$24.26 Billion was lost in 2018 due to payment card fraud worldwide. Fraud has also moved to new areas such as merchant debit cards and prepaid cards, reward programs and takeover of mobile phone accounts - businesses which generally do not have the level of account security that banks have implemented. Credit and debit card fraud continues to climb over time.

Identity theft occurs when someone uses information about you: name, birthday, social security number, bank statements, etc. to access your records or open new ones under your name. Credit and debit card fraud is a type of identity theft.

The fraudster is actually selling your credit card number to other cyber criminals. The data from a single credit card can be sold for more than $45, data security provider Symantec reports. Let’s say you have a trove of credit card data, such as the 2018 Marriott data breach which compromised, among other pieces of data, credit and debit card payment information for 383 million people. That’s equivalent to billions of dollars in potential profits.

In Box: Online shopping now creates the greatest fraud opportunity - the security of the EMV credit and debit cards (chip & PIN) are driving more fraudulent activity to the online or e-commerce industry.

Credit card fraud is a result of identity fraud and a type of identity theft. It happens when someone uses your credit card or credit account to make a transaction. What's the reason for this, and how can it happen?

* If your credit card becomes misplaced or taken, it can be used for unauthorized in person or online transactions.
* The account number can also be taken, along with the PIN and security code. Criminals steal your information to make purchases that do not have required authentication.
* Scammers can use skimmers on point-of-sale systems to get your information and use it to make a duplicate card.
* Your information can be obtained online through hackers using unsecure or imposter websites & data breaches - then they can use your finance info to make purchases without needing the card present (called card-not-present fraud or CNP fraud).

Ways that someone can get your information to commit credit card fraud:

* Stolen credit card
* Finding & Using a card that has been misplaced
* Account takeover
* Counterfeit Cards: using a skimmer, thieves and criminals can make & use a duplicate card. EMV Technology (chip & PIN) has reduced this type of fraud
* Intercepting Mailed Cards: cards taken from your mailbox
* Fraudulent credit applications: using your taken information to apply for new credit in your name (Identity theft)
* Card-not-present fraud: the physical card is not needed to commit fraud, just the number- increasing due to e-commerce

As per a report, there is fa resh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed. Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks. The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In).

As per the Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz - they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

Most of the cards are getting stolen when we handover the card to waiter for bill payment at restaurant. They are taking photos of both sides. And then they need name, card number, expiry and CVV to purchase in any foreign e-commerce portal. No PIN or OTP will be needed.

Be careful in using your card online. Don't store card details on ecomm/payment websites or Apps. If your bank has facility to temporarily disable card usage, use it when you are not going to use card for longer time.

Use the card on ATMs where the card gets locked during transaction. Such ATMs are installed with Anti skimming devices.

Most importantly... Never share your PIN / OTP.