Visa report: AI-driven scams speed up fraud and trick people into authorizing fake payments

Visa’s Spring 2026 Biannual Threats Report warns that AI-accelerated social engineering is the fastest — growing source of consumer harm, shifting fraud from stolen credentials to deception that convinces victims to authorize fraudulent payments;

Visa’s Spring 2026 Biannual Threats Report finds AI-accelerated scams are now the fastest — growing source of consumer harm, driven by generative models and automation that compress the fraud cycle and make deception quicker and easier. That acceleration matters because it shifts fraud away from credential theft and account takeover toward schemes that rely on convincing real people to authorize payments themselves, increasing consumer losses and operational strain on financial providers.

The report highlights a rising vector it calls ClickFix — style social engineering. In these attacks victims see a convincing “fix” — for example, a fake malware alert instructing them to open a command prompt, paste a code and run it-which actually executes malicious commands. Because the harmful action is carried out by a tricked user rather than by bypassing technical controls, standard security defenses that focus on blocking malware or stolen credentials are often ineffective.

Applied to payments, ClickFix and similar tactics become direct routes to fraud. Many payment flows require an explicit user action — an in-app confirmation, a one-time passcode, or a manual click to approve — and fraudsters are increasingly aiming to manipulate those authorizations. Visa says AI-generated scam messaging, voice impersonation and deepfake media expand both the reach of attacks and the perceived credibility of the sender, making authorization — based fraud more effective and scalable.

That changes the detection and response landscape: the market is shifting from concentrating on stolen credentials and account hijacking to focusing on behavioral and deception signals that indicate a user has been manipulated. Visa urges financial institutions to adapt fraud strategies accordingly, emphasizing detection of deceptive patterns and behavioral anomalies rather than relying solely on credential compromise indicators. between July and December 2025 it detected nearly $1 billion in scam-related activity, underscoring the immediate financial exposure for consumers — who frequently shoulder the cost when they authorize transactions — and the pressure on banks and payment platforms to evolve risk controls rapidly.

The report also underlines AI’s dual-use nature: the same tools that can enhance security and efficiency are being weaponized by criminals. Visa’s takeaway for builders and financial teams is to prioritize deception detection, invest in user education to reduce risky authorizations, and update fraud playbooks to address AI-augmented social engineering instead of depending only on traditional credential — based defenses.