Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Black Friday ATO and fraud spikes: what should teams change?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Black Friday and Cyber Monday 2025 drove a 13.6% jump in account takeover attack rates across Sift's Global Data Network, with digital commerce seeing ATO rise from 1.35% to 1.67% and e-commerce fraudulent attempt values surging 93% to $250, according to Sift. Peak-season fraud now behaves like a scaled identity abuse problem, not a holiday nuisance.

NHIMG editorial — based on content published by Sift: Black Friday 2025 Fraud Trends, ATO Surges, High-Value Attacks, and What to Expect in 2026

By the numbers:

Questions worth separating out

Q: What breaks when account takeover controls are too focused on checkout fraud?

A: Teams lose visibility into the earlier stages of abuse, where attackers use legitimate login access to reach stored payment methods, recovery options, and loyalty value.

Q: Why do high-volume commerce periods increase fraud risk even when sales controls are strong?

A: High-volume commerce periods increase fraud risk because legitimate traffic creates noise that hides abuse.

Q: How do security teams know whether ATO controls are actually working?

A: Effective ATO controls reduce successful abuse across recovery, step-up, and session channels, not only failed logins.

Practitioner guidance

  • Tune ATO policies for peak-season traffic Adjust authentication thresholds, velocity rules, and device reputation scoring before seasonal surges begin so that trusted customers keep moving while suspicious sessions receive step-up checks.
  • Separate login risk from transaction risk Apply different control decisions to login, account-change, and high-value purchase events so that a clean sign-in does not automatically green-light a risky transaction.
  • Harden account recovery and profile-change flows Require stronger verification for password resets, email changes, payout edits, and new payment methods because attackers often monetise accounts after the initial login compromise.

What's in the full article

Sift's full post covers the operational detail this post intentionally leaves for the source:

  • Sector-by-sector ATO rate comparisons across digital commerce, fintech, internet software, and travel.
  • Detailed discussion of how attempted fraud values shifted from low-dollar testing to high-value retail attacks.
  • Recommended controls for step-up authentication, automated blocking thresholds, and escalation paths during peak traffic.
  • The article's view of how AI-driven scams and agentic commerce may shape 2026 fraud patterns.

👉 Read Sift's analysis of Black Friday ATO surges and 2026 fraud trends →

Black Friday ATO and fraud spikes: what should teams change?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Peak-season fraud is an identity abuse problem disguised as a commerce trend. The article shows that attackers do not need to defeat the whole control stack when they can ride seasonal volume, noisy signals, and relaxed user expectations. That makes account takeover a governance issue spanning authentication, account recovery, and transaction policy. The practitioner conclusion is that fraud controls must be designed as identity controls, not just payment controls.

A question worth separating out:

Q: Who is accountable when fraud depends on both identity abuse and payment misuse?

A: Accountability should be shared across IAM, fraud, customer operations, and payments because the control failure spans more than one team. IAM owns authentication and recovery, fraud owns transaction decisions, and operations owns customer-facing remediation. That shared model prevents gaps where each team assumes another layer will stop the attack.

👉 Read our full editorial: Black Friday ATO surges show fraud is scaling with peak traffic



   
ReplyQuote
Share: