According to cybersecurity company Surfshark’s analysis, Canada has the 10th highest rate of breached payment card details among major economies. The country has 225 data points of breached payment card details per 100,000 residents. This is, however, significantly lower than the U.S., which leads with 773, and the United Kingdom at 248.
Since 2004, over 5.7 million payment card data points have been compromised globally, with the U.S. accounting for nearly half of the total global amount at 2.6 million. This dataset includes card numbers, expiration dates, and card verification values (CVVs), a three or four-digit number found on the back of most credit and debit cards.
“The holiday shopping season, especially during high-spending events like Black Friday, Cyber Monday, and the pre-Christmas rush, is a prime opportunity for cybercriminals,” says Miguel Fornés, a Cybersecurity Expert at Surfshark. “As consumers engage more actively in online shopping, they face risks such as fake websites mimicking legitimate stores, strategically placed QR codes, or phishing e-mails, all designed to steal payment card details. Additionally, cybercriminals actively seize publicly available leaked data to access accounts on legitimate websites.”
Notably, 28% of the compromised data is CVV security codes, which are crucial for verifying transactions. Their exposure poses considerable risks, says Surfshark, as they can be used to authorize fraudulent transactions. Additionally, 33% of the dataset consists of payment card expiration dates. While not directly exploitable on their own, these dates can increase the risk of cybercrime when combined with other details.
The top 10 largest global economies, where consumers may spend the most, exhibit varying rates of breached payment card details per 100,000 residents: United States (773), United Kingdom (248), Canada (225), Italy (197), Brazil (102), France (71), India (34), Germany (15), Japan (5), and China (1).
According to Fornés, protecting your information while shopping for holiday deals requires staying alert, exercising caution, and following basic cyber hygiene rules. He provides a checklist of precautions to take:
- Activate Multifactor Authentication everywhere.
- Ignore unsolicited SMS, QR codes, and e-mails.
- Do not reuse passwords, especially for financial platforms and main digital identities.
- Keep your devices updated.
- Never share personal information on public Wi-Fi or untrusted networks.
- Regularly review your account statements and report suspicious activity as soon as possible.
Data breach statistics from around the world, occurring between January 2004 and September 2024, were examined. The data, which included payment card details, was collected by independent partners from publicly available databases and aggregated by e-mail addresses. This information was then anonymized and provided to Surfshark’s researchers for statistical analysis. This study looks into compromised payment card details on a global scale as well as within the world’s top 10 economies. This dataset includes card numbers, expiration dates, and card verification values (CVVs).