As consumers gear up for the busiest shopping season of the year, payment fraud is escalating both in speed and sophistication. Recent data from central banks, combined with Signicat’s latest study on identity fraud, indicate that while Strong Customer Authentication (SCA) has significantly reduced card fraud within the European Economic Area (EEA), criminals are increasingly exploiting other vulnerabilities across the payment ecosystem.

The European Central Bank (ECB) and European Banking Authority (EBA) report that fraud involving major payment instruments in the EEA reached €2.0 billion in the first half of 2023 alone. While SCA has successfully lowered the risk of card fraud for transactions subject to the regulation, attackers are shifting focus to less-protected areas of payments, highlighting the evolving threat landscape.

Identity Fraud on the Rise

Signicat’s 2025 report, The Battle in the Dark, produced with cybersecurity firm Red Goat Cyber Security, illustrates the practical impact of this shift. Across Europe, fraud prevention managers report:

• Around one in five onboarding processes is fraudulent.
• Identity fraud and its prevention impact 22% of annual revenue.
• 59% have seen an increase in successful identity fraud attempts over the past year.
• Despite these trends, 74% of respondents believe they are still winning the fight against fraud.

“Black Friday and the Christmas season are especially critical,” says Pinar Alpay, Chief Product Officer at Signicat. “High transaction volumes, instant customer expectations, and industrialized, AI-driven fraud tactics make these periods particularly challenging. Companies that treat digital identity as a strategic backbone, rather than an afterthought, are best equipped to mitigate these risks.”

Accelerated Transactions, Accelerated Fraud

The rise of instant payments, mobile wallets, and ‘buy now, pay later’ (BNPL) models has transformed the checkout experience. Transactions that once took minutes now happen in seconds—and during peak periods such as Black Friday, decision windows shrink even further, placing immense pressure on risk teams.

Fraudsters exploit this acceleration using automated scripts and AI-powered social engineering, scaling attacks in real time. The Signicat survey reveals that:

• 67% of respondents reported more fraud attempts in the past year.
• 54% experienced more successful fraud cases.
• Around 40% of attacks now target the transaction phase, not just onboarding.

Globally, e-commerce fraud is projected to rise sharply, with Juniper Research forecasting losses to jump from £44.3 billion in 2024 to £107 billion by 2029—a 141% increase.

Current Tactics and Emerging Threats

Fraudsters are combining traditional methods with sophisticated identity attacks. The most common current threats include:

• Account takeover (ATO): 36%
• Identity document falsification: 35%
• Social engineering: 32%

The fastest-growing threats are identity document falsification (33%) and social engineering (29%), which also carry the highest remediation costs (31% each). Digital identity systems and electronic identities (eIDs) are both a defensive tool and a prime target, with roughly a third of fraud attempts now directly targeting these technologies.

“Fake identity documents and social engineering reflect systemic weaknesses in onboarding and authentication processes,” explains Alpay. “Fraudsters have industrialized these attacks. Companies that fail to adapt are essentially financing fraud with their own margins.”

AI: A Double-Edged Sword

Artificial intelligence has become central to fraud operations. Deepfakes, synthetic identities, and highly personalized phishing campaigns are now standard tools. Signicat’s report notes:

• 73% of companies already use AI defensively.
• 71% believe attackers are leveraging AI against them.

This has created an arms race: 80% of companies say attackers shift tactics when blocked, exploiting weaker links in the value chain or switching channels.

Economic Impact and Preparedness

Identity fraud affects more than direct financial losses. Companies bear investigative costs, chargebacks, remediation measures, legal fees, and reputational damage. According to Signicat, the payments and fintech sector already allocates over 16% of annual revenue to fraud prevention; across all industries, this rises to 22%. Nearly a third of organizations cite weaknesses in partners or service providers as key fraud risks.

Peak shopping periods like Black Friday amplify these vulnerabilities. To mitigate risks, providers must assess where identity fraud causes revenue loss, identify high-risk customer journeys and partners, and modernize identity verification processes. Real-time integration of identity signals into payment risk mechanisms is critical to intercept suspicious behavior before transactions are approved.

Looking Ahead: EUDI Wallets

The eIDAS 2.0 framework introduces European digital identity wallets (EUDI wallets), which will allow secure cross-border identity verification by 2027. Esther Makaay, VP of Digital Identity at Signicat, notes: “EUDI wallets offer huge potential for secure payments and fraud prevention. But widespread adoption will take time. Businesses cannot wait for wallets to solve today’s fraud challenges.”

Companies should prepare now to operate as EUDI wallet relying parties, ensuring they can immediately leverage secure digital identities to reduce fraud and gain a competitive edge.