Cequence Security reports 300 million account takeovers as PCI DSS 4.0 deadline approaches

Cequence’s CQ Prime threat research reveals 300M account takeover attempts, with retail facing the brunt of malicious traffic.

Cequence Security has released insights from its CQ Prime threat research team, indicating a rise in cyber threats as businesses approach the March 31 Payment Card Industry Data Security Standard (PCI DSS) 4.0 deadline. The research highlights increasing risks related to API-driven fraud and credential stuffing, particularly impacting the retail and financial services sectors.

According to the report, which utilized data from billions of transactions processed through Cequence’s Unified Application Programming Interface (API) Protection platform, cybercriminals are exploiting vulnerabilities in payment systems and loyalty programs.

Among the key findings, it was reported that more than 300 million account takeover attempts were blocked over the past year, underscoring the expanding scale of credential stuffing attacks. Retailers were noted to account for 66.5% of all malicious traffic, revealing their heightened risk due to high transaction volumes.

Additionally, the research points to 822 million blocked attempts targeting product pricing scraping, which can lead to competitive disadvantages for retailers. Loyalty programs also faced significant abuse, with over 22 million fraudulent attempts recorded.

Randolph Barr, chief information security officer at Cequence, stated, “PCI DSS 4.0 is pushing businesses to modernize security, but many are still scrambling to catch up, giving attackers the perfect opportunity to strike.” He emphasized that account takeovers remain a significant threat amid rising sophistication in attacks focused on API vulnerabilities.

To enhance security and compliance, Cequence recommends several actions, including encrypting sensitive data, securing API endpoints, and continuously testing systems for vulnerabilities.

The insights reveal critical data for businesses striving to safeguard their digital transactions as the compliance deadline approaches.