Visa’s latest Fall 2025 Biannual Threats Report, released during International Fraud Awareness Week by its Payment Ecosystem Risk and Control (PERC) team, outlines five critical forces reshaping the global payments security landscape due to the rapid evolution of criminal operations.

The report details a significant shift, with Paul Fabara, Chief Risk and Client Services Officer at Visa, stating that “The payments ecosystem is experiencing a paradigm shift in how fraud operates.” He elaborated that criminals are no longer opportunistic individuals but instead function “like tech startups, building reusable infrastructure and deploying systematic, industrial-scale operations that challenge conventional defenses.” Fabara emphasized that understanding these forces is crucial for the entire ecosystem to combat emerging threats.

The five forces identified in the report are: the Industrialization of Fraud, where criminal activities mimic technology enterprises by building reusable infrastructure such as botnets, synthetic identities, templated scam scripts, and AI tooling; the Monetization Playbook, which involves sophisticated dual-speed strategies for stockpiling credentials to maximize reach and evade detection; the Authenticity Crisis, driven by the proliferation of impersonation techniques and synthetic content making transaction verification difficult; the Control Erosion Problem, where traditional security controls are systematically tested and bypassed; and the Third-Party Vulnerability Gap, highlighting cascading risks from interconnected third-party providers.

Visa’s PERC team reported a 41% increase in ransomware incidents affecting payments ecosystem entities between January and June 2025, compared to the preceding six months. Analysis further indicated a 173% increase in Compromised Account Management System (CAMS) account distribution during the same period in 2025 when compared to 2024. The Payment Ecosystem Risk team also published a separate blog post expanding on the role of AI in threats, specifically concerning agentic commerce.

Michael Jabbara, SVP, Visa Payment Ecosystem Risk and Control, noted the accessibility of fraudulent activities, stating, “The reality is that everyone with access to the internet can be a fraudster.” He also cautioned that while technologies like agentic commerce are exciting, they present “a real risk to consumers,” underscoring education as a primary defense.

To counter these threats, Visa is collaborating with partners across the global payments ecosystem, focusing on enhanced intelligence sharing, advanced analytics, and collaborative defense strategies. The company has invested over $13 billion in technology and infrastructure, including security and trust initiatives, over the past five years to develop next-generation security technologies and risk management capabilities.