top of page

Reports: The State of Credit Cards; and a Global Cyber Threat Analysis

  • Writer: Roy Urrico
    Roy Urrico
  • 4 hours ago
  • 5 min read

By Roy Urrico


Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse of what is taking place and/or impacting credit unions and other organizations in the financial services industry.


The status of credit cards and cybersecurity threats highlight a pair of reports.


Growth, Risk and the Rise of ‘Hidden’ Business Accounts

 

Costa Mesa, Calif.-based Experian’s 2026 State of Credit Cards Report explores the macroeconomic forces influencing the market, key shifts in originations and delinquency trends, and lender mix. The report also spotlights an often‑overlooked segment: business accounts hidden inside consumer credit card portfolios.


“Amid ongoing inflationary pressures and early signs of labor market softening, the credit card landscape continues to evolve. While policy actions and easing uncertainty have supported a more stable operating environment, lenders are navigating a balance between renewed growth momentum and the need for disciplined risk management,” Experian, a global data and technology company, stated in the report.


The report offered actionable strategies to help lenders segment risk and drive disciplined growth more effectively. “As the credit card landscape evolves, understanding how consumers and businesses are adapting has never been more important.”


Key insights from the Experian report included:


  • Thirty-plus days past due (DPD) delinquency rates remained above pre-pandemic levels in 2025, underscoring the need for disciplined asset‑quality monitoring.

  • Fintechs continue to gain ground, posting a 71% year-over-year (YOY) increase in account originations.

  • Business accounts masked in the consumer credit card universe represent roughly 14% of balances and are more than 50% larger than the business card universe — “a material segment with distinct risk and profitability dynamics that many lenders are not explicitly managing today,” claimed the report.

Source: Experian
Source: Experian

Among the Experian report observations:


Large banks loosened credit card underwriting standards for the first time in three years in the third quarter of 2025. “At the same time, they reported a notable increase in demand for credit cards, driven by both the easing of standards and an uptick in outbound solicitations. Reflecting this momentum, YOY originations rose for the fourth consecutive month on a three-month moving average basis, reaching a 17% increase in the third quarter of 2025.


Identifying business accounts masked in the consumer credit card universe helps lenders uncover hidden risk and untapped revenue opportunities. This target group is booked with financial institutions under the assumption of typical consumer behavior. The target group represents approximately 13.7% of the consumer credit card universe and is more than 50% larger than the business credit card universe. “Without processes in place to identify and segment this group, lenders risk overlooking a material portion of their consumer portfolios — one that has distinct risk profiles and customer needs.”


The Trade Uncertainty Index fell significantly by October 2025, dropping to less than half of its peak following April 2025’s ‘Liberation Day’ tariff announcement. Concurrently, personal consumption, which increased on YOY basis throughout 2025, is expected to moderate in 2026, easing from 3.0% to 2.5% on a Q4/Q4 (fourth quarter to fourth quarter) basis.


Card delinquency has been gradually rising since the summer, both in terms of account volume and dollar balances. “With persisting inflation and a weakening labor market, maintaining a strong focus on asset quality has become a priority for portfolio managers.”


As lenders navigate a credit environment shaped by moderating growth, elevated risk signals and renewed origination activity, disciplined portfolio management remains essential. “While easing uncertainty and improving demand are supporting credit card growth, rising delinquency and shifting borrower behavior underscore the importance of maintaining a clear view of underlying asset quality.”


Cyber Threats Evolving at Alarming Pace


Radware, in its just released 2025 Global Threat Analysis Report, found that “a sharp escalation in both the frequency and sophistication of cyberattacks marked the 2024 cybersecurity landscape with distributed denial of service (DDoS) incidents leading the charge.” In addition, the report provided insights into the latest attack trends and mitigation strategies.


According to the Radware report the DDoS threat landscape includes an:


  • Telecommunications faced 43% of global network DDoS volume. Finance followed at 30%, experiencing the steepest growth in attack volume per customer at 393% YoY—more than twice the global average growth of 120%. Technology absorbed 11% of the global network DDoS attack volume, while transportation, e-commerce and government services also observed notable surges.

