Black Friday and Cyber Monday 2025 delivered record consumer demand and, predictably, record risk. An estimated 202.9 million U.S. shoppers participated across the five-day holiday stretch, with U.S. Black Friday e-commerce sales reaching $11.8 billion and global spending climbing to $79 billion. As expected, fraud followed the money.
Across the Sift Global Data Network, transaction volume during BFCM rose 13.8% year-over-year compared to 2024. Overall account takeover (ATO) attack rates climbed 13.6% above 2025 year-to-date levels, increasing from 1.64% to 1.87%. While these attacks were blocked by Sift before resulting in chargebacks or losses, the year-over-year growth highlights how aggressively fraudsters exploited peak traffic as cover for scaled attacks.
High-Velocity Markets Remain Prime Targets
Convenience-driven markets remain especially exposed during peak periods. E-commerce, fintech, digital platforms, and travel all prioritize speed, automation, and low friction during seasonal surges. These same conditions create ideal cover for coordinated fraud campaigns targeting both accounts and transactions.
During BFCM 2025, digital commerce saw a 24% increase in ATO compared to 2025 year-to-date levels, rising from 1.35% to 1.67%. Finance and fintech followed with a 20% increase, from 0.49% to 0.58%. Internet and software platforms experienced a 7.7% rise, climbing from 1.55% to 1.67%. These increases show how automated login abuse continues to rise in direct correlation with revenue opportunity.
Travel and ticketing recorded some of the highest ATO rates across industries, increasing from 2.30% to 2.36% during BFCM 2025. While the percentage change was smaller than in other industries, the absolute risk remains elevated due to the high resale value and time-sensitive nature of inventory. Seasonal demand continues to intensify already challenging fraud conditions in this sector.
Fraud Economics Are Shifting
Across the Sift Global Data Network, the average value of attempted fraudulent transactions fell 16% overall during BFCM 2025, declining from $138 to $116. This trend reflects widespread low-dollar testing behavior designed to evade detection while validating stolen credentials and payment methods.
However, digital commerce told a very different story. The average value of attempted fraudulent transactions across e-commerce surged 93%, jumping from $130 to $250. This sharp increase shows that fraudsters didn’t just follow volume; they doubled down on high-value retail transactions where the payoff was greatest and detection was masked by seasonal demand.
AI-Driven Scams and Shopping Agent Abuse Are Accelerating
BFCM 2025 also reflected the growing influence of generative AI on fraud tactics. Cybercriminals are now using AI to produce highly convincing phishing campaigns, fake storefronts, and impersonated brand experiences promoted through paid ads and manipulated search results on reputable sites. These scams replicate real brands with striking accuracy, harvesting credentials and payment details at scale before disappearing.
At the same time, consumer shopping behavior is shifting rapidly toward AI-driven discovery. Nearly half of consumers now use AI as a primary way to find products, with curated answers increasingly shaping purchases before brands ever interact with buyers directly. As agentic commerce accelerates toward a projected $1 trillion in U.S. retail revenue by 2030, new automated risk vectors are emerging, including bulk purchasing, inventory draining, and promotion abuse at scale. With automation on both sides of the transaction, attack velocity is accelerating during peak shopping events.
What This Means for 2026
Holiday ATO surges historically lead to higher disputes in the following quarter as compromised accounts are monetized, only surfacing on billing statements weeks later. With elevated ATO across commerce and fintech during BFCM 2025, businesses should prepare for sustained chargeback pressure entering early 2026.
Actionable priorities for risk and payments teams include:
- Automate risk decisions at scale. Transaction surges make manual review unsustainable. Instead of broadly lowering thresholds and increasing exposure, use machine learning and automated workflows to adapt dynamically to shifting risk. Automation allows teams to block suspicious activity in real time while preserving approval rates for trusted customers.
- Proactively shut down account takeovers. Protecting accounts during peak traffic is essential to long-term customer trust. Use real-time signals to verify suspicious logins and immediately trigger automated security notifications that alert customers to unusual activity without interrupting their experience.
- Apply step-up authentication when needed. For higher-risk events—such as attempts to change account details, add new payment methods, or transact at high value—use step-up authentication to confirm the activity before the action proceeds. This helps contain ATO attempts beyond login while applying friction only when risk warrants it.
- Prioritize post-purchase experience to reduce downstream risk. Extended promotions, returns, and shipping delays increase dispute exposure. Clear policies, easy refunds, and proactive customer service during the holidays reduce the likelihood that customers escalate directly to chargebacks later.
- Maximize analyst efficiency during peak review periods. Seasonal spikes routinely overload fraud teams. Use automated acceptance and blocking thresholds to reserve manual review for truly ambiguous cases, improving both speed and accuracy under pressure.
- Establish clear escalation paths before attacks hit. Large-scale fraud events require fast cross-functional response. Define escalation protocols across risk, engineering, and operations ahead of time, and assess system vulnerabilities before code freezes lock in limited flexibility.
- Prepare now for chargeback season. The first quarter consistently brings elevated disputes tied to holiday fraud and buyer behavior. Clear return and cancellation policies help reduce losses from first-party misuse and unwinnable disputes.
Adaptive Fraud Prevention for Seasonal Volatility
Seasonal demand now brings seasonal attack cycles. Managing that volatility requires connected, adaptive fraud prevention. Sift combines global machine learning, device intelligence, and behavioral signals to stop automated abuse and high-impact fraud at scale.
With innovations like Sift’s RiskWatch, businesses can adjust block rates dynamically in real time as fraud patterns shift, maintaining strong protection during surge events like Black Friday without adding unnecessary friction.
As organizations move into 2026, the ability to block automated abuse, high-value attacks, and AI-driven scams at scale will separate those that grow confidently from those that fall behind.Explore more industry benchmarks through FIBR, the Fraud Industry Benchmarking Resource, the first-ever fraud benchmarking tool that lets you compare your business’s fraud rates to industry averages across our vast global data network.
