The 2025 Veriff Identity Fraud Report, our annual investigation into online fraud, has thrown out some startling findings for payments providers.
Drawn from deep analysis of our customer data and our field research over the last 12 months, this report, which you can download here, is our most comprehensive yet and covers more industries, regions, fraud types, and use cases than ever before.
With so much data at our disposal – our AI-powered engines and fraud teams mitigate thousands of attempts to infiltrate our customers’ systems daily – there are numerous narratives to discuss here. But, no matter whether we break things down by geographic region, industry, or fraud type, the main story is predictably and sadly familiar: online fraud is on the rise.
Our main takeaway is that online fraud increased by 21% year-on-year since our 2024 report.
Here are some more key takeaways:
Financial services, where there are the richest pickings for fraudsters, remains one of the industries most likely to be targeted by fraudulent attacks. Authorized fraud – where a user is tricked into performing an identity verification session – is orders of magnitude more prevalent for banks, crypto platforms, payments providers, and other fintech platforms, coming in at more than double the global average.
Unfortunately, what we call the net fraud rate – the sum of all types of fraud combined – remains high. According to our data, 5% of all verification attempts we encountered in 2024 were fraudulent. Moreover, in certain financial services’ sub-verticals, such as crypto platforms and payments platforms, the average amount of net fraud (all types of fraud combined) has been nearly 2x higher than the global mean – reaching as high a value as 13.4%.
Account takeover, where cybercriminals take ownership of online accounts using stolen passwords and usernames, and multi-accounting, the practice of opening multiple accounts to take advantage of promotions or playing bonuses, both saw a huge surge in 2024. Account takeover cases increased by 13% compared to 2023, and multi-accounting saw a 10% year-on-year increase.
Impersonation fraud amounted to more than 82% of all the fraudulent attempts we saw this year. 16% of all fraud cases in 2023 involved people presenting altered, counterfeit, and fabricated documents, which was similar to last year. However, there was also a startling rise of adversary-in-the-middle attacks, a type of cyberattack where cybercriminals intercept, relay, or alter the communication between two parties without their knowledge while giving the impression of direct communication. These attacks went up 46% compared to 2023 and are a type of fraud tactic used with particular effect against payment platforms.
For more data, insight and tips on how to fight online fraud, download the full report.
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
