The 2026 FIFA World Cup is putting payment fraud controls under pressure as high-value ticket purchases, cross-border spending and repeated attempts to secure limited availability can make genuine fans resemble risky customers.
New payment data and threat intelligence show criminals exploiting the same urgency through fake ticket sites, betting promotions, malicious links and coordinated activity across cards, accounts and devices.
Fraud starts before kick-off
Analysis from ACI Worldwide, a payment technology company, indicates that fraud around major football tournaments begins weeks before the opening match and can continue after the final.
The company analysed 24.5 million transactions across 61 live-event merchants serving international audiences. During the build-up to Copa America 2024, card-not-present attempted fraud reached four per cent of transaction value, averaging 3.6 times ACI’s 2023 baseline.
Fraudulent orders averaged $405, compared with $270 for legitimate purchases. The difference creates a particular challenge for ticketing merchants because genuine fans may also spend hundreds of dollars in a single transaction.
International purchases provide another complicated signal. Cross-border card spending rose from an average of 7.53 per cent of total spending to 11.47 per cent ahead of Copa America. In May 2026, it had already reached 10.83 per cent, compared with an annual average of 7.16 per cent.
Jackie Barwell, director of fraud product management at ACI Worldwide, said pressure tends to build while fans are still trying to secure tickets.
“The clearest warning sign isn’t match day itself. It’s the days and weeks before kick-off, when attempted fraud rises, cross-border card activity increases and fans start hunting for tickets, often under pressure,” she commented.
ACI also recorded a marked difference between payment types. Alternative payment methods produced an attempted fraud rate of 0.57 per cent, compared with three per cent to 97 per cent for traditional cards. Their share of transactions increased from seven per cent in 2022 to 24.8 per cent during 2026.
Scarcity encourages risky behaviour
The pressure to secure scarce tickets can push consumers towards sellers they would usually avoid. Research commissioned by global payment service provider emerchantpay found that 19 per cent of UK consumers aged between 18 and 29 would consider buying World Cup or other event tickets from an unofficial website.
The Opinium survey of 2,000 UK adults also showed that 43 per cent of Gen Z respondents had noticed an increase in potentially fraudulent content on social media during the previous year, compared with 34 per cent across the full sample.
Younger consumers appeared highly conscious of the danger. More than half said they were especially wary of fraud when booking a holiday, yet their willingness to consider unofficial ticket sites leaves an opening for criminals exploiting high prices and limited availability.
George Ralchev, head of risk at emerchantpay, said major tournaments create conditions in which supporters may take chances on offers promoted through unofficial sites or social media.
“Fraudsters target events with high demand and the World Cup is a perfect example, as millions of fans might be tempted to take a chance on a ‘too good to be true’ deal on tickets from unofficial websites or social media offers,” he commented.
Mobile channels hide the final approach
The infrastructure behind these scams is becoming faster to build and harder to track. Cybersecurity and AI company Arctic Wolf observed more than 10,000 World Cup-themed domains between January and the start of the tournament, appearing at a rate of around 2,000 each month.
Some of the newly registered domains will be legitimate. However, the company’s World Cup threat research identified fake ticket offers, fraudulent recruitment sites, QR-code phishing and malware designed to extract information from victims’ computers.
Many approaches begin with a clean-looking social media post before moving the conversation to WhatsApp, Telegram or Discord. The payment request, fraudulent offer or malicious download then arrives through a private channel with less visible moderation.
Timing adds to the pressure. Arctic Wolf found channels promising to release free streaming links five minutes before a match, relying on supporters clicking before they have time to examine the source.
The company also identified attacks against organisations involved in delivering the tournament, including a weaponised employee handbook aimed at host-city staff and fake FIFA careers sites designed to steal corporate Google Workspace credentials.
These cases broaden the financial threat beyond consumers paying for nonexistent tickets. A compromised workplace account or infected supplier device could expose payment information, internal systems and the wider network of organisations supporting the competition.
Betting fraud blends into tournament demand
Betting operators face their own version of the problem as registrations, logins, deposits and promotional activity rise together.
A SEON survey of 588 US adults found that 43 per cent were at least somewhat likely to bet on the World Cup. Yet 45 per cent lacked confidence that betting platforms could protect their personal and financial information during a high-traffic sporting event.
Some reported behaviours can also complicate fraud detection. Twenty-two per cent had opened multiple betting accounts to access promotions, 20 per cent had clicked betting links shared through social media or messaging services, and 17 per cent had used an account belonging to a friend or relative.
George Pace, fraud expert at SEON, said the combination of promotional offers and a sudden influx of legitimate players gives fraudulent accounts more cover.
“When thousands of legitimate, high-value players become active at once, fraudsters don’t need to be particularly sophisticated,” he commented. “They just need to blend in with normal behaviour, making detection harder at the exact moment teams are already stretched.”
Pace also pointed to retention abuse, where linked or false accounts continue exploiting loyalty offers and recurring promotions after the initial welcome bonus has been claimed. The fraud can therefore continue throughout the tournament rather than ending after registration.
The transaction may reveal only part of the fraud
Fraudio’s analysis suggests that apparently separate scams often connect through common technical infrastructure. The AI-powered transaction risk platform recorded a 25 per cent relative increase in observed payment fraud between its 2024 dataset and the combined period covering 2025 and 2026.
More than 90 per cent of the fraud events it analysed were associated with shared infrastructure, including internet protocol addresses connected to large numbers of cards. Transactions routed through submerchants also showed a higher observed fraud rate than direct merchant transactions.
Gadi Erel, vice-president of product at Fraudio, said fraudsters reuse domains, devices, accounts, merchants and payment routes across campaigns that may appear unrelated to an individual victim.
“Fake ticketing sites, spoofed FIFA pages, fraudulent merchandise stores and dubious streaming offers may all look different to the fan, but they can be connected by the same network-level signals,” he commented.
Fraudio also observed fraudulent activity where 3D Secure authentication had been completed successfully, indicating that authentication needs support from behavioural, contextual and network-level information.
Broad declines can carry their own cost. Fraudio’s proxy measure for false positives increased across the period analysed, suggesting that legitimate customers may increasingly be caught by blunt controls.
World Cup purchases amplify that danger. Genuine customers may spend far more than usual, use an overseas card, create a new betting account or make several rapid attempts to buy a ticket. Fraudsters use many of the same behaviours as cover.
The strongest response depends on connecting the wider payment journey: the account, device, card, merchant, location and infrastructure surrounding a transaction. The payment itself may look convincing. Its relationship with everything around it can tell a very different story.
