TL;DR: A stable 3.1% payment fraud rate, a 21% drop in manual review to 2.2%, a 110% surge in cryptocurrency fraud, and a 55% decline in account takeovers as 2FA adoption rose 10% are reported in Q3 2025 Fraud Industry Benchmarking Resource, according to Sift. The operational lesson is that fraud teams are shifting from broad review toward sharper identity and behavioral controls.
NHIMG editorial — based on content published by Sift: New Q3 2025 Data Available in Sift’s Fraud Industry Benchmarking Resource (FIBR)
By the numbers:
- The payment fraud attack rate remained stable at 3.1% overall, with a 6% year-over-year decline.
- Manual review rate dropped 21% year-over-year to 2.2% in Q3 2025.
- Account takeovers declined 55% year-over-year, supported by a 10% increase in 2FA adoption.
Questions worth separating out
Q: What breaks when fraud controls are too broad across different payment channels?
A: Broad fraud controls miss the fact that card, crypto, marketplace, and subscription payments behave differently.
Q: Why do stronger authentication controls reduce account takeover risk?
A: Stronger authentication increases the effort required to reuse stolen credentials and forces attackers toward more expensive techniques such as device compromise or token theft.
Q: How do teams know if manual review is still adding value?
A: Manual review adds value when it catches high-impact edge cases that automation cannot reliably classify.
Practitioner guidance
- Segment fraud by channel and payment method Separate card, crypto, marketplace, and recurring payment flows so that thresholds reflect different abuse patterns and dispute dynamics.
- Use 2FA coverage as an operational control metric Track 2FA adoption alongside account takeover trends, recovery friction, and support contacts.
- Harden verification for high-risk payment methods Require stronger identity proofing, step-up verification, or behavioural checks for payment types with disproportionate fraud, especially emerging rails where controls are still maturing.
What's in the full report
Sift's full post covers the operational detail this analysis intentionally leaves for the source:
- Quarter-by-quarter benchmark breakdowns by payment type, including the crypto and card mix behind the headline fraud rates.
- Industry-specific movement in digital commerce, marketplaces, travel, and food delivery that helps teams tune controls by segment.
- Chargeback and dispute context that explains why some rises are not straightforward fraud signals.
- Console and customer-community access paths for users who need the fuller benchmark dataset and in-product metrics.
👉 Read Sift's Q3 2025 fraud benchmarking update for payment, chargeback, and ATO trends →
Fraud benchmarking in q3 2025: what changed for teams?
Explore further
Fraud benchmarking is becoming an identity governance problem, not just a trust and safety problem. The article shows that account takeover, 2FA adoption, and identity signal quality are now central to fraud outcomes. That means identity teams should treat fraud data as governance data, because the quality of authentication and behavioural assurance directly changes loss rates and review load.
A question worth separating out:
Q: Who is accountable when fraud shifts into emerging payment methods?
A: Accountability sits with the teams that own fraud strategy, identity assurance, customer experience, and payment risk. Emerging methods need explicit ownership because they often outpace existing controls and dispute processes. Governance should define who can approve risk thresholds, who monitors loss patterns, and who escalates control gaps when a new rail becomes material.
👉 Read our full editorial: Fraud benchmarks show crypto risk surging while ATO falls