American consumers face mounting fraud challenges across multiple channels. Each month, thousands experience bank account compromises, check theft from mailboxes, credit card fraud and identity theft. Complete stolen identities trade in underground markets for as little as $12.
The data reveals identity theft is growing: Suspicious Activity Reports (“SARS,” which are compiled by the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN) for account takeover have tripled in five years, check fraud reports peaked at over 70k in a single month, and identity theft cases regularly exceed 40k monthly reports. Yet the full scope of consumer-focused fraud remains difficult to assess from publicly available information.
This is the first of a two-part series examining fraud in America from complementary perspectives. Part 1 focuses on how criminals target consumers, examining the methods they use to compromise accounts, steal identities, and defraud individuals. Part 2 examines what happens next: how stolen funds and criminal proceeds move through the U.S. banking system, transforming compromised accounts into money laundering infrastructure.
About the Data
Understanding fraud requires looking at it from two angles. The first source is FinCEN’s compilation of mandatory reports from financial institutions, including SARs, as well as Currency Transaction Reports (CTRs), which reveal downstream patterns tied to fraud, money laundering, terrorist financing, and related financial crimes. The second source comes from monitoring online fraud markets, including dark-web marketplaces, encrypted chat groups, and underground forums. These platforms are where criminal actors advertise and trade in stolen personal data, fraud services, or illicit account access, providing insight into the upstream supply side of consumer-targeted fraud. Taken together, these two perspectives — the official reporting streams collected by FinCEN and the intelligence gleaned from underground fraud markets — provide a more complete picture of consumer-focused fraud than either source alone.
Together, these perspectives offer valuable insight into both the scale of the problem facing consumers and the evolving techniques fraudsters use. In the following sections, we draw on these complementary sources to highlight the most significant fraud trends shaping the U.S. landscape in 2025.
Bank Account Takeover
Bank accounts are the ultimate prize, a direct gateway to money and financial identity. To seize control of victims’ accounts, fraudsters deploy an arsenal of techniques combining stolen credentials, social engineering, and technical exploits. Criminals phish customers into revealing login details, reuse passwords exposed in data breaches, or deploy malware to capture keystrokes and hijack sessions. More advanced schemes involve SIM swaps or other methods to bypass multi-factor authentication, while some rely on insider leaks or purchased employee credentials.
Underground forums and encrypted messaging apps reveal a thriving marketplace that supports account-takeover fraud at scale. Vendors openly advertise “phishing-as-a-service” and smishing kits, democratizing fraud by allowing even low-skilled actors to launch fraudulent email or text campaigns that harvest victims’ credentials. Others specialize in selling compromised bank accounts much like commodities on a trading floor: prices fluctuate depending on the account’s balance, whether it is linked to instant transfer services such as Zelle, whether it can issue checks, and the level of remote access offered to the victim’s device. According to public threat-intelligence reporting, such accounts can be listed for as little as $50, with high-value accounts commanding thousands of dollars. The existence of these structured, service-oriented offerings — from turnkey phishing and smishing tools to account “shops” with detailed pricing tiers — signals that fraudsters are operating large-scale account-takeover schemes with the efficiency of legitimate businesses.
FinCEN data over the past five years underscore the growing scale of account takeover (ATO) activity we observe in online fraud markets. In 2020 and early 2021, monthly suspicious activity reports (SARs) related to ATO averaged around 5k–7k. By late 2021, volumes had already climbed by roughly 60 percent, and through 2022–2023 they doubled, reaching between 9k and 13k reports per month. In 2024–2025, filings surged to 14k–17k per month — nearly three times the levels seen just five years earlier — marking a period of sustained and unprecedented escalation.
Check Fraud
Check fraud represents one of America’s most persistent financial crimes, where criminals create, alter, or misuse checks to steal funds. Despite the rise of digital payments, paper checks remain widely used — particularly by businesses, older adults, and for recurring expenses such as rent, utilities, and government disbursements — making them a perpetual target for fraudsters. Common schemes include check counterfeiting, check washing, and outright theft of checks from the mail. In early 2022, I warned the financial sector about a surge in stolen checks being openly marketed on Telegram, often by mail thieves intercepting large volumes of USPS envelopes in search of checks. More than three years later, the problem has evolved but not abated: stolen checks continue to circulate at scale, driving a rise in Suspicious Activity Reports (SARs) related to check fraud that shows a remarkable transformation over the past five years.
In 2020 and early 2021, filings averaged a moderate 18k–27k per month, before climbing to more than 40k by the end of 2021. The real break came in 2022, when volumes surged past 60k per month, nearly triple the 2020 baseline, and stayed at historically high levels throughout the year. Activity peaked in March 2023 at 70.4k reports, cementing check fraud as one of the most significant threats in the financial system. While filings moderated in 2024 and early 2025 — generally hovering between 50k and 57k per month with occasional spikes above 65k — levels remain two to three times higher than before 2021, indicating that check fraud has evolved into a persistent and systemic challenge.
The underground economy tells the same story. As of mid-September 2025, large volumes of stolen checks continue flooding underground platforms, including encrypted messaging channels such as Telegram and various darknet markets. These illicit listings highlight how check fraud remains a thriving criminal enterprise. Pricing is typically influenced by factors such as whether the check is personal or business-related, the balance available, and the recency of the theft, with observed prices ranging from roughly $85 for low-value checks to as much as $2,000 for high-value or premium accounts. In some cases, vendors also advertise discounts for bulk purchases — a further indication of the organized, market-driven nature of this fraud economy.
