Menu
Member's Hub
Join us
Member sign in
Login

Adversary-in-the-middle fraud: A growing concern for payments providers in 2025

by Chris Hooper, global brand director, Veriff

Share this post

As AiTM fraud rises, businesses must adopt multi-layered security, biometric authentication, and user education to stay ahead of evolving threats.

Fraud is evolving at lightning speed, and businesses are constantly threatened. Impersonation attacks still reign supreme, but a new danger is on the rise—adversary-in-the-middle (AiTM) attacks. According to the Veriff Identity Fraud Report 2025, these sophisticated cyber threats have surged by 46% in just one year, targeting payments platforms in particular. As fraud becomes more complex, staying ahead of these tactics is more critical than ever.

What is adversary-in-the-middle (AiTM) fraud?

AiTM fraud occurs when attackers intercept communications to manipulate data, steal information, or gain unauthorised access. Common methods include ARP poisoning, email hijacking, wi-fi eavesdropping, session hijacking, IP spoofing, and DNS spoofing. These techniques exploit system vulnerabilities, emphasising the need for strong security measures to protect sensitive data.

AiTM attacks work by intercepting communication between a user and a legitimate service through phishing techniques. In an AiTM attack, the attacker typically sends a phishing email with a link that directs the victim to a fake login page (redirector or AiTM phishing page) designed to look like a legitimate service. When the victim enters their credentials, the attacker captures these details and may steal session cookies to bypass multifactor authentication (MFA). Using stolen session cookies, the attacker can authenticate themselves into the victim’s account, gaining unauthorised access to emails or other resources. This access is often exploited for malicious campaigns, such as reading sensitive emails, altering mailbox rules, or initiating business email compromise (BEC) schemes to target external recipients in the victim’s network.

As fraud detection and prevention technologies become more advanced, attackers adapt their tactics to exploit the weakest point in the security chain: the identity holder. Instead of directly targeting secure systems, fraudsters increasingly use sophisticated techniques like AiTM attacks to manipulate legitimate users into unwittingly facilitating malicious activities. Attackers can intercept data if a user authenticates into an application using an unsecured protocol like HTTP. 

Digital AiTM fraud: A rare but growing threat

Digital AiTM fraud, while relatively rare in the overall fraud picture, is gaining traction due to advances in phishing techniques and AI-driven attacks. These schemes typically involve:

  • Phishing emails: Crafted to trick users into sharing login credentials.
  • AI-generated messages: Mimicking legitimate communication to deceive users.
  • Malware: Intercepting communications between users and businesses to steal sensitive data or access accounts.
  • The goal of these attacks is often to exploit the trust between users and organisations, bypassing traditional security measures.

AiTM attacks pose a significant risk to online banking and financial institutions. Cybercriminals intercept transactions, alter payment details, and redirect funds to fraudulent accounts, leading to massive financial losses. For businesses, this results in customer trust erosion and regulatory scrutiny.

The UK picture

In the UK, AiTM fraud has seen a rise, particularly in sectors like fintech and payments, where compliance with strict regulations such as the FCA and PSD2 is mandatory. Fraudsters often exploit promotional offers and rewards, leveraging identity farming and multi-accounting. The UK’s emphasis on strong customer authentication under PSD2 provides a framework for combating such threats, but businesses must also adopt advanced measures like biometric authentication and end-to-end encryption to ensure compliance and security. Awareness campaigns and customer education remain vital, as the UK population heavily relies on digital channels for financial transactions.

How businesses can protect against AiTM fraud

AiTM attacks are stealthy and often undetectable by the targeted user, making preventive measures critical. Both users and application developers share responsibility for minimizing the risk of these attacks. Below are key strategies for safeguarding against AiTM attacks:

  • Enable two-factor authentication (2FA): Use 2FA on email accounts to prevent attackers from successfully authenticating, even if they obtain your credentials. The additional authentication layer, like a PIN, remains inaccessible to the attacker.
  • Monitor network traffic: Utilise traffic analytical tools to identify suspicious activity. These tools provide insights into device port and protocol usage, helping administrators detect potential threats.
  • Implement certificate pinning: Developers can use certificate pinning in mobile apps to whitelist trusted certificates, blocking attacker-controlled ones. This proactive measure protects the application against tampered communications.
  • Use a VPN on public wi-fi: Virtual private networks (VPNs) encrypt data, ensuring that intercepted information remains unreadable. VPNs also protect against weaker encryption protocols by employing their own algorithms.
  • Phishing awareness training: Educate employees to recognise phishing attempts, often precursors to AiTM attacks. Preventing employees from clicking malicious links or sharing credentials reduces the risk of malware installation.
  • Enhance email security: Employ email filters to quarantine phishing attempts and malicious attachments. This additional layer of protection helps administrators manage potential threats effectively.
  • Avoid unverified wi-di hotspots: Always verify the legitimacy of public wi-di networks. Malicious hotspots are often designed to mimic official sources and can expose users to interception risks.

Staying ahead of AiTM threats

Chris Hooper, global brand director, Veriff

To effectively combat this emerging threat, businesses should adopt a multi-layered security strategy that combines advanced authentication technologies, user education, and adherence to region-specific regulations.

Identity verification tools, such as biometric authentication and machine learning-driven fraud detection, can help strengthen defences against AiTM tactics by enhancing security and minimising risks. By proactively addressing evolving fraud challenges, organisations can protect their operations, maintain customer trust, and improve overall resilience against future threats.

Veriff-Symbol-Teal
Article by Veriff
Visit website

More To Explore

The Payments Association

St Clement’s House

27 Clements Lane

London EC4N 7AE

+44 20 3540 9760
 

© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.

Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.

PA@TheCity Non-Member Guest Policy

Follow us on

Back to main menu

Membership

Our members

Member benefits

Become a member

Merchant Community Membership

Our merchants

Join the merchant community

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.
Sign in
Become a member
Contact us
Careers
Youtube Spotify Twitter Linkedin

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Haven't set up an account yet?
Having trouble logging in?

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?

E-mail us