Digital payments fraud in LATAM: evolution, emerging threats, and regulatory challenges

Oswaldo de Gracia, Fraud SME at Featurespace, a Visa Solution, shares more about the evolution, emerging threats, and regulatory challenges of digital payments fraud in LATAM.

In recent years, Latin America has experienced significant growth in the offering and adoption of digital services, driven primarily by financial inclusion, technological innovation, and the evolution of ecommerce. In this context, immediate payment systems are also emerging and rapidly expanding across the region. PIX in Brazil, SPEI/CoDi in Mexico, Transferencias 3.0 in Argentina, and the launch of Bre-B in Colombia in the coming months are good examples. Thanks to their interoperability, availability, and accessibility, these systems have become key tools to further promote financial inclusion and innovation in the region.

However, as is often the case when innovation facilitates the movement of money and the acceptance of diverse payment methods, there is a direct correlation between this evolution and the rise of fraud typologies that exploit these new capabilities. This environment has been leveraged by fraudsters and organised crime to develop new types of fraud, which coexist with previously known schemes.

Fraud trends

Cybersecurity incidents have a direct impact on fraud trends in Latin America. Cases of ransomware and data breaches, frequently occurring in both public and private entities, expose consumers’ personal information. Criminals exploit this data through various attack vectors. Notably, such incidents grew at a faster pace in Latin America than in any other region globally during the last six months of 2024, according to a Visa Threat Report. It is important to highlight the growing relevance of mobile trojans in the regional fraud landscape.

When it comes to data related to card numbers, CVV codes, or expiration dates, their impact on fraud trends is clear: Card-Not-Present (CNP) fraud remains the most dominant type in the region. Another persistent trend affecting both issuers and merchants is enumeration attacks—automated attempts to guess full payment card details (number, CVV2, expiration date) via ecommerce transactions. These threats grew by 63% for issuers and 21% for acquirers in the second half of 2024 compared to the previous six months, as indicated in the same Visa report.

Scams: the fastest-growing threat

Scams, also known as Authorised Push Payment (APP), are the fastest-growing fraud typology in the region. These scams involve deceiving or manipulating customers—using a range of social engineering techniques—to make payments to accounts controlled by fraudsters.

There are four main reasons why cybercriminals are increasingly investing in this type of fraud:

1. Traditional security controls are ineffective: measures designed to prevent ‘traditional’ third-party fraud lose their effectiveness in the case of scams, since the legitimate customer initiates the transaction and passes all authentication checks.
2. Regulation does not always protect victims: local regulations are often unclear or do not favour victims in terms of compensation, which means preventive measures for this type of fraud are neither common nor effective.
3. Compromised information makes scams more effective: criminals combine large-scale scams targeting the general population—using AI for well-known techniques such as phishing, smishing, or vishing—with more targeted, sophisticated, and credible schemes. Frequent personal data breaches and security incidents across the region provide criminals with the information needed to design scams that are harder to detect and more likely to succeed.
4. The financial ecosystem favours the movement of money: the ease and speed of transferring funds—especially through real-time payments—enables criminals to quickly move stolen money between mule accounts, performing money laundering activities.

Another type of fraud that has grown in recent years combines third-party fraud with social engineering and direct interaction with the legitimate customer. In some Latin American countries, this is called a ‘guided scam’. There is ongoing debate about whether these should be classified as scams, but leading fraud classifiers agree that the key element is the payment initiator, which in the case of guided scams is the fraudster.

Regulatory challenges

In a landscape marked by emerging threats to consumers and growing challenges for the payments ecosystem, attention is turning to local regulatory authorities to establish a framework that promotes the security of participating entities, clarifies liability in fraud cases, and fosters a trustworthy environment.

Unlike the approach taken in the United Kingdom—where the Payment Systems Regulator (PSR) has introduced protection mechanisms in favour of scam victims and assigns responsibility between the sending and receiving institutions—the situation in LATAM remains fragmented. While there is a visible trend in that direction, liability in cases of scams is still poorly defined or often falls on the consumer. The burden typically lies with the victims, posing significant regulatory challenges in an environment where payments are becoming faster and scams increasingly sophisticated.

Fraud prevention best practices for the regional context

Financial institutions can proactively prepare for both known and emerging threats, as well as future regulatory updates. Some good practices and proactive effective measures to protect organisations and consumers—and gain a competitive advantage in a vulnerability-exploiting landscape—include:

Source: Featurespace*

Ultimately, as digital payments continue to evolve in the region, the challenge for LATAM’s financial institutions lies in taking proactive measures. Leveraging advanced analytics, enhancing customer communication, and working closely with regulators will be critical for the future of digital payments in the region. A collaborative approach involving technological innovation and fluent communication among the industry peers is proving to be key.

*You can read more about EBA Fraud Taxonomy or Fraud Classifier Model at https://www.abe-eba.eu/publications/ and https://fedpaymentsimprovement.org/strategic-initiatives/payments-security/fraudclassifier-model/.

 

About author

 

Oswaldo de Garcia is a seasoned fraud prevention expert with over 15 years of experience in the financial sector, primarily at a leading Spanish bank. He has held various operational and analytical roles in Spain and the USA, later consulting in Spain and LATAM. Since 2022, Oswaldo has been a Fraud Subject Matter Expert at Featurespace, a Visa Solution, supporting multiple teams and driving innovation by championing the industry and customer perspective.

 

About Featurespace

Featurespace, a Visa Solution, is a global AI-native transaction monitoring company that helps to prevent fraud and financial crime. Using artificial intelligence, it analyses data in real time to identify and stop existing and new forms of fraud and financial crime.  

Delivering on its mission to make the world a safer place to transact, Featurespace works with many of the world’s largest banks and financial institutions, protecting 500 million consumers globally and safely processing over 100 billion payment events each year.