Online Payment Method Fraud: Figures & Stats

Online Payment Data Breaches in the US

Many of us are aware of how our data is recorded, stored, and used by the organizations we work for and buy from, but some unlucky individuals are often caught in the crossfire of professional cyber gangs attacking the organizations that store our data.

A great proportion of cybercrime is driven by accessing and misusing consumer information. And one of the main ways for cyber attackers to make money is through online payment fraud. 

Digital and mobile payment methods have increased dramatically over recent years. Digital and mobile wallets are now the most used forms of payment in the world, accounting for 41.8% of payments worldwide. Credit and debit cards also make up a significant proportion of payments worldwide, together accounting for 34.8% of worldwide payments – many of which are card-not-present payments conducted online.

In line with this, there has been a steady rise in the number of data compromises related to online payments year on year, according to the Identity Threat Research Center. In 2021, there were 1,862 data compromises and a total of 293 million victims of data breaches. While the number of victims has decreased, the number of compromises is at an all-time high. 

Global Payment Method Splits

The vast majority of data compromises that occur today represent highly sophisticated and complex cyberattacks that require proactive and robust defenses to prevent.

Fraud detection solutions are more important than ever, and any business should be aware of threats that professional hackers present to themselves and to their customers. 

US Data Compromise Volume Trend 2015 to 2021

How Fraud Affects Online Payments

There are numerous types of data breaches and online payment fraud.

The type of data compromised can impact how much damage a fraudster can cause or how many resources they can steal. The top types are listed below, with Social Security Numbers the most commonly compromised information each year. 

Type of Personal Information Compromised 

Type of Personal Information Leaked

Most Stolen Personal Information in 2021

  1. Full Name: 1,603 Breaches and Exposures
  2. Full Social Security Number: 1,136 Breaches and Exposure
  3. Date of Birth: 686 Breaches and Exposures

It is the fraudsters’ goal to access and steal as much personal information as possible.

Personally identifiable information (PII), such as your bank account number, social security number, and driver’s license, helps fraudsters access your online accounts and payments. Information like your name and date of birth help fraudsters more successfully engage in phishing and smishing. 

Most Commonly Stolen Personal Information

Phishing involves messaging e.g. an email disguised as coming from a known institution, such as banks and popular websites. It invites the recipient to take an urgent action, such as log in or change their password, in an attempt to hijack this personal information (real banks, for instance, never ask for confidential data).

Smishing is a combination of text messaging and phishing, where an SMS will e.g. suggest your account needs to be updated, that you log in on a (mock) website using your credentials, or that you send information to someone.

Most Common Types of Fraud Attacks

There are several methods fraudsters employ to steal your data.

The most common include phishing and smishing, human and systems errors, such as improperly configured cloud security, and physical attacks, where criminals steal devices and documents containing personal data. 

Some of the data types lost here may seem inconsequential. However, they can be used by fraudsters to impersonate the individual, which can be very damaging. If cyber attackers get access to someone’s background information, for example, they can check data leaks for any other details and bypass anti-fraud checks more easily.

Most Common Types of Fraud Attacks
  1. Phishing/Smishing/BEC: 537 Attacks in 2021

As discussed previously, phishing and smishing are attempts to “fish” for your personal details, your passwords and other data. Essentially, these tactics try to trick you into willingly handing over your personal information. 

  1. Ransomware: 321 Attacks in 2021

Ransomware is where cyberattackers encrypt important files and demand a ransom payment for the decryption key. Often, paying the ransom is presented as the easiest and cheapest way for organizations and individuals to regain access to their files – but there is no guarantee paying up will give you back your data, either.

  1. Malware: 139 Attacks in 2021

In a similar vein to ransomware, malware refers to any type of malicious software designed to exploit a device, service or network, including spyware, for instance. Cyberattackers typically use malware to extract data that they can leverage over victims for their own financial gain.

Industries Most Affected by Online Payment Fraud in 2021

Industries are affected differently by fraud. The US military, for example, has not seen a single data breach over 2020 or 2021, likely due to their sophisticated defense solutions.

