For many retailers, holiday sales are make-or-break, with final-quarter revenue often serving to push a company’s finances into the black for the entire year. According to the National Retail Federation, United States shoppers spent nearly $1 trillion during the 2024 holiday season alone. Unfortunately, however, where customers flock, criminals follow. Fraudsters are quick to exploit the annual surge in transactions, using phishing schemes, account takeovers and other tactics that erode profits and customer trust. For merchants, it is imperative to protect their businesses and customers without slowing sales at the year’s most critical time.

This balancing act has never been more complex. Advances in artificial intelligence (AI) are reshaping both sides of the cybersecurity equation. On one hand, retailers now have access to powerful AI-driven tools that can detect fraud in real time and streamline checkout. On the other, criminals are weaponizing AI to launch deepfake scams, clone trusted brand identities and bypass legacy defenses. The result is a rapidly shifting landscape where layered security, adaptive authentication and proactive engagement are essential to keeping sales flowing and customers safe.

Fraud Spikes With Holiday Sales

Holiday sales open the door to significantly elevated levels of fraud. Scams, cyberattacks and chargebacks spike during the holiday shopping season, threatening both profits and customer trust.

The holiday shopping season brings both opportunity and risk for retailers.

In 2024, U.S. holiday retail sales saw year-over-year growth of 3.6%. However, this upsurge also helped create fertile ground for cybercriminals. The Federal Trade Commission (FTC) reported that consumers lost more than $12.5 billion to fraud in 2024, a staggering 25% increase from 2023. Further research found that 78% of Americans in 2024 believed cybercrime activity intensifies during the holidays, with 59% saying they were more concerned about scams compared to the previous year. 78% of Americans believe cybercrime increases during the holidays.

Schemes such as phishing, account takeover and card-not-present fraud are especially rampant in the fourth quarter as fraudsters exploit high transaction volumes to maximize their spoils and elude discovery. Moreover, alongside these third-party scams, merchants must also contend with a wave of first-party fraud after the holiday rush.

‘Friendly fraud’ is another costly problem for merchants.

Chargebacks—when a cardholder challenges a transaction and the payment is reversed—are another holiday hazard for merchants, typically spiking in January and February, about 45 to 60 days post-purchase. Some of these are legitimate chargebacks, in which consumers are contesting unauthorized use of their cards or a retailer’s failure to deliver goods. However, a large share stem from first-party fraud: The consumer makes a valid purchase, receives the goods, but later disputes the transaction as fraudulent because of buyer’s remorse or post-holiday budget pressures. This misuse of the chargeback process, or so-called friendly fraud, now accounts for 75% of fraud experienced by digital goods merchants. In most cases—84%—customers skip the merchant and head straight to the bank, triggering chargebacks that might have been avoided through a return for a merchant refund.

While chargebacks remain a consumer safeguard, merchants risk costly administrative burdens and even account termination if chargeback abuse is excessive, so they must find the right balance between consumer protections and opportunities for abuse.

A single fraudster can pocket hundreds of thousands of dollars during the holiday season.

A recent study found that sign-up attacks spiked 309% during the 2024 holiday shopping season, with scammers deliberately timing attacks to coincide with high-traffic events. Just one attack can result in losses exceeding $145,000 from just five gaming platforms by leveraging account takeover scams. The findings underscore a clear trend: Cybercriminals are increasingly strategic, aligning fraudulent activity with consumer shopping patterns. Merchants must be prepared to address this upswing in targeted holiday fraud.

AI Is a Double-Edged Sword

Artificial intelligence is reshaping retail with both promise and peril.

88% of Americans believe AI is fueling a rise in both the volume and sophistication of holiday scams. Autonomous AI agents are poised to handle tasks ranging from fraud detection to personalized shopping experiences, and adoption is accelerating. However, consumer participation remains uneven. Research shows that only 26% of shoppers would accept an AI-driven payment experience for a faster, smoother checkout process, with willingness to adopt declining among older consumers.

One reason for this is that while AI can be a powerful aid in the retail experience, it also fuels new attack vectors. McAfee notes that 88% of Americans believe AI has increased the number and sophistication of online scams during the holidays, with deepfakes proving especially effective against younger shoppers. One in three consumers ages 18 to 34 have fallen victim to a deepfake scam, compared to just 5% of those 55 and older.

Customers and merchants have deeply mixed feelings on the use of AI during the holiday season.

While 38% of consumers highly appreciate AI-powered recommendations, 58% remain worried about how their personal data is used. Transparency is crucial, with more than one-quarter (28%) of shoppers saying they wouldn’t trust any company to handle their data.