  • Escalation of Web DDoS Attacks. Increasing almost 550% YOY compared to 2023. The intensity of these attacks grew exponentially during the first half of the year (2024) and plateaued at high levels during the second half, reflecting a sustained and aggressive threat environment.”

  • Rapid reset and continuation flood to target online applications with increasing sophistication. Notable incidents included a six-day attack on a financial institution in the Middle East, which peaked at 14.7 million requests per second (RPS), and another attack on a major institution that reached 16 million RPS.

  • Network DDoS attacks in 2024 produced significant upticks in intensity and duration. The average mitigated attack volume per customer doubled compared to 2023, contributing to an overall 120% rise in total volume. The average duration continued to grow considerably in 2024 with a 37% increase over 2023. The average attack frequency, volume and duration have all more than doubled since 2022.

  • “Low and slow” attack strategies, designed to evade detection, increased by 38%. They lasted an average duration of 9.7 hours in 2024, more than doubling the average duration of 4.6 hours in 2023.

  • The United States emerged as both the leading attacker and target of network layer traffic. For both top attacking and most targeted countries, United States and Israel, the majority of the attack volume originated from infrastructure and bots inside the country. While the threat from inside the country is significant, still 12% of all malicious network DDoS packets were mitigated by geo-blocking.

Source: Radware.
Source: Radware.

Other Radware report findings include:


Beyond DDoS, web application and API threats grew significantly. “Fueled by advanced methods of vulnerability exploitation, widespread use of shadow and zombie application programming interfaces (APIs) and increasingly automated and artificial intelligence (AI)-driven hacking techniques.”


The integration of AI itself into cyber operations has introduced both opportunities and challenges. Threat actors have leveraged AI to enhance the sophistication of attacks, including the use of generative AI models to craft convincing phishing lures and develop malware. This evolution has lowered the barrier to entry for aspiring threat actors, made social engineering attacks more effective and helped seasoned threat actors more accurately identify system vulnerabilities.


Hacktivist motivations and targets. “Throughout 2024, hacktivism remained a leading driver of cyberattacks, propelled by political and ideological tensions.” In 2024, Telegram, a cloud-based messaging. served as a primary coordination and communication hub for hacktivist groups. The total number of claimed DDoS attacks on Telegram increased by 20% compared to 2023. Ukraine topped the list of targeted nations, with 2,052 claimed attacks, predominantly orchestrated by pro-Russian groups such as NoName057, which boasted 4,767 claims. Meanwhile, Telegram’s bot automation and cryptocurrency services have encouraged the rise of DDoS-as-a-service offerings, letting individuals hire attacks through Telegram bots that handle real-time commands, scheduling and payments.


Web Application and API Threats. In 2024, the rise of Web application and API attacks continued, increasing 41% over 2023. The rapid pace of development and innovation in online applications has given rise to numerous APIs that either lack proper documentation (shadow APIs) or are outdated and no longer actively maintained (zombie APIs). These unmanaged and often overlooked endpoints serve as enticing entry points for unauthorized access, significantly increasing the risk of data breaches.


Top targeted industries. Governments remained the primary focus of attacks since January 2023, with notable targets located in Ukraine, India, Israel, the United States, the Czech Republic, France, Poland, Spain and the United Kingdom. The leading threat actor targeting government institutions was NoName057, responsible for 2,072 claimed attacks targeting government institutions in 2024. In the financial sector, which includes online banking and payment services, NoName057claimed 949 attacks. Other highly targeted industries, such as transportation, media and internet, and manufacturing, also faced significant attack volumes, with NoName057 consistently emerging as the primary actor across these sectors.


Radware, which provides cyber security and application delivery solutions, has its international headquarters located in Tel Aviv, Israel, with North American headquarters in Mahwah, N.J.

bottom of page