When fraud attack rates fall, the instinct is to celebrate. One might think fewer attacks means better defenses and better outcomes. But a close look at recent fraud trend data tells a more complicated story, and fraud teams that read the headline number without reading the fine print may find themselves caught off guard.
Payment fraud attack rates declined 14% year over year, and manual review volume dropped 17%; yet over the same period, overall chargeback rates climbed 56%. The two trends are connected, and showcase that fewer attacks doesn't mean fraud risk is declining overall.
Precision has replaced volume
For the last few years, merchants have faced a steady increase in fraud attempts volume as AI and automation made it easier for bad actors to attack at scale. As a result, companies fortified their defenses, and that calibration seems to be helping, since payment fraud and manual review rates have decreased.
However, what the data now shows is that fraudsters are deliberately targeting what they believe to be high-volume accounts with stored credentials and accumulated balances that offer higher payoff per attempt. 21% of consumers report experiencing account takeover in the past year, often alongside payment fraud.
The metrics that teams traditionally used to evaluate fraud program health were built to measure volume. When the threat changes shape but the measurement framework doesn't, teams can end up optimizing for the wrong outcome.
The "good user gone bad" pattern illustrates this well. Attackers build account credibility over time, establishing normal behavior and generating positive transaction history before executing a high-value fraudulent action, such as adding stolen payment credentials to a trusted account, weeks or months later. A fraud model evaluated solely on immediate transaction outcomes will miss this entirely. The account looks fine until it doesn't.
Efficiency gains aren't the same as risk reduction
The 17% decline in manual review volume reflects real operational progress: stronger automation, more precise decision logic, less friction for legitimate users. But when review volume falls while chargebacks rise simultaneously, that combination can indicate decision thresholds are well-tuned for speed but not fully calibrated for more sophisticated attack patterns.
Reducing manual review should free analysts for complex, high-value investigation. When efficiency metrics and chargeback loss metrics simultaneously increase, merchants should audit where automation is working effectively and where human judgment can reduce some of these more complex fraud attempts.
Industry context changes everything
Fraud exposure doesn't distribute evenly across business models, and comparing rates to a broad industry average can lead teams to the wrong conclusions. A 3.7% payment fraud attack rate in food and delivery reflects the speed-first, high-volume nature of that environment. A 0.4% attack rate in online gambling sounds low, until you account for the fact that high-value transactions concentrate dispute risk in ways that raw attack volume doesn't capture.
Internet and software companies face elevated chargeback exposure for a specific reason: subscription models and stored credentials are convenient for fraudulent and legitimate users alike. The same features that reduce checkout friction also lower the barrier for account compromise. This is why peer benchmarking matters more than absolute numbers. A rate that looks alarming in isolation may be typical for a specific segment, while a rate that looks clean may signal under-detection.
The trust dimension
Fraud's impact on consumer behavior rarely makes it into internal loss calculations, but it belongs there. When 52% of consumers say they would stop using a platform after experiencing fraud, and 73% say they've abandoned a purchase due to payment security concerns, fraud goes from a finance problem to a growth problem.
Losing a customer to fraud isn't only a one-time transaction loss. It's the cumulative value of everything that a customer would have spent, plus the reputational cost when trust erodes publicly. Customers rarely distinguish between attacker behavior and platform responsibility. If an account gets compromised, the brand absorbs the perception hit.
Measuring the right things
The practical reality is that a single metric, however directionally encouraging, doesn't tell the full story. The more useful questions are:
- Is chargeback exposure tracking with attack rate trends?
- Are manual review resources concentrated where complexity warrants them?
- Is account-level risk being measured longitudinally rather than only at the transaction moment?
Fraud concentrates where incentives are highest and where defenses haven't kept pace. The teams best positioned to stay ahead are the ones asking whether the numbers they're watching are the right ones.
