US responsible for almost 50% of breached credit cards worldwide
Over 2.6 million payment cards have been compromised in the US since 2004
With Black Friday and the holiday season upon us, millions of us will be spending money online – but it's vital to keep yourself and your card details safe to avoid being a victim of cybercrime.
New research from one of the best VPNs, Surfshark, has found over 5.7 million card details have been breached worldwide since 2004. The data includes card numbers, expiration dates, and card verification values (CVVs), the three- or four-digit number found on the back of credit and debit cards.
28% of the compromised information is CVV insecurity codes, which are vital for transaction verification. Their exposure poses a considerable risk, as they can be used to authorise fraudulent transactions.
As well as this, 33% of the breached card details consisted of card expiration dates. These are not directly exploitable on their own, but when combined with other details, the risk of cybercrime is increased.
Compromised countries
Surfshark analyzed data from the top 10 largest global economies, where consumers may spend the most. The United States topped the list with 773 breaches per 100,000 residents. The UK was second with 248 per 100,000 residents, and Canada was third with 225 per 100,000. Germany, Japan, and China exhibited the lowest number of breaches, with 15, 5, and 1 per 100,000 respectively.
The United States stands out as the largest economy and experiencing the highest number of breaches. Since 2004, over 2.6 million payment cards have been compromised in the US, which accounts for nearly half the global amount. One-third of these breaches included CVV codes.
According to the FBI, nearly 14,000 complaints related to credit card fraud were received in the US in 2023 alone, resulting in nearly $174 million in losses. Over this decade, the US has registered over 71,000 complaints, leading to more than $740 million in losses.
Seasonal scammers
Scammers prey on Black Friday buyers, with research showing fake shops and scamming attempts rise throughout October and the end of the year. 2023 research from NordVPN found that one in four Americans who'd been scammed while shopping were done so during shopping events such as Black Friday – this works out at 34 million people.
Scammers use phishing sites and fake shops to trick you into entering your card details, allowing them to steal and use that information.
"The holiday shopping season, especially during high-spending events like Black Friday, Cyber Monday, and the pre-Christmas rush, is a prime opportunity for cybercriminals," says Miguel Fornés, a cybersecurity expert at Surfshark.
"As consumers engage more actively in online shopping, they face risks such as fake websites mimicking legitimate stores, strategically placed QR codes, or phishing emails, all designed to steal payment card details. Additionally, cybercriminals actively seize publicly available leaked data to access accounts on legitimate websites."
Staying safe
There are ways to stay safe when shopping online this holiday season. Human error is still the biggest cause of cybercrime, so staying vigilant is a must. Only click on links you trust and know are safe, if there's any doubt in your mind, don't click.
Whenever you're entering card details, try and establish if the site is genuine and secure. Scammers can create fake websites which look very similar to the real thing, but look out for any typos in the URL or on the site page, and check out the reviews. If there are fewer reviews than expected, or all skewed in one direction, then that should signal alarm bells.
What about VPNs?
VPNs are a great way of protecting your online privacy – and there are tons of Black Friday VPN deals currently available – but they won't grant you total protection. If you enter details into a scam site, then unfortunately a VPN can't do a lot to help. However, some VPN providers offer cybersecurity protection as part of their plans.
A number of providers offer phishing protection – the best of which being NordVPN's Threat Protection Pro. This has recently been certified as the most effective of its kind, and is available to anyone signing up to the Plus plan.
NordPVN also offers NordProtect as part of its top-tier Prime plan. This tool offers identity recovery and restoration, and victims of identity theft can be reimbursed up to $1 million. Cyber extortion cover up to $100,000 is also included, as well as a 24/7 dark web monitoring service.
The best beginner VPN, ExpressVPN, also offers a similar product. Its newly launched Identity Defender tool is a suite of identity alert and protection features. It includes ID Alerts, which monitors the internet for your personal information, and ID Theft Insurance of up to $1 million. Identity Defender also includes a data removal service, which scans for, and requests removal of, any personal information collected by data brokers.
These are both effective tools, but currently only available to new customers in the US, and NordVPN's Prime is more expensive than ExpressVPN. Identity Defender is included in ExpressVPN's 2-year plan – actually making ExpressVPN a bit of a bargain.
George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights, censorship, data, and the interplay between cybersecurity and politics. Outside of work, George is passionate about music, Star Wars, and Karate.