Sift sees ATO spike as fraud shifts from payments to identity

Global transaction volume rose sharply in 2025, but fraudsters shifted their focus from payments to user accounts, according to new data from Sift.

The company’s Global Data Network recorded an 18 percent increase in transaction volume last year, while payment fraud attempt rates held steady at roughly 3.25 percent. Sift says the stability reflects stronger checkout controls even as new payment methods expand the attack surface.

But the apparent calm at checkout masked a surge in account‑level attacks. Sift reports that 21 percent of consumers experienced an account takeover (ATO) in 2025. Login‑block rates peaked at 1.8 percent of all login attempts in the first quarter, indicating a shift in fraud strategy.

Once inside an account, attackers gain access to stored payment methods, loyalty points and purchase histories. These are assets harder to detect and easier to exploit than card‑not‑present transactions.

Fraud attempt rates were highest in points‑and‑rewards programs at 5.2 percent, followed by financing (4.3 percent), cryptocurrency (4.2 percent) and digital wallets (3.8 percent), all of which depend on account access.

Among consumers who reported an ATO incident, 46 percent said their social media accounts were compromised and an equal share cited banking or financial accounts. Food delivery, subscription and rideshare accounts were also affected, showing how ATO goes beyond financial platforms.

Despite rising concern, adoption of two‑factor authentication remained low. Sift found that 93 percent of consumers are willing to accept extra identity verification steps, yet 2FA usage across websites and apps ranged from just 2.93 to 3.79 percent in 2025. The company says this gap represents a major opportunity for businesses to strengthen security without driving users away.

The preference for security over speed is consistent with findings from Thales’ 2026 Digital Trust Index.

The impact of fraud leaves a worrying legacy as more than half of consumers surveyed said they would stop using a platform entirely after experiencing fraud, while 37 percent said their continued use would depend on how the company responds.

Responsibility for preventing fraud is also shifting: 52 percent of consumers view banks and card issuers as the primary line of defence, but 51 percent now place equal responsibility on websites and apps.

“The investment merchants have made in transaction‑level defenses is showing up in the data — payment fraud rates held steady even as transaction volume grew significantly,” said Kevin Lee, field CTO at Sift. “But that success has pushed fraud upstream. Account takeover is where the pressure is now, and it requires a different kind of response than checkout monitoring alone.”

Sift says fraud and trust teams should benchmark ATO and payment fraud attempt rates together, since attacks increasingly unfold across multiple stages of the customer journey. The company also notes that consumers are willing partners in security — if businesses take the step of asking them to be.

The report findings align with those from Cifas, which found that more than half of all fraud in the UK is related to identity and that ATOs are spiking.

Sift’s Q1 2026 Digital Trust Index: The State of Payment Fraud and Account Takeover report can be found here.

Article Topics

authentication  |  digital identity  |  digital payments  |  fraud  |  fraud prevention  |  Sift