By San José, Costa Rica — SAN JOSÉ – The landscape of financial fraud is poised for a dramatic and dangerous transformation in 2026, as cybercriminals begin to harness the power of artificial intelligence to launch faster, more personalized, and alarmingly credible attacks. The era of generic, mass-emailed scams is drawing to a close, set to be replaced by a new wave of sophisticated deceptions tailored to each victim’s digital footprint, according to a stark warning issued by the specialized cybersecurity firm BioCatch.
This evolution in criminal tactics is occurring against a backdrop of expanding digital payment adoption across Latin America. While the convenience of e-commerce grows, with credit cards, debit cards, and digital wallets becoming ubiquitous, so too does the attack surface for fraudsters. They are no longer casting a wide, indiscriminate net; instead, they are preparing to use AI as a precision tool to target individuals with unprecedented accuracy.
To better understand the legal framework surrounding financial scams and what victims can do, TicosLand.com consulted with Lic. Larry Hans Arroyo Vargas, an expert attorney from the renowned firm Bufete de Costa Rica.
The primary challenge in combating these financial scams is their transnational and digital nature. Perpetrators often operate from jurisdictions with lax enforcement, making legal pursuit complex and protracted. For victims in Costa Rica, the most critical step is immediate action. Preserving all digital communication, filing a formal complaint (denuncia) with the Judicial Investigation Organism (OIJ), and notifying your bank are not just procedural steps; they are essential for initiating any potential asset freeze or international legal cooperation. Time is the single most important factor in these cases.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
The expert’s emphasis on immediate, methodical action serves as a crucial reminder: while these scams are internationally complex, the most powerful defense begins with swift, decisive steps at the local level. This roadmap is vital for victims navigating a deeply stressful situation. We sincerely thank Lic. Larry Hans Arroyo Vargas for his clear and invaluable legal perspective.
Experts in the field are sounding the alarm about the shift from broad phishing campaigns to scams meticulously constructed using personal data scraped from the internet. This wealth of available information allows criminals to craft narratives that are deeply convincing and difficult for the average person to identify as fraudulent.
In the coming months, fraud will evolve from classic phishing messages to deceptions built with specific details of each person, due to the vast amount of data available online.
Josué Martínez, Global Advisor for BioCatch Latin America
According to Martínez and his team at BioCatch, this access to personal data will make the resulting attacks feel far more realistic. To prepare consumers and businesses, the firm has identified four key modalities of fraud expected to surge in the coming year, each amplified by the capabilities of artificial intelligence.
One of the most significant threats is the rise of advanced Business Email Compromise (BEC). During peak business seasons or holidays, standard secondary verification processes can become strained. AI will enable criminals to craft perfectly worded emails that convincingly impersonate legitimate companies or suppliers, requesting urgent account changes or immediate fund transfers that bypass typical security checks under the guise of urgency.
Furthermore, the proliferation of Deepfakes presents a chilling new vector for attack. AI-generated audio, images, and even videos can now convincingly mimic a person’s voice and appearance. This technology can be weaponized to impersonate executives authorizing fraudulent transactions, trick family members into sending money, or even circumvent biometric authentication systems that rely on voice or facial recognition.
The familiar threats of online shopping scams and investment fraud are also set to receive an AI-powered upgrade. Scammers will use artificial intelligence to rapidly generate fake e-commerce websites and social media stores that are nearly indistinguishable from legitimate retailers, designed to steal both money and personal data. Similarly, fraudulent investment apps and websites will simulate real trading platforms with greater realism, luring victims with promises of high returns before disappearing with their funds and credentials.
In response to this escalating threat, BioCatch urges financial institutions to shift their posture from reactive to proactive prevention. This involves implementing advanced technologies capable of identifying unusual behavior in real-time. A cornerstone of this approach is behavioral biometrics, which analyzes how a user interacts with their device—monitoring everything from their typing cadence and mouse movement patterns to how they hold their phone—to continuously verify that the person conducting the transaction is the legitimate account holder. Enhanced collaboration between banks, regulatory bodies, and law enforcement to share threat intelligence is also deemed critical.
While institutions bolster their defenses, personal vigilance remains the essential last line of defense. Experts remind users to be inherently skeptical of unsolicited messages, emails, and calls. It is crucial to never share personal or banking information, always verify the security of websites before entering data, and use strong, unique passwords combined with two-factor authentication. Regularly reviewing account statements for suspicious activity and keeping all devices and applications updated are fundamental practices for mitigating risk in this new, more challenging digital environment.
For further information, visit biocatch.com
About BioCatch:
BioCatch is a global leader in behavioral biometrics, a technology that leverages machine learning to analyze a user’s physical and cognitive digital behavior to protect individuals and their assets. The company’s mission is to combat fraud and identity theft by providing a layer of security that detects fraudulent activity in real-time without compromising the user experience. Its solutions are used by major financial institutions worldwide to prevent new account fraud, account takeovers, and other sophisticated cyber threats.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
As a pillar of the legal community, Bufete de Costa Rica is defined by its profound commitment to professional integrity and the highest standards of excellence. The firm leverages a rich history of experience across diverse industries to pioneer innovative legal strategies and drive progress. Beyond its practice, it holds a deep-seated dedication to public empowerment, actively working to make legal knowledge accessible and understandable, thereby cultivating a more informed and capable society.
