top of page

Black Friday 2025: Fraud at Speed and Scale in Payments

  • Writer: Kelsie Papenhausen
    Kelsie Papenhausen
  • Nov 20
  • 6 min read

London, 20 November 2025 - As consumers head into peak shopping season, payment fraud is rising in speed and scale. New data from central banks and from Signicat’s latest identity fraud study show that while strong customer authentication (SCA) has helped reduce card fraud risk inside the European Economic Area, criminals are shifting their efforts elsewhere and attacking the payments sector.

 

The European Central Bank (ECB) and European Banking Authority (EBA) report that fraud across the main payment instruments in the EEA reached €2.0 billion in just the first half of 2023. Card fraud risk is now noticeably lower for transactions inside the EEA where SCA applies, which suggests that better security works, but also that attackers are probing other weak points.


Signicat’s “The Battle in the Dark” (2025) identity fraud report, developed with cybersecurity firm Red Goat Cyber Security, reveals how this is unfolding in practice. Fraud leaders across Europe report that:

  • An estimated 1 in 5 customer onboarding is fraudulent.

  • 22% of annual revenue is affected by identity fraud and the cost of preventing it.

  • 59% have seen a rise in successful identity fraud attempts in the past year.

  • Yet 74% still believe they are winning the fight against fraud.

 

Black Friday and the holiday season are key periods for payment fraud,” says Pinar Alpay, Chief Product Officer at Signicat. “Transaction volumes spike, customers expect instant decisions and fraudsters arrive with industrialised, AI-powered tactics. The organisations that cope best are those that treat digital identity as the backbone of their fraud strategy, not an afterthought.

 

Fast transactions, fast fraud

Instant payments, mobile wallets and BNPL models have transformed the checkout experience. Decisions that once took minutes are now made in seconds. During Black Friday, those decision windows shrink even further as risk teams cope with extreme traffic.

 

This acceleration benefits fraudsters too. With automated scripts and AI-assisted social engineering, they can launch and adapt attacks in real time. In Signicat’s “The Battle in the Dark” study, payments and fintech firms surveyed expose the following:

  • 67% report more fraud attempts in the past year.

  • 54% report more successful fraud.

  • Around half of attacks (40%) now cluster at the transaction stage, not just at onboarding.

 

These pressures are set against a global backdrop of rising online fraud. Juniper Research forecasts that eCommerce fraud losses will grow from 44.3 billion US dollars in 2024 to 107 billion US dollars by 2029, an increase of 141 percent.

 

Tactics and exposure in 2025

Signicat’s research shows that fraudsters are combining classic techniques with new, identity-focused attacks when targeting the payments and fintech sectors. Some key data:

  • Most common attacks today

    • Account takeover (ATO): 36%

    • Identity document forgery: 35%

    • Social engineering: 32%

 

  • Expected to increase fastest

    • Identity document forgery: 33%

    • Social engineering: 29%

 

  • Costliest to remedy

    • Identity document forgery: 31%

    • Social engineering: 31%


Digital identity schemes and eIDs are both a defence and a target. Respondents report that:

  • 48% see account takeover involving electronic identity credentials

  • 40% see impersonation or identity cloning around electronic identity

  • One-third of fraud attempts now target electronic identity technology directly

 

"Identity document forgery and social engineering are indicative of how the industry has built onboarding and authentication," says Pinar Alpay, CPO at Signicat. “Fraudsters have industrialised fake identities and scripted manipulation. Strategies and processes have to change if we want to counter the growth of these attacks. Any company that does not redesign its systems with multilayered defences to adapt to this reality is choosing to fund fraud with its own margins."

 

AI on both sides

  • AI is now part of everyday fraud operations. Synthetic identities, deepfake audio and video, and highly personalised phishing campaigns are no longer exotic techniques, but mainstream tools. According to Signicat’s report: 73% of organisations are already using AI in their defences

  • 71% believe attackers are using AI against them

 

This creates an arms race. As soon as one pattern of behaviour is blocked, fraudsters adapt. 80% of businesses surveyed say attackers change tactics when stopped, often shifting to new channels or exploiting weaker partners in the value chain.

