Experts have warned banks and merchants must prepare for an increase in card fraud ahead of the 2026 FIFA World Cup in North America.
The FIFA World Cup is the most watched sporting event in the world and this next edition taking place across Canada, the US and Mexico promises to be the biggest and best to date.
Merchants and banks will be preparing for a busy period, with over 5.5 million global football fans expected to make the trip. However, Frank Moreno, CMO at Entersekt, warns that mega-events, like the World Cup, are a “prime target for fraudsters and cybercriminals” – last year Lloyds Bank issued a warning about fake football tickets.
Moreno recalls that the volume of malicious emails doubled across the Gulf during the last men’s tournament in Qatar. He adds that fraudulent activity involving stolen cards also increased, despite Qatar’s $1.1bn investment in cybersecurity.
Fraud has become much more sophisticated since then, especially with the emergence and continuous development of AI.
Commenting on how banks can mitigate these challenges, Moreno states: “US banks, payment processors and merchants must take proactive steps to ensure a smooth and secure payment experience for both domestic and international customers.”
He highlights one way to achieve this by adopting frictionless authentication systems that “seamlessly verify the cardholder’s identity while reducing the customer’s involvement in the process”.
“Innovative technologies, such as silent authenticators, and extensive risk data can provide secure authentication without the need for additional actions from customers. By utilising real-time, context-aware authentication, banks can assess the risk of a transaction based on factors like location, device, and historical behaviour,” Moreno says.
“Personalised authentication experiences that tailor the most appropriate authentication method to each customer (while taking into consideration risk levels and customer-preferred authentication methods), will help ensure that transactions are processed securely while minimising the friction often associated with traditional authentication methods.”
Moreno also points to the use of biometrics, FIDO passkeys and in-app notifications with transaction details. He believes that these technologies are more secure than traditional one-time passcodes, which are vulnerable to social engineering attacks.
He adds: “By investing in these technologies, banks can significantly reduce fraud risks while enhancing the overall user experience for cardholders.”
In addition to fraud becoming more sophisticated, there is another pressing issue for fans travelling to North America. In the UK, banks are mandated to use 3-D Secure (3DS) authentication, which is not the case in the US.
Therefore, when a foreign fan attempts to make a purchase at a non-participating US merchant, their issuing bank may decline the transaction when there is no authentication code included with the authorisation request.
Moreno emphasises that while the tournament is set to begin soon, “there is still time to take action”.
He says: “Merchants should, at the very least, take advantage of 3DS to gain access to more advanced risk insights from the bank’s data and move the liability for fraud from themselves to banks.
“Issuing banks, meanwhile, should be taking advantage of advanced risk-based authentication solutions that draw on data insights from global consortia with billions of transactions, providing insights into transactions, devices and cardholders.”
An opportunity for the financial sector?
Fraud is an ongoing battle between bad actors and financial institutions, though fraudsters currently appear to be on top.
The UK, in particular, has struggled to combat fraud in recent years. This has led to regulators establishing controversial rules, such as the Payment Systems Regulator’s (PSR) recent reimbursement regulation.
These reimbursement guidelines caused a stir in the financial sector in the region, causing strain between the PSR and major financial stakeholders. However, Moreno says that this tournament presents an opportunity for the industry to demonstrate its cohesion and ability to safeguard payments.
“By embracing advanced fraud detection technologies and adopting secure payment practices, banks can ensure that the millions of international visitors experience a seamless and secure payment journey,” he concludes.
“Now is the time to ensure that ‘The Beautiful Game’ isn’t marred by an explosion of fraud, lost revenue and frustrated visitors that could have been prevented.”