Merchants themselves face hurdles. PYMNTS Intelligence finds that 30% to 40% of businesses cite limited resources and tool gaps in fraud management. Even when security tools are deployed, criminals adapt quickly: AI-driven bots can now bypass Google’s reCAPTCHAv2 with 100% accuracy. This forces merchants to rethink authentication, adopting solutions like two-factor authentication (2FA) and emerging innovations such as tap-to-authenticate cards and AI-driven cloud platforms for fraud detection.

Despite these concerns, 93% of eCommerce businesses surveyed agree that integrating anti-fraud technologies improves customer experience. Balancing convenience with safety will be key, as scammers armed with AI can create near-perfect likenesses of trusted brands and celebrities, making innovative countermeasures essential.

Layered Security Keeps Sales Flowing

AI can be merchants’ best defense against fraud.

Fraudsters constantly refine their tactics, but AI gives merchants the ability to fight back just as quickly. Real-time monitoring powered by AI enables instant, automated responses to suspicious transactions, helping prevent losses before they occur. Generative AI can even create synthetic fraud data, strengthening detection models and making them more resilient against new attack patterns. AI’s precision also minimizes friction, offering a reduction in false positives of up to 85% while doubling the detection of compromised cards. Finally, adaptive machine learning (ML) models evolve continuously with new data, ensuring defenses stay one step ahead of attackers. 52% of businesses are implementing new AI models for fraud detection and customer service.

Despite these advantages, a 2025 Experian survey of 200 U.S. businesses found that while 72% of business leaders expect AI-driven fraud and deepfakes to be a top challenge by 2026, only 37% currently use generative AI for fraud protection. Still, AI adoption is climbing, with 52% implementing new AI methods and models for fraud detection and customer decision-making.

AI must be one layer of a multifaceted security stack.

For merchants facing a jump in fraud attempts during the holidays, AI offers the speed, precision and adaptability required to protect transactions without slowing checkout. However, it works best when implemented as part of a layered security strategy. Worldpay emphasizes requiring strong passwords and 2FA as a baseline, with ML analyzing transaction patterns to quickly flag suspicious activity.

Moreover, even as AI boosts security, lower-tech measures are equally vital. A recent survey found that if a merchant failed to respond promptly to a complaint about a purchase, 85% of consumers would be somewhat or very likely to file a chargeback. This suggests that customer service gaps are adding fuel to these disputes. Retailers must therefore pair AI defenses with proactive engagement to mitigate issues before they escalate to costly chargebacks. As fraud threats multiply from all sides, a layered, adaptive approach to security is emerging as the best path forward.

Recent partnerships are enhancing the protective power of AI in retail.

As fraud risks escalate—especially with the rise of generative AI—innovative solutions are emerging to protect both merchants and consumers. In early 2025, Worldpay announced its acquisition of Ravelin, a London-based, AI-native fraud prevention platform. This move equips merchants with advanced tools to help detect payment fraud and account takeovers, improve authorization rates and support smoother eCommerce operations.

Building on that, a recent partnership between Worldpay and Trulioo introduced the “Know Your Agent” (KYA) framework, designed to secure AI-agent-led commerce. Through a Digital Agent Passport, merchants can now verify an AI agent’s legitimacy and consumer consent in real time. Verified agents gain seamless access while unverified ones face more scrutiny, enabling stronger fraud prevention, smoother checkouts and greater consumer confidence. These advancements illustrate how AI, though creating new risks, is inspiring equally intelligent defenses.

From Holiday Defense to Year-Round Strategy

Holiday sales may bring record revenues, but they also magnify vulnerabilities across the payments chain. Fraudsters are quick to exploit this opportunity, often outpacing legacy defenses. At the same time, AI has emerged as both a source of risk and the most effective tool for combating it. To stay ahead, merchants must shift from reactive measures to a proactive strategy that blends AI innovation with multiple safeguards and sound judgment.

PYMNTS Intelligence offers the following actionable roadmap for companies considering stronger fraud prevention strategies:

Adopt layered fraud defenses that combine AI-powered detection, adaptive authentication and behavioral monitoring. This ensures strong protection without creating unnecessary checkout friction.

that combine AI-powered detection, adaptive authentication and behavioral monitoring. This ensures strong protection without creating unnecessary checkout friction. Invest in transparent AI practices to build customer trust. Clearly communicate how AI tools are deployed, especially in areas involving payment security and personal data.

to build customer trust. Clearly communicate how AI tools are deployed, especially in areas involving payment security and personal data. Prioritize responsiveness in customer service to minimize chargebacks. Fast dispute resolution can prevent costly friendly fraud cases and protect revenue.

Merchants must view fraud prevention not as a seasonal exercise but as a year-round strategic imperative. Worldpay partners with merchants globally to help achieve this balance—powering secure, adaptive payments strategies built for every season.

