The New Economics of Fraud: Cheaper, Faster, and More Convincing
▼ Summary
– AI-enabled impersonation and social engineering are driving scams as a fast-growing consumer risk, with nearly $1 billion in scam activity identified from July to December 2025.
– Core payment defenses improved, with token fraud down 9.6% and enumeration losses down 16% from July to December 2025 compared to the same period in 2024.
– Criminals are shifting focus to less-defended areas like users and third parties, using AI to create personalized scams and deepfake media.
– AI has accelerated fraud operations, compressing ransomware attack timelines from days to minutes and enabling automated, adaptive campaigns.
– Ransomware incidents rose 26% from July to December 2025, but ransom payment rates fell to a record low of 23%, with average payments dropping 66% from the previous quarter.
Scams have emerged as one of the fastest-growing consumer risks, fueled by AI-enabled impersonation, social engineering, and increasingly sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals are shifting their focus toward exploiting trust and targeting third parties, leveraging behavioral manipulation and faster attack cycles that pressure victims into authorizing payments themselves.
The payments ecosystem continues to strengthen core defenses, with token fraud declining 9.6% and enumeration losses falling 16% from July through December 2025 compared to the same period in 2024. These improvements are attributed to advancements in tokenization, authentication, and network-level detection. “Payments at a network level continue to get safer, but threats are evolving faster than ever,” said Paul Fabara, Chief Risk and Client Services Officer at Visa. “Criminals are increasingly targeting people rather than technology, using deception, urgency and AI-enabled tools to exploit trust. Addressing this shift requires continuous innovation at the network level and close collaboration across banks, merchants, policymakers and the broader payments ecosystem.”
Attackers are now concentrating on less-defended areas, such as end users and third-party dependencies. Fraud monitoring is evolving to focus on early indicators that reveal ecosystem vulnerabilities, partner dependencies, and process gaps. Companies are tracking fraudulent activity across multiple channels, jurisdictions, and use cases, with greater emphasis on merchant onboarding, identity verification, platform integrity, and cross-partner coordination.
Scam activity is expanding as a major component of consumer fraud, with nearly $1 billion in scam activity identified between July and December 2025. AI is enabling threat actors to scale deceptive campaigns and refine their tactics through AI-generated content, voice impersonation, and deepfake media, increasing both the reach and credibility of scams. “The rapid adoption of AI has fundamentally lowered the barrier to entry for fraud,” said Michael Jabbara, SVP of Payment Ecosystem Risk and Control at Visa. “What once required deep technical skill can now be executed with a prompt. That reality makes intelligence-driven defenses and coordinated action across the ecosystem more critical than ever. With this report, our goal is to help leaders act sooner – before fraud reaches consumers.”
Authorization controls have limitations in preventing scams, as transactions can appear legitimate when users approve them themselves. Detection efforts are expanding to include identity verification, intent analysis, and indicators of manipulation. Enterprises are focusing on identifying impersonation patterns, monitoring higher-risk channels like search, advertising, and social platforms, strengthening trusted customer communication methods, and improving coordination among ecosystem partners to disrupt scam operations.
AI is accelerating the speed of fraud operations, allowing threat actors to create more personalized scams, automate workflows, and adjust tactics in real time. Defenders are applying AI to identify anomalies earlier, stop attacks before they reach consumers or merchants, and improve detection accuracy. Attack campaigns can now scale and adapt faster, with AI tools compressing ransomware attack timelines from days to minutes. Organizations relying on manual review processes face increasing pressure, prompting a shift toward automation in detection, triage, and response, along with authentication methods designed to withstand synthetic audio, video, and other AI-supported deception techniques.
Ransomware activity continues to rise, with incidents increasing 26% from July through December 2025 compared to the same period in 2024. However, victims are paying less often, with only 23% paying ransoms,the lowest rate on record. Average ransom payments dropped 66% from July through September 2025 compared to April through June 2025. Organizations are prioritizing operational recovery and limiting the spread of incidents after intrusions occur. Recovery time objectives, backup integrity, and measures to reduce the impact of third-party incidents are becoming central to ransomware planning and response strategies.
(Source: Help Net Security)
