Payment Fraud - Industrialization Creates New Detection Opportunities

What Happened

Payment fraud has undergone a significant transformation, evolving from isolated schemes into a sophisticated industrial ecosystem. This shift is characterized by the emergence of purpose-built infrastructure, toolkits, and professional services that allow fraudsters to maximize their output with minimal effort. The Annual Payment Fraud Intelligence Report: 2025 highlights how this industrialization has been fueled by technical advancements and professionalized support services. For instance, the Magecart e-skimmer supply chain exemplifies this trend, providing tools like full-stack e-skimmer kits that make it easier for less skilled attackers to compromise e-commerce sites.

In 2025, over 10,500 unique Magecart infections were recorded, impacting more than 23 million transactions. This alarming statistic underscores the scale at which these attacks are occurring. The AcceptCar e-skimmer, discovered in late 2025, further illustrates the maturity of this service model, allowing fraudsters to profit from compromised sites without needing to manage the underlying infrastructure themselves.

Who's Being Targeted

The consequences of this industrialized fraud ecosystem are far-reaching, affecting both consumers and financial institutions. Recorded Future identified over 3,600 scam merchant accounts in 2025, a staggering 2.5 times increase from the previous year. These scams span across 40 countries and involve 230 acquirers, showcasing the global nature of the threat. Furthermore, card testing services have validated at least 27 million card records, indicating a systematic approach to fraud that is increasingly difficult to detect.

The standardization of merchant acquisition workflows has enabled scam operators to set up fraudulent infrastructures at scale. This means that financial institutions must be vigilant and proactive in identifying these threats before they escalate into significant financial losses.

What Data Was Exposed

The industrialization of fraud has created a concentrated upstream ecosystem where e-skimmer infections and scam merchants compromise card data during online transactions. This means that while the outcomes of fraud are visible, the pathways that enable them often remain hidden. For instance, 26% of e-skimmer infections can be traced back to a single kit, and scam operators frequently reuse registration patterns across multiple acquirers.

This standardization leads to detectable patterns that financial institutions can leverage to their advantage. By identifying indicators of compromise before fraud occurs, institutions can act swiftly to prevent financial losses. The challenge lies in the fact that traditional transaction monitoring focuses on post-transaction anomalies, leaving a gap in visibility into the pre-monetization stages of fraud.

How to Protect Yourself

To combat this evolving threat landscape, financial institutions must adopt a proactive approach to fraud detection. Traditional transaction monitoring and behavioral models are insufficient, as they only detect anomalies at the point of payment. Instead, institutions should integrate intelligence-informed defenses that monitor upstream activities, such as Magecart-infected sites and scam merchant accounts.

Recorded Future's Payment Fraud Intelligence offers tools to monitor these upstream stages, enabling early detection of high-risk merchants and potential fraud. By identifying compromised cards before fraud occurs, institutions can significantly reduce their exposure to losses. As the fraud ecosystem continues to mature, maintaining visibility into these pre-monetization windows will be critical for effective fraud prevention.