Payment threats are evolving—is your financial institution keeping up?
Visa’s Spring 2026 Biannual Threats Report reveals that payment security risks are shifting away from technical vulnerabilities and toward behavioral tricks, scams and weaknesses across the broader payments ecosystem. While security controls are improving, staying ahead of today’s threats requires speed, coordination and resilience from every financial institution and partner involved.
Core Controls Are Improving, but Risk Is Migrating
Visa reports continued reductions in certain categories of fraud, supported by expanded tokenization, stronger authentication and network‑level monitoring. However, the report emphasizes that these improvements have prompted adversaries to redirect activity toward less‑defended areas, including people, processes and third‑party dependencies. As a result, the most consequential failures increasingly occur at ecosystem boundaries where visibility and incentives may not be fully aligned.
Scams are a Primary Source of Consumer Fraud
The report identifies scams as the largest and fastest‑growing category of consumer fraud. Unlike traditional fraud, scam transactions often appear legitimate from an authorization standpoint, as consumers are manipulated into initiating payments themselves. This shift reframes fraud as a behavioral challenge, requiring organizations to move beyond credential‑focused controls toward approaches that identify deception, impersonation and manipulation across customer interaction channels.
Artificial Intelligence and the Acceleration of Fraud Cycles
Visa observes that artificial intelligence (AI) is compressing the fraud lifecycle for both attackers and defenders. Threat actors are using AI to personalize scams, automate workflows and adapt tactics rapidly. In response, defensive capabilities increasingly rely on AI‑driven detection, automation and real‑time response. The report highlights speed as a defining advantage, noting that manual and siloed review models are increasingly disadvantaged in an environment where attacks evolve at machine speed.
Ransomware and the Growing Importance of Resilience
While ransomware activity continues to rise, the report notes a declining willingness among victims to pay ransoms. This trend reflects growing recognition that payment does not reliably prevent data exposure. As a result, this frames ransomware less as a pure prevention problem and more as a resilience and recovery challenge, emphasizing the importance of recovery readiness, containment and reduced third‑party blast radius.
Adapting Risk Programs to a Changing Threat Environment
As payment risk shifts toward scams, third‑party exposure and faster‑moving threat activity, financial institutions need risk management programs that extend beyond traditional fraud and cyber controls. Visa’s report highlights the growing importance of governance, coordination and resilience across the payments ecosystem.
How Schneider Downs Can Help
Schneider Downs supports financial institutions as they respond to evolving fraud, technology and third‑party risks. Our professionals assist organizations in evaluating fraud risk management programs, strengthening IT and cyber risk controls and enhancing third‑party risk oversight to address ecosystem‑level exposures. Through integrated risk advisory services, we help institutions align governance, detection and response capabilities with an increasingly fast‑moving and interconnected threat environment.
If your organization needs assistance in proactively addressing these risks, please contact our team at [email protected].
About Schneider Downs Financial Services
The Schneider Downs Financial Services industry group supports financial institutions as they navigate evolving risk, regulatory and governance challenges. Our professionals work with institutions to strengthen internal audit, risk advisory and related risk management programs that support sound decision‑making, operational effectiveness and regulatory alignment.
Through services spanning internal audit, risk advisory, IT risk advisory, third‑party risk management, fraud risk advisory and enterprise risk and compliance, we help financial institutions design and enhance resilient, risk‑based programs aligned with their strategic objectives and operating environment.
To learn more, visit our Financial Services Industry Group page.
