Criminals are increasingly deploying artificial intelligence and social engineering to manipulate users into authorizing payments, a new report by Visa has revealed.
The Visa Mid-year 2026 Biannual Threats Report shows that while payment infrastructure security continues to strengthen, criminals are moving away from technical system breaches and instead exploiting human trust impersonating institutions, creating urgency, and deceiving victims into initiating seemingly legitimate transactions.
"Payments at a network level continue to get safer, but threats are evolving faster than ever," said Paul Fabara, Chief Risk and Client Services Officer at Visa.
"Criminals are increasingly targeting people rather than technology, using deception, urgency and AI enabled tools to exploit trust. Addressing this shift requires continuous innovation at the network level and close collaboration across banks, merchants, policymakers and the broader payments ecosystem."
Keep up with the latest headlines on WhatsApp | LinkedIn
The report shows that from July to December 2025, nearly $1 billion (Sh160 billion) was linked to scam-related activity, making scams the single largest category of consumer payment fraud.
It also notes that fraud involving device tokens fell by 9.6 per cent over the same period in 2024, indicating that stronger authentication systems are working even as overall attack volumes rise.
Global ransomware activity increased by 26 per cent over the same period, but only 23 per cent of victims paid ransoms; the lowest rate on record; reflecting growing resilience among organizations and a reduced willingness to fund criminal networks even when data exposure risks remain.
"The rapid adoption of AI has fundamentally lowered the barrier to entry for fraud," said Michael Jabbara, SVP, Payment Ecosystem Risk and Control at Visa.
In Kenya, the rapid expansion of digital financial services led by mobile money platforms such as Safaricom's M-Pesa ecosystem, digital banking, and fintech lending apps has created a highly digitized economy that is increasingly exposed to cyber-enabled fraud.
The Central Bank of Kenya (CBK) has repeatedly flagged rising cases of phishing, SIM-swap fraud, and account takeover attempts targeting mobile and online banking users, even as it pushes reforms under the National Payments Strategy to strengthen digital trust and financial inclusion.
Meanwhile, the Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) continues to warn that cybercriminals are increasingly relying on impersonation tactics, posing as banks, regulators, or service providers to trick users into revealing sensitive information or authorizing payments.
Sign up for free AllAfrica Newsletters
Get the latest in African news delivered straight to your inbox
These trends mirror Visa's global findings, where fraud is shifting from system hacking to psychologically driven manipulation that exploits trust as the weakest security point.
Kenya's exposure is further heightened by its position as one of Africa's leading mobile money markets. National cyber security monitoring consistently identifies phishing, SIM-swap fraud, and social engineering as persistent threats, especially as real-time mobile transactions dominate everyday commerce.
A TransUnion Africa fraud analysis shows Kenya continues to record elevated suspected digital fraud attempts, with criminals increasingly using AI-driven impersonation and synthetic identities to bypass onboarding systems.
Experts also warn that generative AI is making scams more scalable by enabling highly convincing fake messages and customer service interactions.
A recent banking sector assessment found that payment fraud has become a leading cybercrime category in Kenya, driven largely by social engineering and instant digital transfers, with losses running into billions of shillings annually.
As AI accelerates both innovation and fraud, experts say Kenya's next phase of financial security will depend on stronger institutional safeguards, real-time detection systems, and sustained public awareness to reduce human vulnerability in an increasingly automated fraud economy.
