News from the Wire

The fraud landscape has shifted—but not where you’d expect

Tuesday, March 31, 2026 — 18:26:32 (UTC)

The Fraud Landscape Has Shifted—But Not Where You’d Expect

San Francisco, March 31, 2026—Transaction volume across the Sift Global Data Network grew 18% in 2025, while payment fraud attempt rates held steady at around 3.25%.* This steadiness shows better transaction monitoring and controls, even as new payment methods expand fraud opportunities.

Yet this apparent stability at checkout masks another trend: a surge in fraud attempts that occur a step earlier in the payment journey. 21% of consumers reported an account takeover (ATO) incident in 2025.

The Account Is the New Attack Surface While payment fraud rates plateaued, account takeover attack rates surged in early 2025 before pulling back later in the year, with the login block rate peaking at 1.8% of all login attempts in Q1.

The shift towards targeting accounts, rather than payment methods alone, makes sense from a fraudster’s perspective. Once inside an account, stored payment methods, loyalty point balances, and purchase history all become accessible, and transactions placed from a trusted account are far harder to flag than a card-not-present attempt from an unknown device.

The most common payment fraud methods reflect this shift to account targeting. Points and rewards programs saw the highest fraud attempt rate at 5.2%. Financing was at 4.3%, cryptocurrency at 4.2%, and digital wallets at 3.8%. All these methods depend on account access, unlike card data.

Among the one in five consumers who reported experiencing account takeover in the past year, the breaches weren’t confined to any single account type. Social media and banking or financial accounts were the most frequently compromised, each cited by 46% of affected consumers. Food and grocery delivery accounts were hit by 21%, followed by subscriptions (18%) and rideshare (15%). The breadth of that list indicates that account takeover isn’t a problem isolated to financial platforms. Fraudsters are targeting wherever stored value, saved payment methods, or personal data exists.

The Authentication Gap

For businesses looking to get ahead of the increase in account takeover attempts, the good news is that consumers are more aware of fraud than before, and more receptive to changes that can safeguard their accounts. Ninety-three percent of consumers say they are willing to accept extra verification steps during login or checkout when it helps reduce fraud risk. 72% are already taking extra security steps across most of their accounts, and 42% describe themselves as extremely or very worried about fraud.

Despite near-universal openness to stronger security, two-factor authentication (2FA) adoption across websites and apps ranged from just 2.93% to 3.79% in 2025. Given the low adoption despite consumer interest, there is significant opportunity to strengthen security measures without risking customer attrition.

What’s at Stake for Businesses

The financial consequences of fraud are well documented, but the behavioral consequences deserve equal attention. Fifty-two percent of consumers say they would stop using a platform entirely after experiencing fraud, while 37% say their decision depends on how the company responds, meaning the majority of the outcome is still within a business’s control, but only if the response is swift and substantive.

Consumer expectations about who bears responsibility for preventing fraud have also shifted. Banks and card issuers are still seen as the primary line of defense (52%), but websites and apps are essentially tied (51%), followed by consumers themselves (47%) and payment service providers (45%). Merchants can no longer position themselves as neutral parties in the fraud ecosystem.

“The investment merchants have made in transaction-level defenses is showing up in the data—payment fraud rates held steady even as transaction volume grew significantly,” says Kevin Lee, Field CTO at Sift. “But that success has pushed fraud upstream. Account takeover is where the pressure is now, and it requires a different kind of response than checkout monitoring alone.”

For fraud and trust teams, the data points toward a clear priority shift: benchmark account takeover and payment fraud attempt rates together, since fraud often unfolds at multiple stages of the customer journey. Furthermore, recognize that customers are willing partners in security if organizations actually ask them to be.

For more insights into the latest fraud trends, read Sift’s Q1 2026 Digital Trust Index: The State of Payment Fraud and Account Takeover.

*In 2025, Sift tracked payment fraud attack rates at 3.29% in Q1, 3.21% in Q2, 3.18% in Q3, and 3.34% in Q4, illustrating relatively stable rates throughout the year.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research