Happy Holidays. You Just Funded $14B in Fraud.

This holiday season, more than four billion payments will fly across U.S. networks.
Every tap. Every swipe. Every last-minute “Buy Now.”

And with every one, a customer’s financial information is exposed.

That exposure is the most predictable - and easily exploited - part of the modern shopping journey.

Americans lost $14.3B to card fraud last year. That’s roughly $110 quietly drained from every U.S. household - a bill no customer ever saw, agreed to, or even knew existed.

Money doesn’t evaporate. It gets rerouted - pulled from millions of checkout moments into an underground economy customers never consented to fund.

Despite all the talk of “advances in security,” the problem is accelerating.
Fraud losses jumped 25% in 2024. During just five days of Cyber-Five shopping, over 4% of ecommerce transactions were flagged as suspicious - tens of millions of purchases questioned because the system is flawed.

For a country responsible for 25% of global card spend, the U.S. absorbs 42% of global card fraud.
Not because Americans are careless - but because the system leaks by design.

Tokenization was supposed to fix this.
It didn’t.

Visa says 50% of global ecommerce is now tokenized. Mastercard: 35% and rising fast.
Yet fraud keeps going up.

Here’s the uncomfortable truth:
A token is still a credential. Still a target.
It exists. It travels. It gets stored. It works tomorrow.
Swap the card number for a token and nothing fundamental changes. The target remains - just renamed.

And customers pay for it three ways:
Direct fraud losses - even when it wasn’t their purchase
“Swipe fees” topping $187-$236B annually, passed on as higher prices and surcharges
The hidden inflation those fees create - $1,200-$1,800 per household every year

Fraud becomes ambient - everywhere and nowhere.
A loss with no receipt. A bill with no sender.

The holidays magnify every weakness in the payments system.
More transactions. More exposure. More opportunity for attackers.

Customers assume the system “just works,” never seeing the tradeoff built into every checkout: convenience in exchange for vulnerability.

The industry has spent billions on risk scoring, biometrics, device intelligence, machine learning, layered defenses, and tokenization.

But the architecture never changed.
It was built to manage fraud - not eliminate it.

Real security requires a different model:
Payments without credentials, without exposure, and without higher fees to cover a broken design.

If there is nothing to steal, the losses disappear.

That model isn’t hypothetical.
It’s running in production today.

This season, four billion transactions will depend on trust.
It’s time the system stopped asking customers to pay when that trust breaks.

Part 1 of 4.
Next week: why tokenization was never designed to win - and what’s already replacing it.