The traditional fraud equation has broken. Fewer attack attempts no longer mean lower losses. Q2 2026 benchmarks reveal attackers have shifted from volume tactics to precision targeting of high-value accounts. Fewer transactions reach your systems, but each one costs more when it lands. Sift’s Fraud Industry Benchmarking Resource shows this shift clearly across all major verticals: fraud is becoming more selective, more efficient, and harder to detect.
This creates a problem for fraud teams measuring success by block rates. Attack rates are down. Manual review workload is lighter. Yet disputes are climbing faster than overall fraud metrics would predict, and certain industries are seeing unexpected surges. Attackers have moved from quantity to quality, targeting high-value accounts with methodical approaches that pay off reliably.
The Attack Volume Paradox
Across the Sift Global Data Network in Q2 2026 compared to Q1:
- Payment fraud bypass rate held steady at 2.8% (essentially flat QoQ, down 14% year-over-year from Q2 2025)
- Manual review rate declined 13.5% to 2.1% from 2.4% in Q1
- Account takeover attempts declined to 0.88% in Q2 from 0.95% in Q1 (7% quarterly improvement)
- Overall chargeback rate rose 19% to 0.31% from 0.26% in Q1
- Fraudulent chargebacks climbed 75.6% to 0.18% from 0.10% in Q1 (up 80% year-over-year)
Fewer attacks, substantially higher cost when they land. Attackers are no longer solely relying on stolen card numbers and card testing. Instead, they target established accounts with purchase history and trusted payment methods. When compromised, fraudulent transactions look normal: same customer, same behavioral patterns, same payment method. They bypass detection rules because they don’t trigger typical fraud signals. Settlement completes before the account holder discovers the unauthorized activity and disputes it weeks later.
For fraud teams, the calculus has changed. A lower attack rate does not automatically mean lower losses. Efficiency improvements in automation can coincide with rising disputes if thresholds prioritize speed over loss prevention.
Industry Divergence: Where Fraud is Concentrating
Q2 shows fraud pressure shifting by vertical. Payment fraud attack rates in Internet and Software jumped to 3.8% in Q2 from 2.72% in Q1, a 39% quarterly increase (up 40% year-over-year from Q2 2025). This acceleration is driven by subscription models where account compromise enables recurring theft across multiple billing cycles. When stored credentials are exploited, attackers maintain access rather than execute single transactions, making detection harder and total value extracted per compromise higher.
The Online Gambling payment fraud attack rate also accelerated sharply, rising from 0.39% in Q1 to 0.58% in Q2 (47% quarterly spike, up 8x year-over-year from 0.07% in Q2 2025). High-value transactions and immediate redemption make these environments attractive targets. Fraudulent chargebacks remained extremely low (0.00005% in Q2), likely because regulatory frameworks prevent certain chargebacks rather than because fraud prevention is superior.
In contrast, the payment fraud attack rate across Digital Commerce improved to 1.5% in Q2 from 1.7% in Q1 (12% quarterly improvement), and Finance and Fintech held steady at 2.4% with strong 2FA adoption (11.5% in Q2, up from 9.2% a year ago), reflecting regulatory pressure and the criticality of account security when accounts control direct fund access.
These variations reflect structural differences in how money moves and settles. A fraud rate that appears high in isolation may be typical for high-volume environments. A seemingly low rate could signal under-detection in contexts where fraud is easier to hide.
When Efficiency Gains Hide Emerging Risk
Manual review rates declined 16% to 2.1% in Q2 from 2.5% in Q1 (down 30% year-over-year from 3.0% in Q2 2025), reflecting genuine automation progress. However, the pattern suggests caution: declining review volume paired with rising chargebacks indicates that at least some efficiency gains came from approving riskier transactions rather than blocking them better.
Precise decisioning that approves more legitimate transactions improves customer experience. But it requires continuous recalibration. When attackers shift tactics in weeks or months, thresholds optimized for yesterday’s attack patterns allow today’s sophisticated fraudsters through. Benchmarking helps teams distinguish between healthy efficiency (faster decisions on obvious fraud) and dangerous efficiency (faster approvals of ambiguous cases).
ATO and Chargebacks: Cost Signals
Account takeover attempts declined to 0.88% in Q2 from 0.95% in Q1 (7% quarterly improvement, down 28% year-over-year from 1.23% in Q2 2025), continuing improvement trends. But declining attempt rates paired with rising cost per attack means attackers are becoming more selective, targeting higher-value accounts. Finance and Fintech shows highest 2FA adoption at 11.5% in Q2 (up 2.3 percentage points YoY), while Digital Commerce lags at 1.8% in Q2 (up only 0.1 points YoY), representing an opportunity for outsized fraud reduction through modest authentication improvements.
Fraudulent chargebacks climbed 75.6% quarter-over-quarter to 0.18% in Q2 (from 0.10% in Q1), with an 80% year-over-year increase. Chargebacks often represent older attacks surfacing weeks after compromise, a detection lag that makes transaction-level metrics misleading. Your fraud block rate may look healthy in the near term. But the real cost accumulates downstream: disputes take weeks to surface, and customer trust erodes before teams can react. Among consumers who experienced fraudulent charges, only 28% continued using the platform without hesitation. Twenty-seven percent stopped using it permanently. For fraud teams, this invisible churn often outweighs the direct chargeback cost.
What This Means for Q3 2026
Q2 shows that attack volume stability can coincide with rising cost per attack and accelerating disputes. This signals a transition phase where attackers are refining tactics and defenses are catching up.
Three Q2 signals suggest a need for increased vigilance heading into Q3:
First, chargebacks are rising faster than fraud metrics predict, indicating monetization is succeeding despite lower attack volume. Second, specific verticals (Internet and Software, Online Gambling) show sudden acceleration, suggesting attackers are concentrating in high-payoff areas. Third, manual review efficiency is reducing analyst workload, which is positive only if automation has kept pace with threat evolution.
Teams that recalibrate decision thresholds, increase ATO scrutiny in high-value verticals, and strengthen authentication where adoption remains low will be better positioned for shifts ahead.
Using FIBR to Inform Your Strategy
The most effective fraud teams use benchmarks as starting points for investigation, not conclusions. Your fraud rate below industry average can still represent unacceptable loss if margin structure cannot absorb dispute costs. Conversely, a rate above benchmark may be manageable if customer lifetime value supports it.
Key questions for Q2 2026:
- Are chargebacks rising faster than block rate improvements would predict?
- Is manual review declining while risk calibration has not kept pace?
- How does your ATO rate compare to verticals with highest 2FA adoption?
- Are fraud controls optimized for transaction volume or cost-per-attack?
- In high-value transaction types, is bypass rate in line with industry benchmarks?
- Are you on-budget for your end-of-year target?





