Visa Fraud: AI and Social Engineering Drive Scams
A new analysis from Visa warns that criminals are weaponizing artificial intelligence and human manipulation, pushing scams to the forefront of consumer losses across the payments landscape.
Dive Brief: Key Findings on Payment Fraud
Visa’s Biannual Threats Report is a twice-yearly briefing that summarizes notable payment-security risks and trends for financial institutions, businesses, regulators, and other stakeholders. It highlights issues such as scams, ransomware, AI-enabled fraud, and high-volume probing activity against payment flows; prior editions are typically available on Visa’s official website through its newsroom and security resources sections under the Biannual Threats Report series.
| Threat Type | Description | Impact/Statistics |
|---|---|---|
| AI-Assisted Social Engineering | Threat actors increasingly use social engineering and AI to deceive victims and extract money. | Accelerates outreach and personalization, increasing victim conversion. |
| Scams | Scams are identified as the leading consumer fraud type in the Spring 2026 edition. | About $1 billion in suspected scam transactions were flagged in the second half of 2025. |
| Behavioral Manipulation and Ecosystem Fragmentation | Fraud is being reshaped by behavioral manipulation, fragmented environments, and faster AI-fueled attack cycles. | Shortens the window for slower, manual controls to respond effectively. |
Dive Insight: How AI and Social Engineering Shape Security Risks
Even as some payment threat indicators cool, Visa cautioned that fraudsters are exploiting human factors and AI to execute attacks against consumers and businesses. The company points to AI-driven deception, social engineering, ransomware, and complexity across connected payment channels as key pressures on security teams.
The report notes adversaries automate campaigns with AI, while the network is also employing the technology to stop attacks earlier and curb losses through real-time defenses. Visa has emphasized AI-driven monitoring that can score risk in the moment, surface anomalies, and help trigger earlier intervention before losses compound.
A core takeaway: slow, pattern-based controls and manual reviews cannot match machine-driven attackers operating at scale.
AI-based defenses are becoming table stakes in payments because attackers can test, adapt, and relaunch campaigns faster than traditional review cycles can respond.
Fabara said criminals are focusing on people more than systems, using deception, urgency, and AI-enabled tools to exploit trust within the digital environment.
- Continuous innovation at the network layer
- Coordination among banks
- Coordination among merchants
- Coordination among policymakers
- Coordination within the broader payments ecosystem
Global ransomware incidents rose 26% from 2024 to 2025, yet only 23% of victims paid. Many organizations refrain because paying rarely prevents sensitive data from being exposed.
Among victims that did pay, average ransom amounts fell 66% from July to September 2025 versus the prior quarter. A Visa spokesperson declined to share further details.
Another risk frequently tracked in payment-security reporting is a payment enumeration attack, in which an attacker rapidly tests large volumes of possible card or account data (or transaction parameters) to identify valid combinations. Common defenses include rate limiting, CAPTCHA or similar bot friction, anomaly detection tuned for high-velocity trials, and monitoring for repeated failures across shared attributes such as device or IP signals.
Industry participants beyond Visa have similarly warned that AI is accelerating fraudulent activity across digital payments.
Nasdaq’s Verafin reported in March that worldwide criminal takings increased 9.2% year over year. Losses tied to AI-enabled or tech-assisted scams climbed 19.6% to $14.3 billion.
- Deploy intelligence-driven controls
- Improve detection
- Strengthen resilience
“You really need AI to fight AI,” said Matt Vega, chief fraud strategist at Sardine, speaking at the Nacha Smarter Faster Payments Conference last month.
Separately, in immigration contexts, an example of visa abuse can include overstaying a visa, working without authorization, or using a visa for a purpose other than what it permits.
- Confirm what you observed and document non-sensitive details you can describe accurately, such as dates, locations, and the type of suspected violation.
- Identify the appropriate government authority in your country that handles immigration compliance and enforcement.
- Submit a report through that agency’s official online tip form or designated reporting channel; in the United States, this is commonly done through USCIS or Immigration and Customs Enforcement tip reporting options.
- Provide the information you have without submitting personal data you cannot lawfully share, and avoid confrontation with the person involved.
- Keep a copy of any confirmation or reference number you receive, and be prepared to respond if authorities request additional details.