TL;DR: European merchants lose 2.8% of revenue to fraud and 3% of orders, while only 16% screen users during browsing or account creation, creating an early blind spot that helps synthetic identities and fake accounts progress unchecked, according to Sift’s analysis. The practical lesson is that fraud control now depends on earlier identity and behavioural signals, not just checkout-time review.
NHIMG editorial — based on content published by Sift: Fraud in Europe, key trends and mitigation strategies for 2025
By the numbers:
- 2.8% of revenue is lost to fraud across Europe, while fraud accounts for 3% of all orders.
- Only 16% of EU merchants currently screen users during the browsing or account-creation stages.
- 24% of European transaction screening., f European transaction screening.
Questions worth separating out
Q: How should retailers reduce account takeover risk across ecommerce and store operations?
A: Retailers should focus on the identity paths that unlock revenue-impacting actions, not only login events.
Q: Why do real-time payment scams create different controls than card fraud?
A: Real-time payment scams settle too quickly for slow review processes to work.
Q: What do security teams get wrong about refund abuse?
A: They often treat refund abuse as a customer service issue rather than an identity and policy problem.
Practitioner guidance
- Extend trust controls to account creation Score browsing, signup, and first-login activity so synthetic identities are challenged before they reach a payment or payout event.
- Tune step-up authentication to session risk Trigger step-up when the device, geography, or behaviour changes materially from the enrolled profile.
- Add recipient verification to payout workflows Validate beneficiary names, trusted profiles, and payout history before executing real-time transfers.
What's in the full article
Sift's full article covers the operational detail this post intentionally leaves for the source:
- The article breaks down mitigation steps for phishing, RTP fraud, refund abuse, friendly fraud, and card testing in practitioner terms.
- It explains how merchants can tune device, behavioural, and payment signals for fast decisioning at the point of risk.
- It summarises European regulatory and scheme changes affecting scam reimbursement, CoP, and SCA usage.
- It outlines the data-access priorities and automation goals that merchants are using to reduce manual review.
👉 Read Sift's analysis of European e-commerce fraud trends for 2025 →
European e-commerce fraud trends: what IAM and trust teams need?
Explore further
Journey-based fraud control is becoming an identity governance discipline. The article shows that fraud now begins before checkout, which means merchants must govern trust at registration, login, and payout as a single lifecycle. That is an identity problem as much as a fraud problem because the same customer, device, and session signals decide whether access should continue. Practitioners should treat early journey governance as part of identity risk management, not a separate fraud-only control plane.
A question worth separating out:
Q: Who is accountable when account takeover and synthetic identity fraud occur?
A: Accountability usually sits across fraud, IAM, security, and product teams because the failure spans onboarding, session trust, and action-level controls. In practice, the owner should be the team that can change the decision point where abuse becomes possible. Shared risk does not mean shared inaction.
👉 Read our full editorial: European e-commerce fraud is shifting to real-time payment abuse