TL;DR: Payment fraud attack rate fell from 3.3% to 2.8% and manual review dropped from 3% to 2.5%, while chargeback rate rose from 0.2% to 0.3% and fraudulent chargebacks edged up to 0.102%, according to Sift’s Q1 2026 benchmarking. The governance problem is no longer only volume reduction, but where losses concentrate when trusted accounts and payment flows are abused.
NHIMG editorial — based on content published by Sift: Are You Benchmarking Against the Right Threats? Q1 2026 Insights from Sift’s FIBR
By the numbers:
- The payment fraud attack rate decreased from 3.3% in Q1 2025 to 2.8% in Q1 2026, a 14% decline.
- The overall chargeback rate increased from 0.2% to 0.3%, a 56% increase.
- The manual review rate decreased from 3% to 2.5%, a 17% reduction in review volume.
Questions worth separating out
Q: What breaks when account takeover controls are too focused on login only?
A: Login-only controls miss the point where a compromised account becomes profitable.
Q: Why do trusted accounts create more fraud loss than obvious new attacks?
A: Trusted accounts already carry behavioural history, payment permissions, and user confidence, so malicious actions blend in more easily.
Q: How do security and fraud teams know if automation is hiding risk?
A: They should compare automation outcomes with chargeback trends, fraud rate by channel, and the mix of cases reaching manual review.
Practitioner guidance
- Recalibrate controls around loss concentration Track chargeback rate, fraudulent chargeback rate, and account takeover together so the programme sees when fewer attacks are becoming more expensive.
- Add step-up friction to post-login risk points Require stronger verification when a user adds a payment method, changes payout details, redeems stored value, or initiates a first-time high-risk purchase.
- Reassess manual review thresholds against outcomes Use review cohorts to test whether lower manual review volume is improving efficiency without allowing more disputes through.
What's in the full report
Sift's full post covers the operational detail this post intentionally leaves for the source:
- Segment-by-segment benchmark data across food delivery, software, gambling, fintech, and digital commerce.
- The specific relationship between manual review volume and downstream chargeback pressure.
- Examples of how payment type and account feature mix change attacker incentives.
- The underlying FIBR benchmarking context that supports peer comparison and operational tuning.
👉 Read Sift's Q1 2026 fraud benchmarking analysis →
Fraud concentration and account takeover: what teams need to know?
Explore further
Fraud concentration is the real governance signal: when attack volume falls but chargeback loss rises, the programme is no longer dealing with a simple volume problem. The control question becomes where adversaries are concentrating effort and which accounts generate the highest downstream value. Fraud operations, IAM, and risk teams should treat concentration as the leading indicator, not average attack rate.
A question worth separating out:
Q: Who is accountable when account takeover leads to payment fraud?
A: Accountability sits across fraud operations, IAM, and product owners because the failure is usually distributed. Authentication, lifecycle controls, and transaction decisioning each contribute to the final outcome. Governance works when those teams share a common view of risk and agree which controls must intervene before monetisation occurs.
👉 Read our full editorial: Fraud concentration is rising even as attack volumes fall