Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report.
Criminals redirect efforts toward trust and third parties
Fraud involves behavioral manipulation, fragmented ecosystems, and faster attack cycles that use AI to pressure people into authorizing payments themselves.
The payments ecosystem continues to strengthen core defenses. Token fraud declined 9.6% and enumeration losses fell 16% from July through December 2025 compared with the same period in 2024. Improvements in tokenization, authentication, and network-level detection contributed to those results.
“Payments at a network level continue to get safer, but threats are evolving faster than ever,” said Paul Fabara, Chief Risk and Client Services Officer at Visa. “Criminals are increasingly targeting people rather than technology, using deception, urgency and AI‑enabled tools to exploit trust. Addressing this shift requires continuous innovation at the network level and close collaboration across banks, merchants, policymakers and the broader payments ecosystem.”
Attackers are directing more attention toward less-defended areas such as users and third-party dependencies. Fraud monitoring is moving toward early indicators that identify ecosystem vulnerabilities, partner dependencies, and process gaps.
Companies are tracking fraud activity across channels, jurisdictions, and use cases. Merchant onboarding, identity verification, platform integrity, cross-partner coordination, and threat intelligence are becoming larger parts of fraud operations.
Scams continue to expand
Scam activity is becoming a larger part of consumer fraud. Nearly $1 billion in scam activity was identified between July and December 2025. AI is helping threat actors scale deceptive campaigns and refine tactics. AI-generated content, voice impersonation, and deepfake media can increase the reach and credibility of scams.
“The rapid adoption of AI has fundamentally lowered the barrier to entry for fraud,” said Michael Jabbara, SVP, Payment Ecosystem Risk and Control at Visa. “What once required deep technical skill can now be executed with a prompt. That reality makes intelligence-driven defenses and coordinated action across the ecosystem more critical than ever. With this report, our goal is to help leaders act sooner – before fraud reaches consumers.”
Authorization controls have limits in scam prevention because transactions can appear legitimate when users approve them themselves. Detection efforts are expanding to include identity verification, intent analysis, and indicators of manipulation.
Enterprises are focusing on identifying impersonation patterns, monitoring higher-risk channels such as search, advertising, and social platforms, strengthening trusted customer communication methods, and improving coordination between ecosystem partners to disrupt scam operations.
AI is increasing the speed of fraud operations
Threat actors are using AI to create more personalized scams, automate workflows, and adjust tactics. Defenders are applying AI to identify anomalies earlier, stop attacks before they reach consumers or merchants, and improve detection accuracy.
Speed is becoming a larger factor in fraud operations. Attack campaigns can scale and adapt at a faster rate, and AI tools have compressed ransomware attack timelines from days to minutes.
Organizations that rely on manual review processes can experience increasing pressure in this environment. More attention is moving toward automation in detection, triage, and response, along with authentication methods designed to withstand synthetic audio, video, and other AI-supported deception techniques. Cross-partner coordination is becoming a larger part of incident response efforts.
Ransomware activity rises as payments decline
Ransomware activity continued to increase during the second half of 2025. Incidents rose 26% from July through December 2025 compared with the same period in 2024. Victims paid less often during the same period, with 23% paying ransoms, the lowest rate on record. Average ransom payments dropped 66% from July through September 2025 compared with April through June 2025.
Organizations are prioritizing operational recovery and limiting the spread of an incident after an intrusion occurs.
Recovery time objectives, backup integrity, and measures designed to reduce the impact of third-party incidents are becoming larger parts of ransomware planning and response efforts.
