The infographic argues that the approaching PCI DSS 4.0 deadline is colliding with a surge in API-focused attacks that bypass traditional defenses using automation, credential stuffing, token exploitation, and payment abuse. It highlights “API security blind spots,” noting organizations average 800+ APIs, and reports 300M+ account takeover attempts blocked in the last 12 months, with $121M in potential fraud losses prevented across a subset of organizations. It also shows attackers diversifying beyond ATOs: 822M product search and pricing abuse attempts (89% of non-ATO bot activity), 69M credit verification fraud attempts, 22M loyalty rewards abuse attempts, and about 6M shopping cart and inventory abuse attempts, with retail accounting for 66.5% of malicious traffic.

Join for free to read