Visa Report: Payment Fraud Has Become Industrial-Scale Business

Criminal fraud operations have evolved dramatically over recent years. What were once isolated incidents are now organized enterprises operating at an industrial scale. According to Visa’s latest report, criminal groups are increasingly relying on reusable infrastructure such as botnets, synthetic identities, and AI-driven scripts to carry out payment fraud more efficiently.

The report highlights a significant rise in discussions on underground forums, particularly regarding the use of AI agents for automated social engineering, data extraction, and transaction execution, which have increased by nearly 480 percent. At the same time, cases involving “recovered accounts” following mass credential dumps have surged by more than 220 percent, showing how large data breaches are being converted into profitable fraud campaigns.

Fraudsters have also changed the way they monetize stolen credentials. They often store compromised information and act quickly to extract value before defensive systems can respond. Instant payment systems, mobile wallets, cross-border transfers, and neobank platforms are being exploited to move money rapidly, often before victims or banks notice. In many cases, cards stored on file are tested in bulk, and once validated, they are used for high-value transactions at merchants outside the card’s issuing region.

AI-generated synthetic content is further weakening identity verification and onboarding processes. Fake merchant websites, forged documents, and synthetic identities can now pass as legitimate entities, allowing fraudulent merchants to operate undetected. Social engineering has also become more sophisticated, with AI-powered conversational agents carrying out convincing dialogues without human oversight. This development makes it increasingly difficult for traditional fraud detection methods to identify suspicious activity.

Traditional controls, such as threshold-based rules, manual reviews, and visual checks, are failing against these modern tactics. Fraudsters spread small probing transactions across many merchants, keeping individual merchant activity below detection limits. Fraud is also shifting away from banks to weaker points in the payment ecosystem, including third-party processors, service providers, and merchants. Ransomware incidents affecting the payments ecosystem have increased significantly, alongside a steep rise in compromised accounts through account management systems.

As a result, a breach in even a small vendor or third-party provider can cascade through the payment ecosystem, exposing vast amounts of user data and payment instruments, often without the direct involvement of the user’s bank