The fraud landscape shifted throughout 2025, putting more pressure than ever on traditional tools and the businesses who use them. What were once isolated attacks have evolved into industrialized schemes powered by AI. Attacks that used to take weeks of setup and loads of technical knowledge can now be crafted in a matter of minutes. In response, businesses poured resources into prevention, but losses continued to climb.
As we move into 2026, fraud is faster, smarter and more adaptive than ever. Every gap in businesses’ fraud stacks is an opportunity for fraudsters to strike. Let’s break down three trends that will shape the fraud landscape this year — and what I’ll be watching as businesses fight to stay ahead.
1. The continued rise of the ATO industry
Account takeover fraud takes many forms, but, over the last year, I’ve watched a specific form of coordinated campaigns grow more prominent and powerful. These attacks are driven by fraud rings, and they all follow a similar pattern: attacks are executed seemingly in stages, with fraud ring members occupying specific roles and responsibilities to test and monetize successful ATOs. Even smaller attacks embody the coordination and playbook-style execution of large fraud rings (grab our latest report to see one such attack in action).
It makes sense why fraud rings are gravitating towards ATO. The ROI is eye-popping: valid credentials sell for as little as $30 on the dark web, and OTP relay services for MFA bypass cost as little as $15 per attempt; meanwhile, businesses I’ve spoken with say a successful ATO can net fraudsters around $300 or more. At most, that’s a 10x return — a compelling enough profit for fraudsters to reinvest in advancing their tools, stealing data and creating new attack strategies.
For businesses, the financial impact is staggering: $16B in ATO losses in 2024, with attacks growing 24% year-over-year. Each incident now averages $6,232, and victims spend nearly 10 hours recovering their compromised accounts.
What I’ll Be Watching: The rise of the individual ATO fraudster. Fraud rings profit from another line of business: the creation and dark web distribution of “playbooks” that walk purchasers through the steps of a successful ATO attack. These playbooks — which retail for as low as $50 — are tailored to specific targets, and sometimes even include the compromised data and tools needed to bypass login defenses. They make attacks accessible to and replicable by individual fraudsters, putting the power of a large ring in the hands of an individual attacker.
2. Vulnerabilities in OTP — and fraudsters’ ability to exploit them
One-time passcodes (OTPs) have long been considered a gold standard form of multi-factor authentication. Consumers are familiar with and trust them, leading businesses to rely on OTPs as a way to both build trust with customers and protect accounts.
But fraudsters have grown increasingly capable of exploiting that trust in a number of ways. MFA fatigue attacks bombard users with push notifications until they approve one out of confusion frustration. In social engineering scams, fraudsters trick users into sharing MFA codes. Fraudsters have even found ways to bypass OTPs without relying on the account owner’s missteps: reverse proxies, malware and phishing kits allow attackers to hijack sessions and intercept tokens, granting full access to accounts.
As a result, scams are growing more effective — and OTPs less secure. Success rates for phishing and impersonation attacks have jumped 29%, driven by AI-generated content, while social engineering attacks surged 66.8% over two years.
What I’ll Be Watching: Scams are only growing more sophisticated and convincing; expecting otherwise would be a costly mistake. For me, the more compelling question is: how will fraud leaders respond?
There are two paths I expect to see businesses take. One doubles down on friction with an extremely hands-on approach: manual reviews of transactions, heavy-handed step up authentication and other steps that slow transactions in the hopes of stopping fraudsters. The other is better suited for today’s digital world: frictionless risk assessments, real-time decisioning and continuous, passive detection of scams and high-risk behavior. The former approach will frustrate consumers and drive them away towards businesses who adopt the ladder.
3. Consumer dissatisfaction and distrust of businesses’ fraud protection
Consumers aren’t confident in their security online — 57% say they’re concerned about their online activity, and only 13% feel fully secure interacting with new brands. Yet friction from fraud checks remains a point of frustration, one that’s often make-or-break in retaining customers. 1 in 4 consumers abandon new account openings due to excessive friction in onboarding experiences. In retail, 43% of shoppers prefer guest checkout, and 72% use it even when they have an account because it’s faster and simpler.
What I’ll Be Watching: I’ll be keeping an eye on how businesses adapt their fraud stacks to meet consumers’ preferences. The key will be delivering security without sacrificing seamless UX. It will be telling to see how quickly orchestration platforms replace siloed fraud stacks and whether consumer trust rebounds as fraud defenses become more invisible and adaptive.
Bringing your fraud prevention strategy into 2026
In 2026, attackers will innovate faster than ever, leveraging automation, AI and social engineering to exploit every weakness in traditional defenses. Businesses that cling to static tools and siloed strategies will find themselves outpaced and outmaneuvered.
The path forward is clear: embrace dynamic tools like behavioral analytics, unify signals through orchestration and deliver security that works invisibly in the background. The organizations that succeed will be those that earn trust without adding friction — turning fraud prevention into a competitive advantage rather than a customer pain point.
If you’re ready to talk about the future of fraud prevention for your business, schedule a call with our experts.
