Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Account takeover and payment fraud: what changed for trust teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Payment fraud attempt rates held around 3.25% in 2025 while transaction volume across the Sift Global Data Network grew 18%, but account takeover incidents rose, with 21% of consumers reporting one and login block rates peaking at 1.8% in Q1, according to Sift. The control problem has shifted upstream: account access now drives the fraud blast radius, not checkout monitoring alone.

NHIMG editorial — based on content published by Sift: The fraud landscape has shifted, but not where you’d expect

By the numbers:

Questions worth separating out

Q: What breaks when account takeover controls are too focused on checkout fraud?

A: Teams lose visibility into the earlier stages of abuse, where attackers use legitimate login access to reach stored payment methods, recovery options, and loyalty value.

Q: Why does account takeover complicate fraud prevention for identity teams?

A: Because the attacker is operating through an apparently valid identity, which makes the session look normal while the intent is malicious.

Q: How do security teams know whether ATO controls are actually working?

A: Look for fewer successful takeovers, lower recovery abuse, and earlier challenge outcomes at high-risk events such as device change, payment updates, and credential resets.

Practitioner guidance

  • Benchmark account takeover alongside payment fraud Track ATO rates, login block rates, recovery abuse, and checkout fraud together so the business can see where the attack shifts upstream.
  • Harden account recovery as a fraud control Review password reset, email change, MFA reset, and help-desk verification paths for abuse resistance.
  • Add behavioural signals to identity decisions Use device reputation, session drift, velocity, and unusual redemption patterns to identify trusted-account abuse before the final transaction.

What's in the full report

Sift's full post covers the operational detail this post intentionally leaves for the source:

  • Quarter-by-quarter fraud attempt trends that show how the attack pattern changed across 2025
  • Breakdowns by account type, including social media, banking, delivery, subscriptions, and rideshare
  • Consumer response data on willingness to accept stronger verification and what that means for adoption
  • The article's own interpretation of how merchants should rebalance transaction and account-level defenses

👉 Read Sift’s analysis of account takeover and payment fraud in 2025 →

Account takeover and payment fraud: what changed for trust teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Account takeover is now the more important identity-fraud boundary than checkout fraud. Sift’s data shows payment fraud staying flat while ATO rises, which means the control problem has moved upstream into authentication, recovery, and account trust. Merchants and digital platforms that still optimise only the transaction step are defending too late. Practitioners should treat account access as the primary fraud surface.

A question worth separating out:

Q: Who is accountable when account takeover leads to fraud losses?

A: Accountability usually sits across fraud, identity, product, and customer operations because the failure often spans login, recovery, and monetisation paths. Frameworks such as NIST CSF and identity assurance practices make that shared ownership clearer, especially where customer trust and regulated payments intersect.

👉 Read our full editorial: Account takeover is now the key fraud attack surface in 2025



   
ReplyQuote
Share: