Predictions of a post-EMV rise in card not present fraud appeared to be coming true, according to new data.

Fraud attacks on U.S. online merchants rose 11% after the Oct. 1, 2015, EMV liability shift, according to the latest Global Fraud Attack Index from fraud prevention firm Forter and Overall, online fraud attacks (both successful and unsuccessful) spiked 215% for all of 2015. This translated to 27 fraud attacks for every 1,000 online transactions at the end of 2015 compared to only nine per 1,000 at the beginning of 2015.

“What we’re seeing in this quarter’s index is a disturbing but expected trend,” Forter CEO Michael Reitblat said. “Since the October 2015 liability shift and the onset of EMV chip cards in brick and mortar stores, it’s clear fraudsters have not retired. Rather, they are flowing into the online world like no other time before.”

There are signs, however, that the fraud shift may be leveling off and fraudsters may have already made their last-minute push to exploit slow EMV adopters. Although fraud attacks on U.S. online merchants rose 11% between the third and fourth quarters of 2015 – after the EMV liability shift occurred – that 11% is much lower than the spikes earlier in 2015. Between the first and second quarters of 2015, online fraud attacks rose 69%; between the third and fourth quarters, they rose 67%.

However, that relatively small, 11% year-end rise was still concerning, according to the report.

“Typically, the rate of fraud ratchets down in Q4 as the market is flooded with valid holiday shopping transactions – but not in 2015,” it said. “The steady increase in fraud rates overwhelmed the decline we’d expect from seasonal fluctuations.”

EMV implementation may have been a factor, it said, noting that one explanation for the increased attack rate in the face of a spike in valid holiday transactions was the shift from card present fraud to card not present fraud.

According to the report, the biggest conduit for fraud was Botnet attacks, which are groups of computers that have been taken over, unbeknownst to the owners, for the purpose of mounting large-scale fraud attacks. At the beginning of 2015, they accounted for 34% of all attacks, but by the end of the year, they accounted for 83%, Forter found. Account takeovers – the second most popular method at the beginning of 2015 – fell from 17% to 3%. In the fourth quarter of 2015, the rate of fraud attacks on U.S. merchants was about 50% higher for transactions originating outside the U.S. than from transactions originating in the U.S., according to the data. 

Criminals are also coming harder after certain merchant segments.

“Luxury goods, because they are valuable targets, and digital goods, because they are easy targets, top the charts again; food and beverages are not where fraudsters are aiming their firepower,” the study said.

During 2015, the attack rates on luxury goods merchants almost doubled, and the attack rates on digital goods merchants more than quadrupled. The dollars involved in those attacks are getting bigger, too. For digital goods, for example, the potential fraud rose 13-fold from $0.60 of every $100 in the first quarter of 2015 to $7.77 of every $100 by the end of the year, according to Forter.

Nearly $5 of every $100 online sale is now subject to a fraud attack, according to the data.