- Key insight: While the rate of suspected fraud dipped to 4.6% recently, the sheer volume of holiday transactions means the absolute number of fraud attempts remains critically high.
- Supporting data: Fraudsters increased total attempts by 21% during Thanksgiving week last year, with the total value of those attempts rising 32%.
- What's at stake: Retailers face up to three times more bot-driven login traffic during the holidays, fueling a predicted 47% rise in account takeover attacks.
Overview bullets generated by AI with editorial review
Each holiday season, as transaction volumes rise, so does fraud volume. This season, it comes in the form of everything from automated, AI-driven credential stuffing to organized gift card theft.
The sheer velocity of money movement during the holidays provides cover for illicit activity. Daily payment counts rose 27% and overall payment values climbed 32% during Thanksgiving week last year compared to a typical week, according to the NICE Actimize report.
"The holiday season magnifies what is already true throughout the year: fraud has become situational rather than seasonal," the report reads.
There are some promising high-level trends, as well. Data from TransUnion indicates that the suspected digital fraud rate in the U.S. dipped to 4.6% during the five-day period between Thanksgiving and Cyber Monday last year, down from 6.0% in 2023.
While the rate of attacks decreased, the volume of attacks remains a critical concern for risk managers. The massive increase in transaction throughout means the absolute number of fraud attempts remains high, making the holiday period a critical time for minimizing fraud losses.
Fraudsters increased their total attempts by 21% during Thanksgiving week last year, with the total value of attempted fraud rising 32% compared to a typical week, according to the NICE Actimize report.
AI and automation in online retail
Kasada, a loss prevention vendor for online retailers, has observed increased bad bot traffic during major holiday sales events every year since 2022, according to a 2025 report from RH-ISAC, a cybersecurity consortium for the retail and hospitality sector.
This automated volume puts significant pressure on authentication systems. The average retailer faces 2.5 to 3 times more bot-driven login traffic during holiday months than during the rest of the year, according to Kasada data.
These bots facilitate large-scale credential stuffing, where criminals test stolen username and password pairs to hijack accounts, hoping to achieve account takeover. These takeover attacks were expected to rise by at least 47% during the peak holiday season, according to data from Arkose Labs.
Beyond login attacks, fraudsters program bots to complete transactions faster than humans to grab limited-edition items or bulk-buy discounted inventory for resale, according to Kasada's analysis. As companies develop agentic AI to let consumers delegate shopping tasks, this will force retailers and banks to assess the level of fraud risk associated with a bot.
Gift card and loyalty fraud
A specific area of concern for financial institutions involves the monetization of gift cards and loyalty points.
Organized groups, such as threat actor Storm-0539 (also known as Atlas Lion), specialize in compromising cloud environments to generate fraudulent gift cards. Microsoft published
Kasada, which specializes in helping retailers manage automated bots in their online stores, identified 8.9 million stolen retail gift cards and 7.5 million quick-service restaurant gift cards for sale on underground markets ahead of the 2025 season.
In a related vein, fraudsters often use compromised airline and hotel logins to turn points into re-sellable bookings, according to SOCRadar. For banks, this activity often overlaps with credit card fraud, as thieves use stolen cards to purchase gift cards or travel, which they then liquidate.
Payment rails and timing
The method and timing of attacks are shifting. While Zelle fraud rates remained relatively stable in NICE Actimize's 2024 data, the volume of fraud tracked with the rise in overall payments.
Conversely, domestic wire fraud attempts dropped by 60% in volume during Thanksgiving and Christmas last year due to office closures, while international wire fraud attempts rose by 27% during Thanksgiving week, according to NICE Actimize's report.
Bank security teams should also note that fraud intensity is not uniform throughout the day.
"The early morning hours are a prime target for fraud, with the 2 a.m to 7 a.m. window showing the highest risk," the NICE Actimize report reads, noting that fraud rates spiked 391% at 2 a.m.
Return fraud impact
The aftermath of the holiday shopping spree also presents risks. Total returns for the retail industry amounted to $685 billion in 2024, with $103 billion lost to fraudulent and abusive returns, according to a report from retail fraud prevention firm Appriss Retail.
This "return fraud," which includes returning shoplifted merchandise or items purchased with stolen tender, creates operational noise and financial losses that ripple through the payments ecosystem.
