State of Fraud 2025: The Need for Speed
Over the last two weeks, my colleagues have broken down two of the biggest fraud challenges facing businesses today: the increasing financial impact of fraud, and the growing trust gap between consumers and businesses.
Now, I’ll cover one more challenge: friction. This isn’t new; businesses have always been searching for the best ways to get customers through the door faster. But in the digital world, where opportunistic fraudsters are always on the lookout for vulnerabilities to exploit, what’s the right balance between making life easy for customers and hard for fraudsters?
It feels like an easy goal to strive for, but businesses are still struggling to find the right mix. Let’s talk about why it’s so difficult, and what businesses can do to accomplish it.
The challenge: Excessive friction turning customers away
Like we mentioned at the onset of this series, security and growth aren’t contradictory. But leaning too far in one direction can certainly compromise the other. Our first two posts covered the impact of leaning too far towards expansion, and why removing fraud controls in the name of reduced friction was an invitation for fraudsters to strike. But what happens when businesses gravitate too far towards friction in the name of fraud prevention?
First, it’s important to note that a little bit of friction can be a good thing. Consumers want to feel protected, and low-friction touchpoints help convey that you have tools in place to keep them safe. But there’s a point where it goes too far: 40% of consumers considered abandoning an account opening due to friction, with 25% following through by choosing a competitor. In ecommerce, consumers have drawn a clear line: checkout should take four minutes or less, and over half say they’ll abandon their cart if asked to re-enter payment or shipping details.
The Driving Force: Static responses and inflexible solutions
Many businesses’ fraud stacks funnel users through one-size-fits all flows. That means every user is subjected to the same checks, regardless of it they’re a fraudster or not. If those checks rely on a user input that’s easy to mess up — a KBA question, challenge-response authentication, or even an MFA code — customers can get very frustrated very quickly.
The impact is twofold. First, genuine customers are being asked to provide information they don’t want to, and it’s making them hesitate to move forward. If you ask for something more intense like a document verification or selfie upload, distrust alone may be enough for the consumer to take their business elsewhere. Second, the fraud stack is predictable for fraudsters. They know what checks they’ll encounter and when, making what looks like a fortified fraud defense ultimately backfire.
The Solution: Progressive friction, real-time detection (and multi-layered defense)
If a customer is just creating an account to explore what services your business provides, there’s no need to force them through a full KYC process. Start light, and as the consumer asks for more from your business, you can ask for more information.
Login is a great example. Most businesses I talk to are rightfully hesitant to block or step-up users when logging in, even if there are risky red flags flying. But when those users go to access or change personal information or complete a transaction, businesses will route them through a step up or outright decline them based on the risk they exhibited earlier. The same principle can apply at other stages in the customer journey
But, again, there’s a disconnect between what businesses know and what consumers experience. This is another area where a dynamic, multi-layered approach helps. For example: consumers really like passwords. They’re familiar, they feel secure, and they’re a tangible, low-friction security method. But businesses know that passwords are frequently compromised, and relying solely on credentials isn’t enough. You can meet in the middle by offering a multi-layered approach, where a consumer is still asked to interact with a traditional login form and enter their credentials, but behavioral, device, and network data are being passively collected to create a comprehensive view of the user and prevent account takeovers using compromised credentials.
We have one more overview in store. Next week, join us as we look at the fraud landscape around the globe, and the worldwide trends that foreshadow what’s to come in the U.S. in 2026.
As always, stay tuned in to our blog to be the first to know when the analysis is live. For more on what we’ve covered this month, read Experian’s 2025 U.S. Identity & Fraud Report.
