AMSTERDAM – The era of the lone-wolf cybercriminal is effectively over. At the prestigious Money20/20 Europe conference, AI-powered transaction risk platform Fraudio unveiled a sobering new reality: online fraud has evolved from isolated, opportunistic card theft into a highly sophisticated, industrialized ecosystem. This shift, characterized by the weaponization of shared infrastructure, has led to a 25% surge in average payment fraud rates, signaling a critical turning point for global digital commerce.
Main Facts: A Shift in Strategy
The latest data from Fraudio, covering the transition from 2024 into the 2025–2026 period, reveals that the digital economy is under siege by coordinated networks rather than random bad actors. Average fraud rates have climbed from 0.036% to 0.045% in just two years.
This is not a mere uptick in volume; it is a fundamental shift in the methodology of theft. Malicious activity is now concentrated within centralized IP pools, complex multi-layered submerchant processing pipelines, and coordinated payment networks that act as force multipliers for criminal groups. By leveraging shared technical infrastructure, these syndicates are successfully evading the legacy fraud-detection tools that have long been the backbone of banking security.
Chronology of a Growing Threat
The escalation of this threat landscape did not happen overnight. The following timeline outlines the progression of the current crisis:
- October 2020: The baseline for "false-positive" friction stood at 12.088%. At this stage, traditional, rules-based compliance matrices were still considered relatively effective at balancing security with customer experience.
- 2024: Industry fraud rates were recorded at 0.036%. While concerns over automated botnets were rising, the industry largely treated fraud as a transaction-level anomaly.
- 2025–2026: Fraud rates spiked to 0.045%. The emergence of "infrastructure-as-a-service" among criminal rings allowed for the mass testing of stolen credentials, leading to a massive increase in the reliance on shared, high-volume IP addresses for illicit activity.
- May 2026: The false-positive rate reached a staggering 23.479%. This period marks the "panic phase" for many risk divisions, as they tightened security controls in response to the fraud surge, inadvertently blocking nearly a quarter of legitimate, revenue-generating transactions.
Supporting Data: The Weaponization of Infrastructure
Fraudio’s dataset provides an empirical look at why current defenses are failing. The most damning discovery centers on the reliance on shared technical environments.
The "Shared IP" Epidemic
Fraudio found that 91.08% of all observed fraud events were linked directly to shared infrastructure—defined as an individual IP address tied to 25 or more unique payment cards. When focusing on node-level configurations, the correlation becomes even more absolute, with these specific infrastructure-sharing IPs accounting for 98.60% of total observed fraud. This suggests that modern fraudsters are no longer hiding their tracks; instead, they are operating out of "hubs" that allow them to process high volumes of stolen data in a centralized manner.
The Submerchant Blind Spot
The rise of decentralized digital marketplaces and multi-tiered Payment Service Providers (PSPs) has created significant systemic weaknesses. Transactions routed via submerchant accounts carry a fraud rate of 0.018%, compared to just 0.004% for direct merchants—a 4.92-times increase in risk. Many enterprises lack the visibility to map transactional behavior across these disparate digital storefronts, allowing criminals to cycle through sub-accounts without triggering a central alert.
The 3DS Paradox
Perhaps the most concerning finding is the failure of standalone 3D Secure (3DS) authentication. Fraudio’s research indicates that 3DS is no longer a silver bullet. Transactions without 3DS generated a fraud rate of 0.227%, while transactions where 3DS was successfully deployed still yielded a fraud rate of 0.218%. This marginal difference confirms that sophisticated syndicates are using automated session hijacking and device cloning to bypass multi-factor authentication, rendering even "secure" protocols largely ineffective against determined, modern threats.
Official Responses and Expert Insights
The leadership at Fraudio emphasized that the industry’s current, reactionary approach is exacerbating the problem.
"Fraud is often treated as a transaction-level problem, but our proprietary data shows something more structural is happening," stated João Moura, CEO and co-founder of Fraudio. "The strongest patterns are not isolated bad payments; they are shared infrastructure, repeated entities, and coordinated routes across the payment ecosystem."
This structural shift requires a structural response, yet many firms are moving in the wrong direction. Gadi Erel, VP of Product at Fraudio, warned of the "decline trap."
"The danger is that businesses respond to fraud pressure by simply becoming more aggressive with declines," Erel noted. "That may reduce some fraud, but it also risks blocking good customers and damaging approval rates. The real opportunity is precision—stopping coordinated fraud earlier, while protecting legitimate customers from unnecessary friction."
Implications for the Global Digital Economy
The implications of these findings are profound for every stakeholder in the payment value chain, from issuers and acquirers to cross-border e-commerce platforms.
The False-Positive Crisis
The most immediate casualty of this new landscape is the consumer. With false-positive rates peaking at 23.701% for traditional e-commerce and 15.234% for Mail Order/Telephone Order (MOTO) corridors, businesses are effectively taxing their own customers to pay for their inability to distinguish between legitimate users and botnets. This "decline-first" policy risks long-term brand erosion and lost lifetime value.
The Shift Toward Predictive Intelligence
The data reveals that we have entered an urgent transition phase. Static, rule-based systems—which rely on historical, "if-then" logic—are inherently incapable of keeping up with a criminal network that can pivot its infrastructure in real time.
Future-proofing the digital treasury will require three key pillars:
- Infrastructure Detection: The ability to identify and blacklist shared IP nodes and criminal clusters before a transaction is even initiated.
- Behavioral Mapping: Moving beyond transaction-level analysis to map entities across multi-tiered submerchant networks.
- Dynamic Friction: Implementing authentication that scales based on real-time risk, rather than blanket protocols like 3DS that provide a false sense of security while frustrating genuine shoppers.
Conclusion: A Call for Structural Change
The transition from opportunistic theft to industrialized crime is a wake-up call for the financial sector. As long as criminal syndicates view the payment ecosystem as a series of disconnected, siloed entry points, they will continue to exploit the "blind spots" between merchants and processors.
To survive this era, organizations must stop viewing fraud as a game of "whack-a-mole" against individual transactions. Instead, they must invest in the capability to see the underlying architecture of the threat. Only by neutralizing the criminal infrastructure itself—rather than just the individual payments that flow through it—can the industry hope to lower the current fraud baseline, improve consumer approval rates, and finally break the cycle of industrial-scale deceit. The message from Money20/20 is clear: the future of digital security lies in precision, not just volume of defense.
