The 2026 FIFA World Cup Has Kicked Off. So Has the Fraud.
The biggest single sporting event on the planet is also one of the biggest fraud opportunities for cybercriminals. With the 2026 FIFA World Cup now underway across sixteen cities in the United States, Mexico, and Canada, travel merchants are facing a rare combination: surging booking volume, heightened cross-border payment complexity, and an accelerating threat landscape driven by AI.
Recent data from Lloyds Banking Group shows a 36% spike in fake ticket scams ahead of the tournament. Consumers are losing an average of nearly $300 per fraud incident, with some victims losing thousands through fraudulent ticketing websites and payment schemes. The numbers are a warning sign for any business processing travel bookings, hospitality transactions, or cross-border payments at scale.
Why Travel Merchants Are in the Bull’s Eye
Global events like the World Cup create enormous complexity for merchants because consumer expectations for seamless payments continue to rise while fraud and operational risk increase simultaneously. That is the assessment from Spreedly, the open payments platform processing over $60 billion in gross merchandise value annually across more than 400 customers in over 100 countries.
“Travel brands are often at the cutting edge of payments innovation because they operate across currencies, borders, devices, and time zones at massive scale,” said Justin Benson, CEO of Spreedly. “If you want to understand where the future of payments and fraud is heading, study the travel industry.”
The tournament is expected to drive major spikes in international travel bookings, ticket purchases, mobile transactions, hospitality transactions, and cross-border payment activity. Each of those categories is a vector for fraud.
The AI Acceleration Problem
What is making this cycle different from previous global events is the speed and sophistication that AI brings to fraud attempts. Threat actors are already building fake FIFA stores, spinning up phishing pages, and launching purchase scams at a scale that has security researchers watching closely.
Recorded Future analysts have documented cybercriminal exploitation of World Cup branding well underway, with fraud domains using multiple merchant accounts to keep payments flowing even as individual domains are rotated out and shut down.
“The challenge is that AI and automation are dramatically shrinking the amount of time businesses have to identify and respond to threats,” said Jennifer Rosario, Chief Information Security Officer at Spreedly. “As transaction volume increases globally, merchants can no longer rely on manual processes alone. Automated defenses and flexible payment infrastructure become essential.”
What Payment Friction Costs Merchants
A study by Nuvei and Edgar, Dunn and Company found that 82% of travelers will try another payment method when faced with a failure. If that second attempt also fails, 13% try a competitor and 5% abandon the transaction entirely.
For a travel merchant processing high-volume international transactions during a peak event period, that kind of funnel leakage can be significant. The study underscores how payment performance and fraud resilience are directly tied to customer trust and conversion.
“International travel events at this scale create enormous operational complexity across payments, fraud prevention, and customer experience,” said Justin Skagen, VP of Revenue Integrity and Operational Compliance at Arrivia. “As booking volume and cross-border transactions increase, payment performance and fraud resilience become directly tied to customer trust and conversion.”
What Merchants Can Do Now
The consensus from payment and fraud prevention experts points to a few practical steps travel operators should be taking immediately.
First, review payment routing and failover logic before peak booking windows hit. Having redundant payment service providers and smart routing can prevent the kind of cascade failures that push customers to competitors.
Second, audit fraud detection thresholds. Rules that worked during normal booking periods may be too aggressive or too permissive under the traffic patterns typical of a global event. Machine learning models trained on historical data may not account for the behavioral shifts that accompany a surge in international travelers.
Third, communicate clearly with customers about legitimate payment channels. The proliferation of fake ticketing sites means that genuine merchants need to work harder to establish trust. Clear confirmation processes, visible security indicators, and proactive customer outreach can reduce the success rate of phishing and social engineering attacks.
Fourth, ensure that chargeback and dispute resolution processes are staffed and optimized. Fraud incidents generate chargebacks. A surge in fraud generates a surge in chargebacks. Merchants who have not pre-positioned dispute handling resources will feel the operational pain long after the tournament ends.
The Bottom Line
The 2026 World Cup is a stress test for travel payment infrastructure in real time. Merchants who treat this period as simply a volume opportunity are underestimating the threat landscape. The combination of AI-powered fraud, cross-border payment complexity, and elevated consumer expectations is creating conditions that reward operational preparedness and punish complacency.
The tournament runs for six weeks. The operators who make it through with their customer relationships intact, their fraud losses manageable, and their payment conversion rates intact will be the ones who treated the fraud risk as seriously as they treated the booking opportunity.
The World Cup may be in North America, but the fraud threat is global. Make sure your defenses are ready for kickoff.
Featured image: Professional stock photography, documentary style, natural lighting, shallow depth of field, Canon EOS R5 quality. Airport terminal with fans holding soccer scarves, blurred security gates in background, warm late-afternoon light.