Credit and Debit Card Fraud
Credit and debit card fraud occurs when criminals steal or misuse payment card details to make unauthorized purchases, withdraw cash, or transfer funds. Common methods include card-not-present (CNP) fraud using stolen card numbers online or over the phone without needing the physical card; card skimming and shimming that capture card details through compromised ATMs or point-of-sale terminals;, and social engineering that tricks victims into disclosing their card numbers, CVV codes, or one-time passcodes via fake emails, texts, or calls.
This threat has grown steadily over the past five years, cementing itself as one of the most entrenched threats facing financial institutions and consumers. Specifically, FinCEN data shows that credit and debit card fraud has steadily intensified over the past five years, evolving from a relatively modest baseline of 15k–20k monthly reports in 2020–2021 to a sustained surge above 30k per month by 2022. After dipping as low as 13k in late 2020, reports rebounded to 20k by the end of 2021 before nearly doubling in 2022, with peaks of more than 36k filings mid-year. The elevated activity persisted through 2023, when filings hit a record 38k in March, and has since stabilized at a consistently high level of 30k–36k per month through mid-2025, underscoring that card-based fraud has become an entrenched and durable threat vector for U.S. financial institutions.
Evidence from underground forums and illicit marketplaces shows how accessible stolen payment card data has become. Threat actors routinely advertise compromised credit and debit card details, often automating the process through messaging platforms where buyers can interact with chatbots to browse and purchase data. Some services even present organized lists of card types and issuing banks to make selection easier. In addition to these automated tools, stolen card details — sometimes newly compromised and therefore more valuable — are openly traded in underground markets.
Identity Theft: The Package is Expanding
Identity theft occurs when criminals steal and misuse personal information — names, Social Security numbers, login credentials, or bank details — to impersonate victims, open fraudulent accounts, or siphon funds. Fraudsters gather this information through data breaches, phishing or smishing campaigns, social engineering, malware, and even physical theft. Once obtained, identities are sold or exchanged in underground forums, dark-web markets, or via private messaging groups, where criminals sometimes offer searchable databases of compromised accounts.
A notable recent development in online fraud markets is the changing definition of a “full identity.” In earlier years, stolen identity packages typically included basic personal details such as name, Social Security number, date of birth, and address. Today, however, fraudsters are expanding these bundles to include far more sensitive material. In addition to government-issued documents like driver’s licenses or passports, listings on underground markets increasingly feature photographs of victims — sometimes even selfie-style images used for identity verification. These expanded data sets are marketed as “complete packages” and often sell for $12 per identity — a chilling indicator of how thoroughly personal privacy has been commoditized.
FinCEN data tells the story of identity theft’s dramatic escalation in the U.S. Identity theft SARs were relatively stable at 15k–19k monthly through 2020–2021, then surged sharply in 2022, nearly doubling to over 40k by late summer. Activity has stayed elevated since, averaging around 30k reports per month through 2023–2024, with seasonal spikes, and hitting a record 42.6k in March 2025. This shift reveals that identity theft has evolved into a persistent, systemic challenge, likely fueled by organized fraud rings, data breaches, and broader economic pressures.
The Interconnected Web of Financial Crime
Fraud in America doesn’t operate in silos. A stolen check isn’t just a stolen check, it’s often the opening move in a chain of crimes that leads to identity theft, account takeover, or full-blown scams. For criminals, these schemes are interchangeable parts of the same machine. For consumers, they’re different doorways to the same outcome: drained savings, ruined credit, and lasting harm. To fight back, it is crucial for us to connect the dots, and respond effectively to these developing trends.
Although it is very difficult to explain the reason for the increase in these four fraud types without empirical data which could be correlated with trends, it is possible that starting in 2022, fraud surged because criminals were sitting on mountains of stolen personal data collected during pandemic-era relief scams and data breaches, which they repurposed for account takeovers, card fraud, and synthetic identity schemes. At the same time, the rapid shift to mobile and remote banking created weak spots in authentication that were easy to exploit, while the rise of instant payments made stolen funds harder to recover. Old methods like check fraud also rebounded, driven by widespread mail theft and check washing. Adding to this, inflation and economic pressures pushed more people into organized fraud-for-hire networks, which professionalized operations and scaled attacks. Together, these forces created the conditions for a sharp and sustained rise in identity-related fraud.
Effective responses require coordinated action across multiple fronts. Policymakers should expand data-sharing mechanisms between financial institutions, regulators, and law enforcement, ensuring that insights from FinCEN reports are made more transparent and actionable. Stronger enforcement against mail theft, enhanced oversight of money service businesses, and investment in real-time anomaly detection can help disrupt fraud networks before they scale. Financial institutions should continue deploying best-in-class data and behavioral analytics, while exploring privacy-preserving ways to verify identities without relying solely on static personal data that can be stolen or resold.
For consumers, awareness and proactive protection are critical. Individuals should use unique, complex passwords with multi-factor authentication, monitor bank and credit card statements regularly, and place fraud alerts if personal data may have been compromised, and credit freezes ideally in advance. Vigilance against phishing emails, suspicious links, and requests for personal information remains essential. By combining robust institutional safeguards with informed consumer practices, the financial system can better withstand the accelerating threat of account takeover, check fraud, and identity theft into 2026.