Increasingly, they persuade, fatigue or impersonate their way past defenses that were designed to stop credential theft but now sit at the center of more complex attack chains.
The shift is showing up in data. The PYMNTS Intelligence report “2025 State of Fraud and Financial Crime in the United States,” a collaboration with Block, found that unauthorized-party fraud now accounts for 71% of total fraud incidents and dollar losses, reversing last year’s pattern and signaling a resurgence of externally driven attacks rooted in compromised credentials and account takeovers.
Unauthorized-Party Fraud Regains the Upper Hand
The report described a fraud environment that is becoming more adaptive, not less. Attackers are increasingly exploiting access points that sit upstream of payments, including login credentials, session tokens and authentication workflows, which include multifactor authentication protocols.
At the same time, half of financial institutions report damage to customer loyalty and brand reputation tied directly to fraud, reframing the issue as a growth and trust problem rather than a narrow operational cost.
When MFA Becomes the Weak Link
Against that backdrop, MFA still stands out as a foundational defense. But the Delinea Labs report, “Cybersecurity and the AI Threat Landscape,” showed how frequently MFA is now implicated in successful attacks, not because it is absent, but because it is misused or manipulated. Nearly half of security incidents analyzed by Cisco Talos involved MFA, with fraudulent push notifications present in roughly one-quarter of those cases. These attacks often rely on “push fatigue,” where users are bombarded with repeated authentication requests until one is mistakenly approved.
The mechanics are straightforward and effective. Attackers first obtain valid credentials through phishing, infostealer malware or token theft. Once inside the authentication flow, they trigger repeated MFA prompts, often outside normal working hours, betting that frustration or confusion will override caution. In other cases, MFA protections are inconsistently configured or not enforced across all accounts, creating uneven coverage that attackers actively probe.
Real-World MFA Failures Move Into the Spotlight
Recent high-profile breaches illustrate how these weaknesses play out at scale. Such incidents ripple outward, exposing not only data but also confidence in cloud and identity infrastructure. The lesson from these events is not that MFA is obsolete, but that attackers increasingly understand how it is deployed and where it breaks down.
Timing also matters. The Delinea report found that attack volumes often dip during midyear holidays and then surge toward year-end, when staffing gaps, elevated transaction volumes and consumer urgency combine to create ideal conditions for fraud.
That seasonal pressure overlaps with peak shopping periods, faster payment rails and heightened customer activity, raising the stakes for authentication systems already under strain.
Defending With Tools Attackers Already Know
The deeper issue is strategic. Many banks and payment firms still rely on MFA implementations that attackers have studied for years. Static controls, once effective, are now predictable. Fraudsters do not need to defeat MFA outright; they only need to persuade legitimate users to defeat it for them.
This reality helps explain why institutions are shifting investment priorities. According to the PYMNTS Intelligence report, 68% of financial institutions increased fraud detection spending year over year, with artificial intelligence and behavioral analytics increasingly viewed as essential infrastructure rather than optional upgrades.
Moving Beyond MFA Alone
The data suggests that preventing MFA-based fraud requires layering intelligence on top of authentication, not replacing it. Behavioral signals, device fingerprinting, contextual risk analysis and continuous monitoring can help distinguish legitimate approvals from coerced or manipulated ones.
Machine learning and behavioral analytics are now among the most widely adopted fraud prevention technologies, reflecting an industry move toward adaptive defense rather than fixed checkpoints.
