SAN FRANCISCO -- To celebrate International Fraud Awareness Week, Visa (NYSE: V) released its Fall 2025 Biannual Threats Report, revealing five forces that are transforming the global payments security landscape.
The report, produced by Visa‘s Payment Ecosystem Risk and Control (PERC) team, draws on intelligence from Visa’s global network to identify how criminal operations are evolving with unprecedented speed, scale, and sophistication.
“The payments ecosystem is experiencing a paradigm shift in how fraud operates,” said Paul Fabara, Chief Risk and Client Services Officer at Visa. “Criminals are no longer working as opportunistic individuals-- they're operating like tech startups, building reusable infrastructure and deploying systematic, industrial-scale operations that challenge conventional defenses. Understanding these evolving forces is critical for the entire ecosystem to stay ahead of emerging threats.”
- The Industrialization of Fraud:
Fraud has evolved from opportunistic crime into systematic, industrial-scale operations. Criminals are building reusable infrastructure—including botnets, synthetic identities, templated scam scripts, and AI tooling—that can be deployed across multiple attack types simultaneously with the efficiency and scalability of a technology enterprise.
- The Monetization Playbook:
Criminals are operating with sophisticated dual-speed strategies: moving slowly and deliberately when stockpiling stolen credentials to maximize reach and evade detection.
- The Authenticity Crisis: The proliferation of sophisticated impersonation techniques and synthetic content is creating unprecedented challenges in verifying legitimate transactions and communications across the payment ecosystem.
- The Control Erosion Problem: Traditional security controls are being systematically tested and circumvented as criminals identify and exploit gaps in legacy defense mechanisms.
- The Third-Party Vulnerability Gap: The interconnected nature of the payments ecosystem creates cascading risk, with third-party providers representing critical points of vulnerability. Visa PERC reported a 41% increase in ransomware incidents affecting payments ecosystem entities from January to June 2025 compared to the previous six months, with analysis showing a 173% increase in Compromised Account Management System (CAMS) account distribution compared to the same period in 2024.
In addition to the report, Visa’s Payment Ecosystem Risk team expanded on the role of AI in the report with a standalone blog on threats with agentic commerce.
“The reality is that everyone with access to the internet can be a fraudster,” said Michael Jabbara, SVP, Visa Payment Ecosystem Risk and Control. “And while the advances in technology like agentic commerce are exciting, they also pose a real risk to consumers. Being educated in these trends are one of the best ways to protect yourself in this threat landscape.”
Visa is working closely with partners across the global payments ecosystem to address these emerging forces through enhanced intelligence sharing, advanced analytics, and collaborative defense strategies. With over $13 billion dollars invested over the last five years on technology and infrastructure, including in security and trust, Visa continues to develop next-generation security technologies and risk management capabilities to protect consumers, merchants, and financial institutions.
