Are businesses overly optimistic about their ability to combat identity fraud? Recent findings suggest they may be overconfident.

According to the The Battle in the Dark 2025 report by Signicat and Red Goat Cyber Security, only 5% of respondents lack confidence in their identity fraud prevention measures. Around three-quarters believe they are effectively addressing the issue, despite evidence that 47% do not track such incidents consistently.

“Fraud can go undetected if we’re unaware of it or simply don’t look for it,” explained Jennifer Pitt, a Senior Analyst in Fraud Management at Javelin Strategy & Research. “When consumers fail to report fraud due to various reasons, it creates an illusion that the organization’s fraud controls are working well.”

A Growing Concern

The reported numbers diverge further when considering European businesses estimate one in five transactions to be fraudulent, with identity theft and related costs impacting up to 22% of annual revenue.

Moreover, Signicat’s data reveals that attempts at identity fraud have risen by 69% over the past four years, while overall fraud attempts have surged by 88%.

Tackling the Challenge

Identity fraud now accounts for 9.3% of all fraud incidents this year and is the most common type in Europe. Account takeover and social engineering follow closely as second and third respectively. The research indicates that identity theft is particularly prevalent in the banking sector, whereas account takeover is more common in the payments industry.

“Fraud tactics like account takeover and synthetic identities are harder to detect,” Pitt noted. “Some organizations may use outdated methods instead of adopting layered approaches necessary to counter these sophisticated threats.”

The study also highlights that 80% of businesses think pushing back on criminals only leads them to change their strategies, highlighting the constant challenge in combating fraud.

“Fraud is evolving faster than detection technologies can keep up,” Pitt observed. “Organizations relying on outdated and static methods risk missing newer and more advanced threats, leading to a false sense of security.”