A commentary by Frank Heisel, CEO of RISK IDENT
While the Chinese lunar calendar proclaims 2026 to be the ‘Year of the Goat,’ promising attributes such as justice and good nature, security experts paint a very different picture. The current forecast from RISK IDENT is clear: 2026 will be the year of the fraudster.
A dangerous combination of advanced artificial intelligence, increasing automation and a weakening global economy is creating new threat scenarios.
AI and automation as accelerants
Artificial intelligence has long since left the experimental phase behind. We are seeing an era in which websites can be faked to look deceptively real within minutes and phishing messages no longer contain any spelling mistakes. The threat goes far beyond optimised texts: autonomous AI agents operate independently in dating networks, deep fakes are established in blackmail scenarios and new ‘shopping agents’ are creating gateways that have hardly been analysed to date.
At the same time, processes in companies are being massively automated to reduce costs. The fact that these smooth processes often offer security gaps is often only noticed when damage occurs – as was recently the case with the onboarding processes of charging station providers.
Real-time payments play into the hands of fraudsters
A critical driver for 2026 is payment transactions. Since October, real-time payments have been possible throughout Europe. What is convenient for consumers plays into the hands of fraudsters. Funds can be moved across national borders in a matter of seconds. This makes recalls and prosecution extremely difficult. Effective security measures for this are not expected to take effect until 2027.
As accounts in real names are becoming more expensive due to the new verification of payee process, the focus is shifting to people. Fraudsters are specifically recruiting private individuals – often young adults with little risk awareness – as ‘money mules’ or financial agents. The involvement of insiders is also on the rise, and many complex attacks suggest internal knowledge.
Organised crime is becoming more professional
It is no news that organised crime drives fraud. What is striking, however, are the new dimensions and technical sophistication of current cases.
Impressive evidence of this new quality can be found, for example, in the payment fraud involving micro-payments uncovered this year, which caused total damages of over 300 million euros. Or the technically highly complex relay fraud cases. The widespread use of fraudulent charging cards also shows how quickly gaps in new systems are being exploited professionally. This is supported by ‘crime-as-a-service’ structures, where fraudsters can simply purchase services and support.
Cooperation as the key to defence
To effectively counter this trend, companies must integrate fraud prevention as a critical element when planning new business models. However, individual technical measures are no longer sufficient. The most effective countermeasures lie in overarching cooperation and the consistent exchange of information. When companies share data on fraudulently used resources such as devices or identities, they make these critical resources scarce and hit the perpetrators where it hurts most – their business case. Data pools for the exchange of fraudulently used resources are long overdue in e-commerce, and politicians must open up clear, legally regulated opportunities in this area.
Equally crucial is the exchange of information about attack patterns within an industry in order to identify anomalies at an early stage and combat them collectively.
Germany in a balancing act
The AI Act and keeping pace with AI development, data protection and the necessary exchange for prevention, cost savings with increased identity requirements, optimised payment orchestration, Wero as a new scheme to be established and agentic commerce – these are just some of the areas of tension. There is no clear vision for dealing with fraud,
In the long term, there is no way around a national anti-fraud strategy, such as those already proving successful in countries like the United Kingdom and Australia.
