In 2022, data breaches continued at near-record levels, exposing hundreds of millions of personal records and supplying cybercriminals with the raw material for payment fraud, account takeovers, and identity theft. While not every breached record contained payment card information, the scale of exposed personal and financial data significantly expanded the global fraud ecosystem. The Scale of the Breach Problem According to the Identity Theft Resource Center, there were 1,802 publicly reported data compromises in the United States in 2022, the second-highest annual total on record. These incidents affected at least 422 million individuals, though the true number may be higher due to incomplete breach disclosures. (ITRC, https://consumer.ftc.gov/consumer-alerts/2022/07/want-work-home-spot-scams-first) How Stolen Data Fueled Payment Fraud Cybercriminals frequently purchase stolen data in bulk on illicit marketplaces. These datasets can include:
- Payment card numbers
- Names and addresses
- Email credentials
- Social Security numbers
- Banking information
Not every breached record is equally valuable, but at scale, even low-cost data becomes highly profitable. Criminal groups often automate the monetization process, turning massive datasets into efficient fraud operations. The Rise of Card Testing at Scale One of the most common tactics is card testing, using small, automated transactions to determine whether stolen card details are still active. Once a card is verified, fraudsters may quickly escalate to larger purchases, cash-out schemes, or account takeovers. This process transformed payment fraud into an industrialized operation, with bots testing thousands of cards across e-commerce sites in minutes.
The Financial Impact
Global payment card fraud losses reached approximately $33.45 billion in 2022, according to industry estimates from the Nilson Report. Losses are projected to continue rising as digital payments expand. Why 2022 Marked a Turning Point By 2022, fraud operations had become increasingly sophisticated. Criminals were no longer simply reacting to individual breaches; they were proactively leveraging large datasets, automation, and predictive techniques to maximize returns. The result was a shift from opportunistic fraud to highly organized, data-driven criminal enterprises.
The Lasting Lesson
Data breaches are not isolated incidents. They are often the starting point for a chain of downstream crimes, from card fraud to identity theft and account compromise. For consumers, the lesson is clear: a breach may be only the beginning. For organizations, securing customer data is no longer just a compliance issue, it is a frontline defense against a much larger fraud economy.