 

Business impact and readiness

The financial cost of identity fraud goes far beyond direct write-offs. Organisations must fund investigations, chargebacks, remediation and legal work, as well as investment in new controls and the reputational damage when incidents reach the headlines.

 

According to Signicat’s “The Battle in the Dark” report, the financial impact of identity fraud is already weighing heavily on businesses long before the Black Friday rush even begins. Respondents estimate that identity fraud and the measures required to combat it consume, on average, over 16% of annual revenue in the payments and fintech sectors, rising to 22% when looking across all industries and markets. At the same time, nearly a third of organisations (32%) point to weaknesses in partners or vendors as a significant fraud risk, highlighting just how vulnerable today’s interconnected payment ecosystem has become. As holiday transaction volumes spike around Black Friday, these structural weaknesses and already high fraud costs risk being amplified even further, unless merchants and payment providers invest in robust, EU-ready identity and fraud-prevention measures.

 

Yet the same study also shows a confidence gap. While 84% say they stop most attempts and 89% say they update their technology regularly, only 45% are actually measuring the full impact of identity fraud.

 

Too many organisations are flying half blind,” comments Alpay. “They invest in tools and assume things are under control, but have limited measurement of the fraud that gets through or the friction they are adding for legitimate customers. The most advanced fraud teams treat identity data as an analytics asset. They know where their weak spots are and can explain the trade-offs they are making.

 

Preparing for EUDI Wallets while tackling today's fraud challenges

The eIDAS 2.0 regulation is now in force, creating the legal framework for European Digital Identity Wallets (EUDI Wallets). By 2027, each EU Member State will be required to provide at least one wallet that citizens and businesses can use to prove identity and share verified attributes across borders.

 

EUDI Wallets have huge potential for payments,” says Esther Makaay, VP of Digital Identity at Signicat. “They can give payment services providers and merchants access to high assurance identity and attribute data from day one of the customer relationship, which is extremely powerful for fraud prevention. However, it will take several years for wallets to be widely deployed and adopted. Businesses cannot wait for the wallet to fix today’s fraud challenges.

 

Looking ahead to Black Friday 2025 and the peak holiday trading period, Signicat urges payments and fintech providers to act now rather than wait for fraud losses to spike. This starts with mapping where identity fraud is already eroding revenue and identifying the journeys, segments, and partners that are most exposed. From there, providers should modernise both document and identity verification processes, with particular focus on higher-risk customer journeys, and ensure that rich identity signals are integrated into payment risk mechanisms in real time so that suspicious behaviour can be challenged before a transaction is approved.

 

At the same time, they should prepare systems and processes to operate as EUDI Wallet relying parties as wallets roll out across Europe, so that they can accept high assurance digital identities from day one and turn stronger compliance into a competitive advantage.

 

 

About Signicat

Signicat is a European leader in digital identity, helping private and public organisations verify users’ identities, authenticate access, and sign agreements with confidence. Founded in 2006, Signicat’s Digital Identity Platform brings together identity proofing, authentication, electronic signing, and orchestration through a single integration. It supports the full digital identity journey from recognition and onboarding to login, consent, and legally binding contracts. More than 20,000 customers in 45 countries trust Signicat to reduce fraud, remove friction, and meet European and global regulatory requirements such as eIDAS, PSD2, AMLR, and the GDPR. The company serves high-trust sectors including financial services, insurance, telecommunications, and the public sector. Signicat actively contributes to shaping Europe’s future digital identity ecosystem and participates in the EU Digital Identity Wallet Large-Scale Pilots, including WE BUILD, Aptitude, NOBID, and EWC, helping to define interoperability and standards.

 

In 2019, Signicat was acquired by leading private equity investor Nordic Capital. Today, Signicat employs over 530 people across 20 offices in 15 European countries. For further information, visit www.signicat.com

 
 
bottom of page