Why Scams Have Become the Biggest Consumer Payment Fraud Threat

Instead of stealing credentials or breaching systems, scammers often:

• Impersonate trusted brands, financial institutions, or government agencies
• Create urgency or fear to pressure victims into acting quickly
• Convince users to send money or approve transactions that appear legitimate

Because the payment is technically authorized by the victim, these scams can bypass many of the automated safeguards designed to detect unauthorized fraud.

Visa characterizes the trend as a shift toward fraud driven by behavioral manipulation, where criminals exploit psychology rather than software vulnerabilities.

The Growing Role of AI in Scams

Artificial intelligence is amplifying the effectiveness of social‑engineering attacks.

According to the report, criminals increasingly use AI tools to generate convincing messages, automate scam campaigns, and impersonate individuals or organizations at scale.

Examples highlighted in the report include:

• AI‑generated messages and content designed to mimic legitimate communications
• Voice impersonation or deepfake audio that can imitate trusted contacts
• Automated tools that scale scam operations across thousands of potential victims

These technologies lower the technical barrier for criminals and allow attacks to operate more like organized digital businesses. In Visa’s view, fraud operations are increasingly industrialized, with reusable infrastructure and tools that enable rapid expansion across multiple scam types.

Key Statistics From the Spring 2026 Report

Visa’s data highlights how quickly the fraud landscape is evolving:

• Nearly $1 billion in scam activity was identified between July and December 2025, making scams the largest category of consumer payment fraud during that period.
• Device‑token fraud declined by 9.6% compared with the same period a year earlier, suggesting improvements in core payment security controls.
• Enumeration losses fell by 16%, reflecting progress in defending against automated card‑number testing attacks.
• Ransomware activity increased by 26% during the same July–December 2025 period.
• Despite the rise in ransomware incidents, only 23% of victims paid, the lowest payment rate recorded in Visa’s tracking.

Taken together, the numbers show a mixed picture: while some traditional fraud techniques are declining, financially motivated cybercrime is shifting toward scams that target individuals directly.

Why Visa Says Collaboration Is Critical

Visa argues that modern scams are difficult to stop because they span multiple organizations and platforms.

An attack might begin with a fraudulent advertisement or social‑media message, move through messaging apps or phone calls, and ultimately end with a payment authorized through a bank or merchant platform. No single entity can see the entire chain.

The report warns that the biggest weaknesses often appear at “ecosystem seams”—the boundaries between institutions where information sharing or coordination is limited.

To counter the threat, Visa calls for a system‑level response involving:

• Banks and payment networks
• Merchants and digital platforms
• Technology providers
• Policymakers and regulators
• Law‑enforcement agencies

Because AI‑enabled scams can operate at machine speed, Visa argues that siloed or manual defenses are increasingly ineffective without real‑time collaboration across the payments ecosystem.

A New Fraud Landscape

The report’s core conclusion is that payment security improvements are working—but they are also reshaping the threat landscape. As technical defenses strengthen, criminals are redirecting their efforts toward manipulating users rather than breaching systems.

That shift means fraud prevention strategies must increasingly address human behavior, cross‑platform scams, and AI‑driven deception—not just payment‑network vulnerabilities.