Sift has reported that account takeover attempts surged in 2025 even as payment fraud rates remained broadly stable across its network.
Transaction volume across Sift's network grew 18% last year, yet payment fraud attempt rates remained at around 3.25%, a sign that transaction-level monitoring and controls have improved in step with volume. However, this apparent stability at the checkout layer obscures a different pattern: fraud pressure has shifted earlier in the customer journey, targeting accounts rather than individual payment methods.
Accounts replace payment methods as the primary attack surface
Account takeover (ATO) attack rates surged in early 2025 before moderating later in the year, with login block rates peaking at 1.8% of all login attempts in the first quarter. Moreover, one in five consumers reported experiencing an ATO incident during the year.
The logic behind this shift is straightforward. A compromised account provides fraudsters with access to stored payment methods, loyalty point balances, and purchase history, while transactions originating from a recognised account are considerably harder to flag than card-not-present attempts from unknown devices.
Payment methods that depend on account access recorded the highest fraud attempt rates: points and rewards programmes at 5.2%, financing at 4.3%, cryptocurrency at 4.2%, and digital wallets at 3.8%. Social media accounts and banking or financial accounts were the most frequently compromised, each cited by 46% of consumers who reported an ATO incident. Food and grocery delivery platforms, subscription services, and rideshare accounts were also affected, indicating that fraudsters are targeting any account that holds stored value, saved payment credentials, or personal data.
Consumer receptiveness outpaces business adoption of stronger controls
The data points to a gap between consumer willingness to accept stronger authentication and actual deployment by businesses. 93% of consumers said they were willing to accept additional verification steps during login or checkout when these help reduce fraud risk, and 72% reported already taking extra security measures across most of their accounts. However, two-factor authentication (2FA) adoption across websites and apps ranged from just 2.93% to 3.79% in 2025, suggesting that the opportunity to strengthen account security without risking customer attrition remains largely unrealised.
Consumer expectations around fraud responsibility have also shifted. Banks and card issuers are still seen as the primary line of defence by 52% of respondents, but websites and apps are essentially tied at 51%, followed by consumers themselves at 47% and payment service providers at 45%. This distribution indicates that merchants can no longer treat fraud prevention as the exclusive domain of financial institutions.
The behavioural consequences of fraud underline the stakes further. 52% of consumers said they would stop using a platform entirely after experiencing fraud, while 37% said their response would depend on how the company reacted, meaning the quality of the business's response remains a decisive factor in customer retention.
For fraud and trust teams, Sift's analysis points to a clear priority shift: monitoring account takeover and payment fraud attempt rates together, recognising that fraud frequently unfolds across multiple stages of the customer journey, and treating consumers as willing participants in security when actively engaged.
