Skip Navigation
Scroll Up

2025 Holiday Online Fraud Trends: What Every Merchant Should Know

Security
Merchant Payments

For merchants, the holiday season is typically a time for increased sales and revenue growth. And while the holidays bring great opportunities for businesses, they also bring increased risks. As consumers flock online to shop for deals, the volume of online transactions reaches its annual peak, and so do attempts at fraud. For merchants, understanding the latest trends in online fraud is critical to protect your customers, your reputation, and your bottom line during this time of year.

In 2025, online fraud is more complex than ever. It’s driven by automation, AI, agentic commerce, and evolving consumer behaviors. In this article, we break down what fraud trends you need to watch for and how you can stay ahead by taking precautions to protect your business.

Trend 1: Fraud Starts Earlier and Stays Later

Fraudsters are not waiting for Black Friday to attack. Cyber fraud tactics are now being deployed 10–14 days before major sales events around the holidays. Fraudsters plan their attacks when merchants are least prepared, in order to catch them off guard. Starting earlier in the holiday season gives attackers more time to test and refine their tactics, leading to higher rates of successful account takeovers and fraudulent transactions.

But remember – cyber fraud doesn’t stop at the end of December, it continues even after the holiday season is finished. January has a 78% higher fraud attack rate than the average monthly rate. It is important not to let your guard down after the holidays!

Impact for Merchants: Merchants may experience more chargebacks and lost revenue, as well as heightened reputational damage if customers lose trust before peak shopping events even begin.

Trend 2: Account Takeover (ATO)

Account Takeover (ATO) is one of the most damaging forms of online fraud for merchants during the holiday season. ATO is when fraudsters gain access to customer accounts, often through stolen credentials, and exploit stored payment information to make unauthorized online purchases. ATO attacks spike before major shopping events like Black Friday because accounts are loaded with payment details and rewards. For merchants, this means heightened risk during peak traffic periods when fraud detection is most challenging.

Impact for Merchants: Fraudulent transactions resulting from ATO often lead to chargebacks when consumers find that their credit card has been used, meaning merchants lose out on both the product and the payment. ATO can also lead to lost inventory when purchased items have been shipped to fraudsters and are rarely recoverable after the transaction is flagged as fraud.

Trend 3: AI-Powered Fraud

Fraudsters now use generative AI to mimic real consumer behavior, making bots nearly undetectable. AI-powered fraud refers to the use of machine learning and generative AI by fraudsters to automate and scale attacks. Unlike traditional fraud, these attacks are adaptive, fast, and hard to detect because bots mimic human behavior. In the 2024, bot-driven attacks spiked by over 400% during Black Friday week and continued through Christmas.

Impact for Merchants: AI-powered fraud is a direct threat to merchants’ bottom line. Automated bots can purchase high-demand products in bulk, draining inventory and preventing legitimate sales. For merchants, this means lost revenue, inflated operational costs to fight fraud, and reputational damage when customers can’t access desired products. Do you have controls on your shopping cart that limit high volume single orders of high demand large ticket products?

Trend 4: Card Testing Attacks

Card testing is an online fraud tactic where criminals use stolen credit card numbers to make small, low-risk purchases on e-commerce sites to check if the cards are active. Bots can test thousands of cards in minutes, hiding among legitimate holiday traffic. Once validated, these cards are used for larger fraudulent transactions or sold on underground marketplaces.

Card testing spikes during the holidays because high transaction volumes make it easier for fraudsters to hide their activity. It often continues into January when merchants are distracted by returns and chargebacks, making it a persistent threat.

Impact for Merchants: Card testing can significantly impact revenue for merchants. While each test transaction seems minor, the cumulative impact is severe: merchants lose money on chargebacks, pay additional fees, and often ship goods that can’t be recovered.

Trend 5: Chargebacks

Chargebacks usually spike in January after the holidays, often from “friendly fraud”. Friendly fraud occurs when a customer makes a purchase and later disputes the charge with their bank. For example, a customer claims that the purchase was unauthorized or that the product was not delivered, despite having actually received the goods or services. Another example is when a customer forgets about a legitimate purchase, or fails to recognize a charge on their statement.

