Visa Warns of Rising AI-Driven Cyber Threats; Uncovers $3m-a-Day Transaction Laundering Scheme in Ghana
Head of Risk for Sub-Saharan Africa at Visa, Irene Auma, has cautioned that the payments industry is entering a new era of heightened cyber vulnerabilities as artificial intelligence accelerates both innovation and criminal activity. Speaking at the Payments Industry Cybersecurity Summit 2025, she underscored the urgency for financial institutions to strengthen their digital defences, stressing that organisations unwilling to invest in AI-enabled security risk being “left behind.”
“We moved from static, one-line, one-channel transactions to consumers demanding efficient, effective and secure payments,” she said, highlighting the rapid shift towards peer-to-peer (P2P), account-to-account and other emerging payment formats. “The AI race is real. Tech players are not shy, they don’t have budget constraints, they are curious to learn. If you have budget constraints and you’re not equipping yourself to counter the AI race, you will be less defined.”
According to her, the question is no longer whether cyber incidents will happen but “when.” She warned that institutions must build resilience to detect, counter and recover from attacks swiftly.
Ms Auma also revealed a striking case of transaction laundering uncovered in Ghana, illustrating how bad actors are increasingly exploiting the complexity of the payments ecosystem. Visa’s risk team, she noted, identified a merchant generating an unusually high volume of sales — averaging US$3 million a day. The merchant was registered as a baker, with all transactions processed as cross-border payments, many of which were initiated using non-Ghanaian cards.
“When we asked for documentation, what we received were superimposed images and shoddy forms. It still went through because it was digital,” she explained. Further investigation confirmed that the merchant was serving as a front for an illicit payment operation. “This is transaction laundering happening underneath the face of a baker.”
She warned that while banks and payment service providers frequently outsource merchant onboarding, responsibility for risk remains squarely with regulated institutions. “It doesn’t matter who you outsource to — the responsibility on risk remains that of the bank.”
Ms Auma further stressed the importance of stronger collaboration between banks, fintechs and regulators, particularly as fintechs continue to build agility and reach in delivering services to SMEs. Visa, she noted, continues to support the ecosystem through its Fintech Acceleration Programme, aimed at strengthening areas where young firms may lack capacity.
“Every economy will be driven by the SME sector. It is our collective responsibility to ensure those SMEs are doing legitimate business and not falling prey to quick gains and quick breaches,” she said.
Her remarks reinforced the Summit’s central message: as payments become faster and more digital, the risks are evolving just as quickly, demanding deeper vigilance, stronger controls and industry-wide cooperation.
