To mark International Fraud Awareness Week, Visa (NYSE: V) released its Fall 2025 Biannual Threats Report, revealing five forces that are transforming the global payments security landscape. The report, produced by Visa’s Payment Ecosystem Risk and Control team, draws on intelligence from Visa’s network to identify how criminal operations are said to be evolving “with speed, scale, and sophistication.”
Paul Fabara, Chief Risk and Client Services Officer at Visa said that criminals are no longer working as opportunistic individuals– they’re “operating like tech startups, building reusable infrastructure and deploying systematic, industrial-scale operations that challenge conventional defenses.”
Understanding these forces is “critical for the ecosystem to stay ahead of emerging threats.”
- The Industrialization of Fraud: Fraud has evolved from opportunistic crime into systematic, industrial-scale operations. Criminals are building reusable infrastructure—including botnets, synthetic identities, templated scam scripts, and AI tooling—that can be deployed across multiple attack types simultaneously with the efficiency and scalability of a technology enterprise.
- The Monetization Playbook: Criminals are operating with sophisticated dual-speed strategies: moving slowly and deliberately when stockpiling stolen credentials to maximize reach and evade detection.
- The Authenticity Crisis: The proliferation of sophisticated impersonation techniques and synthetic content is creating unprecedented challenges in verifying legitimate transactions and communications across the payment ecosystem.
- The Control Erosion Problem: Traditional security controls are being systematically tested and circumvented as criminals identify and exploit gaps in legacy defense mechanisms.
- The Third-Party Vulnerability Gap: The interconnected nature of the payments ecosystem creates cascading risk, with third-party providers representing critical points of vulnerability. Visa PERC reported a 41% increase in ransomware incidents affecting payments ecosystem entities from January to June 2025 compared to the previous six months, with analysis showing a 173% increase in Compromised Account Management System (CAMS) account distribution compared to the same period in 2024.
In addition to the report, Visa’s Payment Ecosystem Risk team expanded on the role of AI in the report with insights on threats with agentic commerce.
Michael Jabbara, SVP, Visa Payment Ecosystem Risk and Control, said that while the advances in tech like agentic commerce are promising, they also pose a “real risk to consumers.”
Being educated in these trends are “one of the best ways to protect yourself in this threat landscape.”
Visa is working with partners across the payments ecosystem to address these forces via intelligence sharing, analytics, and defense strategies.
With more than $13 billion dollars invested over the past 5 years on tech and infrastructure, including in security and trust, Visa continues to develop security technologies and risk management capabilities in order to protect consumers, merchants, and FIs.