Friendly fraud accounts for roughly 75% of all chargebacks, and merchants see a 40–60% spike in disputes every January following the holiday shopping season.

Impact: Chargebacks and friendly fraud can lead to significant financial losses for merchants. This includes lost revenue from disputed transactions and the costs associated with processing chargebacks.

Action Steps for Merchants

1. Check E-Commerce Website Dispute Preparedness Now

2. Start Monitoring Earlier and Continue After the Holidays

Fraud doesn’t wait for Black Friday, it starts weeks before and continues after the holidays.

  • Increase fraud monitoring by mid-November to catch early credential-stuffing and bot activity.
  • Adjust velocity thresholds as transaction volumes rise.
  • Run pre-holiday system checks to ensure all security layers are active.

3. Strengthen Account Security

Account Takeover (ATO) is costly because it exploits stored payment data. To strengthen account security, consider:

  • Enabling Multi-Factor Authentication (MFA) for all customer accounts.
  • Monitor login anomalies like multiple failed attempts or logins from unusual geolocations.
  • Use breach alerts to flag compromised accounts early.

4. Prevent AI-Powered Fraud and Card Testing

In the AI driven world we are living in, it is important to take precautions to protect your business from AI generated attacks.

  • Add Google’s ReCAPTCHA to your ecommerce site. ReCAPTCHA is a cost-free, anti-automation solution from Google. While more sophisticated attackers have tools to get around it, it is usually successful at stopping card testing attacks. Consider upgrading to ReCAPTCHA Enterprise for the most protection. It includes 10,000 assessments per month without cost.
  • Implement bot management solutions that analyze device fingerprints, velocity checks, and behavioral patterns to block automated attacks.
  • Talk with your payment processor about cloud-based fraud protection tools such as Kount or Signifyd.

Related Content: How to Protect Your Ecommerce Site from Card Testing Fraud

5. Combat Friendly Fraud and Policy Abuse

  • Implement clear return and refund policies and make them visible at checkout.
  • Use compelling evidence tools to dispute illegitimate chargebacks.
  • Keep track of repeat offenders.
  • Make sure billing descriptors on customer credit card statements and receipts are clear.

6. Train Staff Regularly on Scams

Fraudsters use AI to create realistic phishing emails and fake customer service scripts.

  • Educate your team on spotting AI-generated scams.
  • Establish escalation paths for suspicious interactions.
  • Verify unusual requests before acting.

Related Content: Essential Security Strategies for Today’s Businesses

Why it Matters

Holiday fraud in 2025 is faster, smarter, and more adaptive than ever before. This means merchants must remain vigilant and proactive. In a recent survey, fraud was shown to be a top concern for merchants. Nearly two thirds of merchants experienced fraud in the past year, 28% of merchants experienced fraudulent chargebacks, a quarter of merchants experienced return and refund fraud and 20% reported scam attempts targeting their businesses. These statistics prove how prevalent fraud remains and why it should be top of mind to protect your business all year round.

The consequences of ignoring these cyber threats can be costly. By keeping fraud top of mind and implementing layered defenses, you can safeguard both your business and customers. Taking actionable measures not only helps prevent financial losses but also ensures a secure and positive shopping experience, ultimately strengthening brand loyalty and driving growth during the holidays and throughout the year.

Table Of Contents
Stay in the know on payments-related news.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Share This Article
Share on Facebook
Share on Twitter
Share on Linked In
Related Articles
Friend or Foe? What Every Merchant Needs to Know About Bots in Online Commerce
For consumers, automation in online commerce is no longer a luxury, it’s a necessity. Whether it’s receiving personalized shopping recommendations or enjoying one-click checkouts, people increasingly rely on automated technologies to enhance convenience and save time. At the center of these shopping advancements are bots. As bots become more prevalent...
Merchant Payments
What Merchants Need to Know: Visa’s Updates to Level 2 and Level 3 Pricing
Background: What is CEDP? Visa launched the Commercial Enhanced Data Program (CEDP) in April 2025 to replace its previous Level 2 and Level 3 interchange incentive programs. Under CEDP, Visa requires merchants to pass complete, accurate, and descriptive line-item data for commercial card transactions. Before qualifying for the discounted interchange...
Merchant Payments
Embedded Payments
Read All Blog Posts