Here are the industries most affected over 2021. 

Most Victims of Fraud in 2021

Industries with the Most Victims of Fraud in 2021
  1. Manufacturing & Utilities: 49,775,124 Victims in 2021

Manufacturing & utilities refers to the practical, hands-on work that many workers are involved in. Despite often having more hands on work, manufacturing & utilities industries saw the most victims of fraud in 2021.

Common attacks in this industry often include using stolen information to order utilities, and conducting expensive ransomware attacks that halt or threaten to halt production.

  1. Technology: 44,035,156 Victims in 2021

The technology industry is just as susceptible to data breaches than any other and saw over 44 million victims of data compromises.

Shockingly, a 2020 study revealed that over 50% of tech companies had experienced a data breach, with 48% of employees claiming their company had encountered 20 data breaches a year. 

  1. Healthcare: 28,045,658 Victims in 2021

Compromises have increased year-over-year in every primary sector, including healthcare. Due to the nature of healthcare work, there is often a great deal of personal information at stake. Data breaches in healthcare services can see large numbers of victims, and indeed saw over 28 million in 2021. 

Each compromise can have more or fewer victims. Here are the industries which suffered the most data compromises over 2021.

It is interesting to note that the number of victims of fraud is dramatically larger than the number of compromises in each industry, hinting at the large scale data theft that any single compromise can cause. 

Most Data Compromises in 2021

Industries With The Most Data Compromises
  1. Healthcare: 330 Compromises in 2021
  1. Financial Services: 279 Compromises in 2021
  1. Manufacturing & Utilities: 222 Compromises in 2021
Industry Trends - Data Compromises

It is clear that fraud is prevalent across all industries and is on the increase. There are many types of fraud attacks and many different ways in which fraudsters can access personal information. Stolen information from data breaches can lead to identity fraud, which can be very costly to businesses and consumers. 

Industry Trends Victims of Compromises

How to Avoid Fraud

With this many fraud attacks happening across all industries, it is important that businesses and individuals consider improving their fraud prevention tactics.

We’ve seen how fraudsters can obtain various types of personal information. But what fraudsters cannot steal is a person’s digital footprint. Being able to verify who consumers really are is a great first step in preventing fraud. 

Here are some tips for the best ways to avoid fraud. We suggest combining as many of the following features as possible.

Fraud Prevention and Detection Methods

The Best Fraud Prevention and Detection Methods

  • Data Enrichment

This process aggregates external data to complete a picture of a user – for example, reverse email lookup lets you know how risky the user is based on a wealth of information sourced starting from the single data point of an email address.

  • Social Media Lookup

A powerful way to know for certain if you’re dealing with a real person is social media lookup – as well as other types of online platforms. Make sure that your solution can check as many social media networks in as many regions as possible.

  • Custom Risk Scoring

Controls how risk is calculated to make sure the results adapt to your business. This is not only important to improve accuracy, but also to automate the approval, review, or rejection of certain user actions.

  • Machine Learning

Machine learning, a collection of artificial intelligence algorithms trained with your historical data, can recommend risk rules to block or allow certain user actions based on what has been attempted in the company or industry in the past – such as suspicious logins, identity theft, or fraudulent transactions. 

  • Device Fingerprinting

Device fingerprinting collects information about a user’s device, such as browser use and hardware, as they connect to a website, app or other server. This helps websites track the user’s actions and visits, and assess whether their intentions are fraudulent. 


Data on the split of online payment methods across the world was taken from SEON. All other data was retrieved from the Identity Threat Research Center’s Data Breach Annual Report

Share article

Speak with a fraud fighter.

Click here

Author avatar
Gergo Varga

Gergo Varga is SEON’s Product Evangelist. With more than 10+ years of experience in the Hungarian and international risk management sphere, he has developed an astute knowledge of RiskOps and Open Source Intelligence. He is the author of SEON’s Fraud Prevention for Dummies guide.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox