Regtech Prove has indicated that account takeover (ATO) fraud is quietly eroding revenues, damaging customer trust, and complicating operations across digital marketplaces and gig economy platforms. Criminals who gain unauthorized control of user accounts can exploit stored payment details, loyalty points, promotional credits, and trusted profiles, turning these platforms into high-value targets.
Unlike overt fraud that appears clearly in dashboards, ATO often triggers cascading issues such as chargebacks, refund abuse, support burdens, and user attrition that are harder to trace directly back to compromised accounts.
Recent data highlights the scale of the problem. Global ATO volumes increased 21% from the first half of 2024 to the first half of 2025, with a cumulative surge of 141% since the first half of 2021.
The FBI’s Internet Crime Complaint Center reported $16.6 billion in total cybercrime losses for 2024, with personal data breaches and account-related fraud among the leading contributors.
Across industries, nearly 83% of organizations encountered at least one ATO incident in the past year, and 26% faced attempts on a weekly basis.
Marketplaces experienced an even sharper rise, with attack rates climbing 90% year-over-year—roughly four times the broader industry average.
Gig and marketplace platforms are especially attractive because they combine high transaction velocity, stored financial assets, and diverse user bases.
The dominant entry method remains credential stuffing, where automated tools test billions of stolen username-password pairs harvested from prior breaches. More than 26 billion such attempts occur monthly across the web.
Password reuse remains widespread, with 62% of Americans reportedly using the same credentials across multiple sites, and leaked credentials involved in over half of login attempts.
Attackers are layering on more sophisticated tactics. AI-powered social engineering, including personalized phishing, SIM-swapping, and deepfake impersonation, has accelerated growth.
Reports from fraud examiner groups identify ATO as one of the fastest-expanding fraud categories, aided by generative AI tools that lower the technical skill required.
Fraud-as-a-service offerings—such as ready-made toolkits available for low weekly fees and phishing platforms—have further democratized these attacks, enabling even less experienced criminals to operate at scale.
On gig platforms, compromised provider accounts (drivers, couriers, or caregivers) pose additional risks, including diverted earnings, manipulated ratings, or collusion with fake customer profiles.
The financial impact extends well beyond direct losses from unauthorized transactions.
Chargeback volumes have risen, with global rates up 8% in 2024 and disputes spiking sharply in certain quarters.
Industry analyses indicate that for every dollar lost to chargebacks, companies face total costs of $3.75 to $4.61 when including processing, lost goods, and operational overhead—a 37% increase since 2021.
Gig delivery platforms see chargeback ratios around 3%, roughly 20 times higher than traditional restaurant orders.
Refund and promotion abuse compounds the damage; one documented case involved a single device accessing over 200 accounts to generate thousands in transactions while successfully reclaiming most through fraudulent refunds.
High-profile incidents, such as a multi-million-euro scheme against a European food delivery service, illustrate the potential for systematic exploitation.
Perhaps most damaging is the loss of customer lifetime value. Surveys show that more than 80% of consumers would stop using a platform after experiencing an account takeover.
Acquisition costs already invested in those users are effectively wasted, and future spending disappears.
Additionally, 62% of consumers report being less likely—or unwilling—to continue shopping with a brand after a fraud incident.
Regulatory exposure is also growing, as a high percentage of recent US data breaches have exposed sensitive personal identifiers like Social Security numbers.
Forward-thinking organizations are responding by shifting from reactive, rules-based monitoring to proactive, identity-centric strategies.
This involves establishing strong identity verification at onboarding using robust, hard-to-replicate signals; conducting real-time risk assessments at logins, account changes, and high-value actions (including detection of device or SIM anomalies); and employing passive authentication methods that verify returning users without added friction.
Continuous monitoring throughout the user lifecycle helps catch gradual account manipulation.
On two-sided platforms, extending verified identity coverage to both consumers and providers strengthens overall ecosystem trust.
Predictions suggest that by 2028, a growing share of large enterprises will form integrated cyber-fraud teams that combine fraud prevention with broader cybersecurity functions.
Platforms that treat account integrity as a core competitive advantage—rather than a compliance burden—stand to protect revenues, reduce hidden costs, and build lasting user confidence. Those that do not may find ATO increasingly difficult to ignore as both a security and a profitability issue.