Chargeback costs: The chargeback process is complex and expensive. Merchants not only lose money but also time and may face penalties from payment systems.
- Price increases: Banks and merchants pass on some of their losses to consumers through higher fees and higher prices for goods/services.
- Loss of trust: Consumers may avoid online shopping, which reduces e-commerce volumes. For example, research shows that 30% of users stop using a store after experiencing fraud.
- Legal costs: Lawsuits related to data breaches cost companies millions. For example, the Equifax data breach in 2017 cost the company over $1.4 billion in compensation and fines.
6. Countermeasures
The following technologies and approaches are used to combat carding:- EMV chips: Replacing magnetic stripes with chips has reduced fraud at physical points of sale. In the US, the implementation of EMV after 2015 reduced card counterfeiting by 76% by 2020.
- 3D Secure (Verified by Visa, Mastercard SecureCode): Two-factor authentication for online transactions. In Europe, PSD2 made it mandatory, reducing the incidence of CNP fraud.
- Tokenization: Replacing card data with unique tokens (e.g. in Apple Pay, Google Pay) makes data interception useless.
- Machine learning: Transaction analysis algorithms identify suspicious transactions in real time. For example, Visa's systems process over 500 risk factors in milliseconds.
- Biometrics: Using fingerprints, facial recognition, or voice recognition for authentication.
- Consumer education: Phishing and safe shopping awareness campaigns.
7. Example of loss data
For clarity, here is an example of the distribution of losses in the United States (2023, Nilson Report):Type of fraud | Loss rate (%) | Amount ($ billion) |
---|---|---|
CNP (online) | 65% | 9,31 |
Counterfeit maps | 15% | 2,15 |
Lost/stolen cards | 10% | 1,43 |
Others (skimming, etc.) | 10% | 1,43 |
8. Future Challenges
- Artificial Intelligence: Fraudsters are starting to use AI to create more sophisticated attacks, such as deepfake calls or automated phishing.
- The rise of mobile payments: The popularity of QR codes and mobile wallets (e.g. WeChat Pay, UPI) creates new vulnerabilities.
- Cryptocurrencies: Fraudsters are increasingly using cryptocurrencies to launder funds obtained from carding.
- Regulatory gaps: In developing countries, weak regulation of payment systems increases risks.
Conclusion
Card fraud remains a significant threat to the global economy, with annual losses estimated at $33.83 billion (2023) and projected to reach $43 billion by 2026. CNP fraud is the primary contributor, particularly in the US, where losses account for over 42% of global losses. Direct losses are compounded by indirect costs of cybersecurity, chargebacks, and loss of trust. Effective measures such as EMV, 3D Secure, tokenization, and AI reduce fraud but require ongoing investment. To minimize risks, it is important for consumers to use strong passwords, two-factor authentication, and avoid suspicious websites.If you would like to delve deeper into a specific aspect (such as countermeasure technologies or regional data), let me know!