Over 60 percent of malicious traffic targets retailers ahead of PCI DSS 4.0 deadline

No Comments

As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

More than 300 million account takeover (ATO) attempts were blocked by the platform in the past year, illustrating the growing scale of credential stuffing attacks. 822 million attempts at produc search and pricing abuse were blocked as 89 percent of non-ATO bot-driven attacks focused on scraping product pricing.

Loyalty schemes have come under attack too, over 22 million fraudulent attempts were blocked as attackers exploited loyalty programs, treating reward points like cash. These accounts are frequently targeted due to easier liquidation than stolen credit cards, often going undetected until significant losses occur.

Credit cards are still a target though with over 69 million attempts blocked as cybercriminals mass-tested stolen credit card details through low-risk transactions before making larger fraudulent purchases, fueling the circulation of compromised payment data.

"PCI DSS 4.0 is pushing businesses to modernize security, but many are still scrambling to catch up, giving attackers the perfect opportunity to strike," says Randolph Barr, CISO at Cequence. "Account takeovers remain the biggest threat, but we're also seeing a wave of new, highly sophisticated attacks exploiting every stage of the digital payment process. The common thread? APIs. Attackers are sidestepping traditional security defenses and going straight for API endpoints that handle cardholder data -- one of the most critical yet overlooked vulnerabilities. Businesses that focus only on compliance risk falling behind."

You can read more on the Cequence blog and there's an infographic summary below.

Image credit: violetkaipa/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Agentic AI might take years to transform security, but cyber defenders must prepare now

CachyOS March 2025 update adds new bootloader and updated hardware support to the Linux distribution

Elon Musk merges xAI with X to distract from Twitter debt disaster and Donald Trump backlash

Exploring the security risks underneath generative AI services

This mechanical keyboard is just $10 on Amazon -- but you need to act fast!

The hidden cost of legacy systems: How they hinder ROI and digital transformation

Over 60 percent of malicious traffic targets retailers ahead of PCI DSS 4.0 deadline

Most Commented Stories

Windows 25 solves Windows 11's biggest problem -- download it now

66 Comments

'It just works': AcreetionOS is the easy-to-use alternative to Windows 10/11 -- switch to it now

48 Comments

Forget Windows 11 -- ReactOS, the Microsoft-free Windows operating system, just got a massive update! Download it now

19 Comments

Windows 20 is the upgrade Windows 11 should have been -- download it now

16 Comments

Microsoft is ready to create more annoyance by rolling out OneDrive ads to Office users

14 Comments

Forget Google Chrome and Firefox, LibreWolf is the privacy focused browser you've been looking for

13 Comments

Forget Windows 11 and try AerynOS instead -- this new Linux distro just got a fresh ISO and powerful updates

12 Comments

Microsoft admits that a recent Windows update may have made your printer act erratically

9 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.