Over the past year, the global payments landscape has shifted at a pace few anticipated. In a wide-ranging conversation with Cheque Point, Charles Lobo, Senior Vice President and Regional Risk Officer for Central and Eastern Europe, Middle East, and Africa (CEMEA) at Visa, outlined the rising complexity of the payments ecosystem — from real-time transfers to AI-powered scams.
Lobo breaks down four major forces reshaping the space: the rapid diversification of payment methods, the growing role of generative AI in enabling fraud, the scale of cyberattacks and the persistent gap between perceived and actual consumer readiness. Drawing on fresh insights from Visa’s latest Stay Secure study, he explains how rising consumer confidence in digital payments is shadowed by the reality of evolving threats and why “costly confidence” may be the new frontier in fraud prevention.
What major themes have shaped the payment ecosystem over the past 12 months? How has fraud evolved in response to these trends?
The payments ecosystem has transformed dramatically in the last 12 months. I always like to say that the amount of change we’ve witnessed in the last 12 to 24 months has been much more than the change we’ve witnessed in the last five years, which indicates the acceleration of change. There are four themes when we talk about these changes. The first one is the proliferation of ways to pay. The second one is the role of AI in the increasing sophistication of fraud. The third one is the surge of cyberattacks and cybercrime, and the fourth one is the fact that people continue to be the weakest link.
If we look at just payments—the ways people use payments today and what payment methods they have—there is an unprecedented acceleration in the different types of payment vehicles that we have, so the ways to pay have increased dramatically. Real-time payments, or account-to-account payments, have grown phenomenally in the past 12 months. A core characteristic of a real-time payment is that it’s instant, but it’s also irrevocable. These two characteristics of being instant and irrevocable are what create a big opportunity for scams and fraudsters to use those payment rails to conduct fraud at a scale that we have not seen before.
The second theme is around the intensification of the AI race. Generative AI is enabling fraud and scams to be conducted at a scale and sophistication that we’ve never seen before, [for example], deep fake videos and phishing email. It is making it increasingly difficult for people to identify and know whether an email is a phishing email versus a genuine email. We have seen an almost 10x increase between 2022 and 2023 in the rise of deep fakes. Previously, one would have to put in a lot of effort and a lot of resources to create attacks. Now with AI, the ability to ramp up is multiplied.
Not all aspects of AI are bad. There’s a lot of good that AI is doing, and at Visa, we are putting AI to good use. We’ve made huge investments in AI, specifically around how we can use it to detect bad actors and fraud in the system. One of the things with technology is that it allows attacks at scale. Our network gets attacked quite a bit because we are a payment network. But we’ve put AI and AI models to use—for example, in 2024, Visa blocked $203B worth of enumerated transactions. How do we get to that huge number? It’s because technology allows attackers to attack at scale. So, we’re also saying, how do we keep pace? How do we stay ahead of the curve? And so, we are using AI in that way.
The third dimension, which I mentioned, is this surge in cyberattacks. I want to contextualise it in the Visa frame of reference. Visa is a global network—we connect 15,000 financial institutions globally, and 150 million merchants connect to our network. If one were to think of the scale of our network, it’s 24 million route miles. Now, as you can imagine, that breadth of network is a wonderful attack surface for fraudsters and specifically cyberattacks. In a month, we block 340 million bot attacks on our APIs and 11 million phishing emails.
The fourth dimension, and this is the last dimension, which I mentioned, is about people being the weakest link. Every year, we conduct the Stay Secure survey. For 2025, what we found in this survey was that almost 100% of people acknowledged that they feel knowledgeable, and they feel that they could spot a scam. However, 86% of the people would probably respond to scam messages. So, when it’s actually happening, they miss the signs. They feel super confident, but when it’s happening, they miss the sign. What we uncovered in this year’s research is that 16% of the people we interviewed had been a victim twice. These are startling numbers for us. It surely indicates that a lot is changing in the world of risk and fraud.
Visa recently launched the ninth edition of its annual Stay Secure study. What are some key findings from this year’s report?
When we started Stay Secure, we were in one country, and we’re now in 17 countries. We talked to close to 6,000 individuals across the region for this edition. The purpose of Stay Secure is to understand how people are engaging in the payments space, their perceptions of security, their understanding of the language of fraud, and how they respond.
We have four broad findings.
The first big finding is that digital payments are on the rise—that’s no surprise, because in our day-to-day life, we can see digital payments at every turn. So, 74% of consumers anticipate using more digital payments as we go forward. If we look at the ability to know when a scam is happening, 97% of those we talked to said they felt knowledgeable, they felt that they had the awareness to spot and recognise a scam. This is up five percentage points from last year. Therefore, confidence is growing, hence people want to use, or anticipate using, more digital payments. The flip side of that is that over half, 52%, have fallen victim to a scam, and 16% have fallen victim twice or more.
It is a theme or a concept, which I call ‘costly confidence’, in which you feel you are in control. You feel that you know all the signs and signals, but when it’s actually happening, you miss the signs, and over half the people have fallen victim. However, there’s also the dimension of trust, and almost three-fourths of the folks we talked to, mostly or completely trusted digital payments. That’s a very key indicator. So, we are doing something right; therefore, people have this trust. However, I must caution that that trust cannot be taken for granted, and everybody in the industry must do their bit to ensure that we continue building trust in digital payments.
UAE consumers are increasingly embracing digital payments (81% expect to use them more in the next 12 months), but this growing trust is shadowed by the proliferation of scams. What insights can you share about this trend?
The UAE is an amazing market. We live in a very digital-first country. You can see that in the push from the government as well; government services today are seamless and easy, and digital payments are embedded in the whole government experience, so clearly, it is a very digital-first country. But what’s happening here is people are also taking the steps to safeguard themselves and secure themselves. When we talk to UAE consumers, half of them, 49%, had fallen victim to a scam. However, 60% have told us that they have taken active measures to secure themselves, which means that, while there are still people who are falling victim, a large portion of people are actively aware and taking strong steps to protect themselves. These steps can be as simple as signing up for SMS alerts from your financial institution. A large percentage also told us that they actively examine their financial statements that they get. Banks and financial institutions in the UAE do a great job of sending out statements of accounts and sending out SMS alerts. The good news is, if people are signing up, paying attention, then that’s the starting point of awareness—just being attentive.
While 77% of UAE consumers trust digital payments, there is room for improvement. What steps can merchants and banks take to bridge this gap?
There are many tools available out there to bridge the gap. And at the heart of all of this are the steps that one should take to build trust. That’s very critical, so things like two-factor authentication—for merchants, it’s important that, if you are running an e-commerce business, you make sure that you’ve adopted the 3D Secure protocol, which enables consumers to use two-factor authentication to authenticate themselves before they pay. That’s a great real-time fraud prevention mechanism, and it also inspires a lot of confidence among consumers, because we’ve seen that 86% of consumers felt safer when they were asked to put in another authentication factor, like a passcode. The development of telecoms in the country has been so great that it’s all seamless. The speed at which people can receive and enter those passcodes is tremendous. So, there’s really no reason why one shouldn’t adopt this technology.
Tokenisation is another dimension that we are very keen on, in terms of ensuring high adoption. Tokenisation is a technology in which your 16-digit card number gets converted into a token. Then, when it flows over the payment rails, it’s a very secure credential that cannot be broken. So, the actual card number is not used, but a token is used, and it’s like an alternative factor, and that alternative factor secures you, so your card number is safe. If someone infiltrates the network, they won’t have your actual card number. Therefore, tokenisation is a powerful tool, and we encourage both merchants and consumers [to adopt it]. I’ll give you a very practical example of a token. For example, Apple Pay is a token. When your card is loaded into your phone, a token is created. So, when it moves over the network, it’s a token. It’s a highly secure credential, much safer than a 16-digit card number.
Can you talk to us about Visa’s efforts to safeguard digital experiences?
We have various strategies that we put to work. We believe trust is at the heart of everything. It drives our mission and purpose.
We’ve been doubling down on investments in technology. Over the last five years, we’ve invested $12 billion in technologies to protect, in line with our strategy to protect, defend, and evolve with the times. We have over 100 products in our toolkit, which are built on AI or leverage AI technologies. Our data models have a capability of assessing 500 risk factors in 300 milliseconds—the blink of an eye.
Strengthening trust in payments is the first pillar of our strategy. Many real-time and Account -to-Account (A2A) payments don’t happen on the Visa network. But over 60 years, Visa has built up such strong expertise in risk management on a transactional model that we are now able to extend our AI models and offer them to other networks as well. Our newest solution, called Visa Protect for A2A payments, is using our intelligence, technologies, and capabilities to protect another domain of payments, as an example.
The second aspect is in the domain of cybercrime, which, as I said, has surged. A few months ago, we signed a Memorandum of Understanding (MoU) with Abu Dhabi Islamic Bank, where we collaborate with their cybersecurity division and look at ways in which Visa capabilities can be brought in to collectively enhance the state of cyber prevention.
We also talked about AI. Recently, we acquired a company called Featurespace, based in the UK. It’s a deeply AI- and model-oriented company that does tremendous work across fraud risk management. They’re now part of the Visa family. We’ve built scores for transactions through Visa Account Attack Intelligence—for every transaction, we create a score and provide our clients with it, so that they can make better decisions.
Very recently, we launched another asset—Visa Scam Protection. Scams are getting more and more sophisticated, so we’ve built a framework in which we can collaborate with our clients and partners to identify when a scam is working. This is possible by putting technology but also human judgment to use, enabling us to bring down those scam networks very fast. In the last year, about $350 million of scams have been brought down because of this effort.
The last bit has been consumer awareness. Stay Secure is front and centre of that, and it’s available to the public on our website. However, we’ve not only created the survey and published the results, we’ve also created assets for our clients to craft their own consumer awareness campaigns.
