Unveiling the Trends in Credit Card Data Breaches and Fraudulent Activities in E-Commerce for 2025

Introduction

In recent years, the surge in e-commerce has showcased the convenience of cashless transactions. However, it also brings to light significant challenges regarding security. The 2025 version of the Cashless Security Report presents detailed statistics on credit card data breaches and fraudulent activities in the e-commerce sector, conducted by Link Co., Ltd. and Cacco, Inc. These findings reveal alarming trends that all stakeholders in e-commerce must address.

Overview of 2024 Card Information Breaches

Shift in Reporting Dynamics

The report highlights a critical change in how card information breaches are reported. In 2024, a staggering 35.1% of breaches were identified following police interventions, signifying an increase in law enforcement's role in uncovering these incidents. Traditionally, breaches were predominantly reported by financial institutions or payment service providers. However, many of the breaches identified through police investigations were linked to attacks exploiting vulnerabilities in platforms like EC-CUBE, first appearing in 2021. This alarming trend necessitates a robust response from merchants to ensure their systems are secured against such breaches.

Persistent Issues of Fraudulent Transactions

Financial losses due to credit card fraud in 2024 reached a plateau of 55.5 billion yen, with over 90% of the losses attributed to number theft on e-commerce platforms. Factors contributing to the increase include phishing schemes, credit card master attacks, and a rise in info-stealers that capture users’ input information. Additionally, the number of account takeovers has surged, leading to a broader spectrum of fraudulent orders that merchants must fight against.

Challenges and Improvements in Fraud Prevention

EMV 3-D Secure Implementation

Research from YTGATE indicated a striking decline in payment approval rates following the implementation of EMV 3-D Secure. While approval rates had previously hovered around 95%, they plummeted to around 85%, with over 65% of consumers experiencing authentication errors. Additionally, many merchants reported an increase in abandoned shopping carts due to these errors. To balance fraud prevention and sales opportunities, collaboration between merchants and issuers to improve the accuracy of the EMV 3-D Secure process is essential.

Rise in Unauthorized Access to Securities Accounts

Between January and July 2025, the Financial Services Agency reported a staggering 14,069 instances of unauthorized access to securities accounts, with 8,111 cases of fraudulent transactions totaling losses of up to 620.5 billion yen. Many of these breaches resulted from phishing or malware that compromised authentication information. Despite the upward trend in multi-factor authentication adoption leading to a decrease in incidents, the monetary damages are on the rise yet again.

Targeted Voice Phishing on Corporate Accounts

There has also been a notable increase in voice phishing targeting corporate bank accounts. Scammers employ tactics that lead victims to counterfeit websites over the phone, resulting in unauthorized transfers fueled by stolen authentication credentials.

Policy Trends and Recommendations

Escalation of Security Measures

In response to the increasing threat landscape, policy developments are taking shape. The Credit Card Security Guidelines 6.0 edition has been introduced to provide better protection against unauthorized use. Collaboration between police departments and card companies is also being reinforced to facilitate faster reporting of compromised card information to international card brands.

Recommendations for Stakeholders

Those involved in e-commerce are encouraged to take proactive measures in enhancing their security protocols. The Cashless Security Report caters to businesses aiming to understand their exposure to credit card fraud relative to competitors and helps them stay abreast of evolving threats.

Conclusion

The findings underscored in the 2025 Cashless Security Report outline a pressing need for enhanced security measures to combat the rising trend of credit card fraud in e-commerce. Both Link and Cacco are committed to addressing these issues and providing necessary guidance on mitigating risks associated with cashless transaction systems. Continued analysis will help in navigating the ever-evolving landscape of payment security while informing stakeholders about effective strategies and interventions.

Links to Download Reports

For those interested in a comprehensive understanding of these findings, the full Cashless Security Report 2025 is publicly available on the respective websites of Link Co., Ltd. and Cacco, Inc: