Shufti-Sphere-Website-Banner
burger-menu cross-icon-2

Resources

us

216.73.217.31

Fraud Prevention in LATAM: High-Risk Markets & Identity Fraud Trends

fraud-prevention-latam

TL;DR

  • LATAM bank scam attempts jumped 155% in 2025, with 88% of fraudulent sessions originating on mobile, exposing a mismatch between mobile-first banking and controls built for branch-era onboarding.
  • Fragmented national ID systems (Brazil’s CPF, Mexico’s CURP/INE, Colombia’s Cédula, Argentina’s CUIL/DNI) let fraudsters combine real breached data with fabricated details to pass document-only KYC, making biometric liveness the key gap-closer.
  • Brazil’s PIX network drove 28 million fraud cases in 2025 through irreversible instant transfers and social engineering, while Mexico saw a 324% rise in account takeover from synthetic identities and remote-access attacks.
  • AML compliance is fragmented across GAFILAT-aligned regulators (Brazil’s COAF/BACEN, Mexico’s CNBV, Colombia’s UIAF), with the region shifting from periodic batch screening to continuous, event-driven monitoring against $160B in annual laundering losses.
  • The LATAM fraud detection market is set to grow from $1.20B (2024) to $5.08B by 2034, and Shufti addresses the core gap with 56+ liveness spoof checks and AML screening across 100,000+ sources updated every 15 minutes.

Scam attempts across Latin American banks rose 155% in 2025, with 88% of those fraudulent sessions originating on mobile devices. That number lands differently when you consider that most of the region’s fraud controls were built for a different era of banking, one where onboarding happened in a branch and identity documents could be inspected in person.

LATAM fraud trends have compounded faster than compliance teams anticipated. Brazil recorded 28 million fraud cases via PIX in a single year. Money laundering drains approximately $160 billion from Latin America annually, roughly 2% of regional GDP.

This piece breaks down the structural vulnerabilities that make fraud prevention in Latin America harder than in other regions, the specific attack types generating the largest losses, and the fraud prevention LATAM controls that work in 2026.


Three key LATAM fraud statistics: 155% rise in bank scam attempts in 2025, 28 million PIX fraud cases in Brazil, and $160 billion annual money laundering drain across Latin America

Why Is Fraud Detection in Latin America Harder Than in Other Regions?

The structural answer matters more than the volume numbers. The financial fraud LATAM practitioners deal with is not simply more fraud. It is fraud architecturally matched to two specific weaknesses: fragmented identity infrastructure and mobile-first banking populations that outpaced the controls built for them.

Fragmented national ID databases

Brazil uses CPF numbers, Mexico has CURP and INE records, Colombia issues Cédula de Ciudadanía identifiers, and Argentina runs CUIL and DNI systems. These registries are rarely interoperable across agencies, and cross-border data sharing within the region is further limited by jurisdictional boundaries.

Fraudsters have adapted directly to this gap. Synthetic identity profiles in LATAM combine real breached ID numbers, sourced from dark-web markets or data leaks, with fabricated supporting elements. The resulting profile is designed to pass document-only KYC checks that validate a number against a siloed registry without confirming that a living person matches the document. The fraud detection Latin America institutions run must close this gap at the biometric layer.

Biometric confirmation, the step that binds a live face to a document, is what synthetic identity profiles cannot reliably forge. For a detailed look at how deepfake-aware verification addresses these attacks, see deepfake fraud in remote KYC compliance.

Mobile-first exposure and the LATAM risk management fraud challenge

Eighty-eight percent of fraudulent sessions in the region originate on mobile devices. That proportion reflects how quickly mobile banking penetrated markets like Brazil, Mexico, Colombia, and Argentina, often ahead of the device-level controls those platforms needed. LATAM risk management fraud strategies designed for desktop sessions or branch environments have struggled to keep pace with mobile-native attack patterns.

Passive liveness detection, device behavioural signals, and session fingerprinting are no longer enhancements for institutions onboarding at scale across the region. They are baseline requirements. The 88% mobile origin rate is not incidental. It reflects how fully the attack surface has moved away from the environments that most fraud controls were designed to cover.

What Fraud Vectors Are Hitting LATAM’s High-Risk Markets?

The surge in identity fraud LATAM has seen is concentrated in two attack types that account for the majority of confirmed losses and require more than surface-level treatment.

PIX instant payment fraud

The PIX network in Brazil enables real-time transfers that cannot be reversed once a payment clears. Fraudsters build entire campaigns around that irreversibility. A typical pattern involves social engineering. A fraudster contacts a target posing as a bank representative, creates urgency around a fabricated account security issue, and guides the victim into transferring funds to a ghost wallet created for immediate dispersal. The funds move before any reversal window opens.

Brazil recorded 28 million PIX fraud cases in 2025. For KYC verification LATAM institutions, the onboarding stage that precedes these transactions is now the critical control point. Ghost wallets are opened using identity checks that pass basic document validation. Real-time behavioural signals at account creation, not only at the point of transaction, are what identify these accounts before they can be used for fraud.

For more on how payment-layer fraud connects to compliance obligations, see AML transaction monitoring for online payment fraud.

Account takeover and synthetic identity fraud

Mexico recorded a 324% increase in account takeover cases by early 2026, driven by remote-access tools and social engineering targeting mobile banking users. Synthetic identity fraud runs alongside it, with AI-assembled profiles constructed from genuine CPF, CURP, or INE data passing document verification that checks authenticity without biometric confirmation of the person presenting it.

These profiles are not fully fabricated. They often have a history, having passed lower-value institution checks before being deployed against higher-value targets. Account takeover fraud in Mexico scaled precisely because digital onboarding velocity outran the verification controls designed to catch bad actors before they accessed accounts. Detection depends on layered signals: liveness scores, device intelligence, and behavioural analytics combined with fraud prevention infrastructure that correlates these signals in real time. For context on how AI is changing the detection side, see how KYC AI transforms digital identity verification and fraud prevention.


Four key LATAM fraud vectors: Account Takeover with 324% surge in Mexico, PIX Instant Payment Fraud with 28 million cases in Brazil in 2025, Synthetic Identity Fraud using AI-assembled profiles exploiting fragmented LATAM ID databases, and Mobile-First Fraud with 88% of fraudulent sessions on mobile devices

AML Compliance Latin America: What the Regulatory Framework Requires

GAFILAT, the Financial Action Task Force of Latin America, sets the regional AML framework modelled on FATF standards and conducts mutual evaluations that drive national legislation. Brazil’s framework rests in Law No. 9,613/1998 and is enforced by COAF, the financial intelligence unit, and BACEN, the central bank that also governs PIX fraud monitoring obligations. Mexico’s CNBV sets KYC and AML requirements for licensed institutions. Colombia’s UIAF handles financial intelligence and reporting.

The AML compliance challenge in LATAM is compounded by uneven regulatory maturity across jurisdictions. Institutions operating across Brazil, Mexico, Colombia, and Argentina must account for different customer due diligence thresholds, reporting timelines, and sanctions-screening obligations within a single compliance programme. AML compliance Latin America demands today is not a single ruleset but a layered framework that varies significantly by country.

Across these jurisdictions, continuous event-driven screening has replaced periodic batch reviews as the operational standard. Sanctions lists, PEP profiles, and adverse media sources update faster than manual cycles can process. AML screening needs to trigger at onboarding, at transaction thresholds, and when a customer’s risk indicators change.

Money laundering drains approximately $160 billion from Latin America every year, around 2% of regional GDP. Regulators across the region are shifting from rules-based compliance toward risk-based frameworks that require institutions to demonstrate active, ongoing customer risk monitoring. For the scale of what these frameworks are responding to, see 45 money laundering facts and statistics.

The regional market for fraud detection and prevention reflects this pressure directly. Valued at $1.20 billion in 2024 and projected to reach $5.08 billion by 2034 at a 15.60% CAGR, investment is being driven by both regulatory obligation and the commercial cost of undetected fraud. Fraud prevention solutions LATAM institutions are deploying now tend to combine KYC verification, biometric liveness, and real-time AML screening under a single audit trail, replacing fragmented multi-vendor approaches that left gaps between control layers.

How Shufti Helps LATAM Fintechs Prevent Identity Fraud

The specific problem financial institutions face in Brazil, Mexico, Colombia, and Argentina is that KYC controls built for more stable, centralised identity ecosystems tend to break against fragmented ID databases and synthetic fraud rates that scale with mobile-first onboarding volume.

Shufti’s face verification addresses the core gap. Active and passive liveness detection covers 56+ spoofing attack vectors, including the AI-generated deepfake injections that synthetic identity profiles rely on to pass biometric checks. Document validity and biometric presence are confirmed in a single check, closing the gap that sequential document-then-face approaches leave open.

On the AML side, Shufti screens against 100,000+ data sources and 3,500+ global watchlists refreshed every 15 minutes, closing the window between regulatory list updates and when a flagged individual attempts to onboard.

To see how this works across a LATAM deployment, request a demo with Shufti’s team.

Frequently Asked Questions

What are the biggest fraud threats in Latin America in 2026?

Account takeover, PIX instant payment fraud, synthetic identity fraud, and mobile social engineering are the dominant attack types. Brazil, Mexico, Colombia, and Argentina all report significant volumes. Mobile devices are involved in 88% of fraudulent sessions across the region.

What is PIX fraud and how does it work?

PIX is Brazil's real-time payment network. Fraudsters use social engineering to guide victims into transferring funds to ghost wallets. Because PIX transfers are instant and irreversible once cleared, recovery is near-impossible. Brazil recorded 28 million PIX fraud cases in 2025.

What is synthetic identity fraud and how prevalent is it in LATAM?

Synthetic identity fraud combines real breached ID data (CPF, CURP, INE numbers) with fabricated elements to create profiles that pass document-only KYC checks. Fragmented national ID databases across LATAM make these profiles easier to build and harder to detect without biometric verification.

How effective is biometric verification in LATAM?

Biometric liveness detection catches AI-generated faces and deepfake injections that synthetic identity profiles depend on. It confirms physical presence independently of document validity, closing the gap that document-only KYC leaves open in markets with fragmented identity infrastructure.

What regulations govern AML compliance in Brazil?

Brazil's AML framework is grounded in Law No. 9,613/1998 and enforced jointly by COAF and BACEN. BACEN also governs PIX fraud monitoring obligations. At the regional level, GAFILAT sets FATF-aligned standards that shape national legislation across Latin America.



Related Posts

Shufti Blog

Alabama HB168: What the Synthetic Media Law Means for Child Protection

Alabama HB168: What the Synthetic Media Law Means for Child Protection

Explore More

Shufti Blog

Fraud Prevention in LATAM: High-Risk Markets & Identity Fraud Trends

Fraud Prevention in LATAM: High-Risk Markets & Identity Fraud Trends

Explore More

Shufti Blog

Closing the SCA Gap: How European PSPs Can Meet PSD2 and PSD3 Fraud Obligations

Closing the SCA Gap: How European PSPs Can Meet PSD2 and PSD3 Fraud Obligations

Explore More

Shufti Blog

Fraud Prevention in APAC: Trends, Challenges & Best Practices for 2026

Fraud Prevention in APAC: Trends, Challenges & Best Practices for 2026

Explore More

Shufti Blog

Fraud Prevention in Mexico: Banking and Fintech Risk Management

Fraud Prevention in Mexico: Banking and Fintech Risk Management

Explore More

Shufti Blog

GR 17/2025 Age Compliance Checklist: A Full Guide To Getting Your Platform Ready

GR 17/2025 Age Compliance Checklist: A Full Guide To Getting Your Platform Ready

Explore More

Shufti Blog

Identity Verification in Retail and E Commerce: Stopping Fraud at Every Touchpoint

Identity Verification in Retail and E Commerce: Stopping Fraud at Every Touchpoint

Explore More

Shufti Blog

Alabama HB168: What the Synthetic Media Law Means for Child Protection

Alabama HB168: What the Synthetic Media Law Means for Child Protection

Explore More

Shufti Blog

Fraud Prevention in LATAM: High-Risk Markets & Identity Fraud Trends

Fraud Prevention in LATAM: High-Risk Markets & Identity Fraud Trends

Explore More

Shufti Blog

Closing the SCA Gap: How European PSPs Can Meet PSD2 and PSD3 Fraud Obligations

Closing the SCA Gap: How European PSPs Can Meet PSD2 and PSD3 Fraud Obligations

Explore More

Shufti Blog

Fraud Prevention in APAC: Trends, Challenges & Best Practices for 2026

Fraud Prevention in APAC: Trends, Challenges & Best Practices for 2026

Explore More

Shufti Blog

Fraud Prevention in Mexico: Banking and Fintech Risk Management

Fraud Prevention in Mexico: Banking and Fintech Risk Management

Explore More

Shufti Blog

GR 17/2025 Age Compliance Checklist: A Full Guide To Getting Your Platform Ready

GR 17/2025 Age Compliance Checklist: A Full Guide To Getting Your Platform Ready

Explore More

Shufti Blog

Identity Verification in Retail and E Commerce: Stopping Fraud at Every Touchpoint

Identity Verification in Retail and E Commerce: Stopping Fraud at Every Touchpoint

Explore More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started