Card Data Theft: US Consumer Fraud Fears Rise Amid AI-Driven Security Threats
Card Data Theft Tops US Consumer Fraud Fears as AI Deepens Security Concerns
Nearly half of Americans report experiencing attempted payment fraud in the past two years as cybercriminals increasingly weaponize artificial intelligence against everyday consumers.
A new survey by global financial services consultancy Capco reveals that card and card data theft remains the single greatest fraud concern among US consumers in 2026, with 46% citing it as their top worry. The findings paint a sobering picture of an American public that is increasingly anxious about digital financial security — yet still largely trusting of their banks to protect them.
The data arrives at a critical moment. Fraudsters are no longer relying solely on traditional hacking methods. They are now deploying artificial intelligence tools to conduct more sophisticated and convincing attacks, raising the stakes for consumers, financial institutions, and regulators alike.
On this page:
The Fraud Landscape Consumers Are Living With
The Capco survey found that identity theft ranked as the second most feared fraud type at 44%, followed by unauthorized purchases at 40% and account takeover at 35%. These numbers reflect a consumer base that has grown acutely aware of the many ways bad actors can compromise their financial lives.
What makes these findings particularly striking is the gap between fear and lived experience. Almost half of all respondents — 49% — reported that they had already encountered attempted payment fraud within the past two years. Unauthorized purchases were the most commonly experienced form at 45%, followed by phishing attacks at 36% and card or card data theft at 33%.
Other fraud types consumers reported encountering included fake online stores (27%), push payment fraud (26%), and account takeover (25%).
These statistics suggest that payment fraud is no longer a distant threat for most Americans. It is a recurring reality that a significant portion of the population navigates on a near-constant basis. Understanding how businesses and financial institutions are required to safeguard cardholder data is increasingly relevant — exploring how PCI DSS compliance protects payment data offers useful context for consumers who want to understand the standards their banks and retailers must meet.
The Gap Between Awareness and Action
One of the more nuanced findings within the data is that high awareness of fraud risk does not automatically translate into protective behavior. Many consumers recognize the threat environment they operate in but have not yet adopted the layered security habits that meaningfully reduce their exposure. This gap between knowing and doing represents one of the most significant — and addressable — vulnerabilities in the current landscape.
Confidence in Banks Remains High Despite Growing Vulnerability
Despite the troubling fraud landscape, the survey revealed a perhaps surprising level of trust in financial institutions. Nine out of ten respondents said they remain either very confident (53%) or somewhat confident (37%) that their primary bank or financial institution will protect them from fraud.
This confidence may reflect decades of consumer protection infrastructure built into the US banking system, including fraud monitoring programs, zero-liability policies on unauthorized card charges, and rapid dispute resolution processes. However, that confidence could be tested as AI-driven attacks grow more sophisticated and harder to detect.
Financial institutions themselves are not standing still. Banks and card networks have invested heavily in machine learning fraud detection systems that analyze transaction patterns in real time. But the same technology empowering defenders is now being used offensively by cybercriminals, creating what security experts describe as an arms race with consumer accounts caught in the middle.
The Role of Industry Standards in Consumer Protection
Behind the scenes, regulatory and compliance frameworks play a critical role in shaping how well financial institutions and merchants protect payment data. The core goals of PCI DSS compliance establish baseline security requirements across the payment ecosystem — requirements that directly influence how cardholder data is stored, transmitted, and protected at every point in a transaction chain.
AI and Deepfakes Emerge as the Next Frontier of Fear
Consumer Anxiety Around Biometric Authentication
Perhaps the most telling findings in the Capco survey relate to artificial intelligence and its potential to undermine the authentication tools designed to keep accounts safe. A majority of respondents — 69% — expressed concern about deepfake technology's impact on voice biometrics and facial ID systems, which are increasingly used by banks and financial apps as a layer of identity verification.
Breaking that figure down further reveals the depth of unease. Twenty-four percent of consumers consider voice and facial recognition tools "not entirely secure," while 6% go further and describe these methods as outright "insecure." An additional 39% believe these technologies will come "under future threat" as deepfake capabilities continue to advance.
The concern is well-founded. Generative AI tools have made it easier than ever to clone a person's voice or synthesize a convincing facial image using publicly available social media content. In practical terms, the barrier to executing a sophisticated impersonation attack has dropped significantly — what once required substantial technical expertise can now be achieved with widely accessible tools and a modest amount of publicly available data.
The Social Media Problem
Adding to this anxiety, 89% of survey respondents worry that their personal data available online could make impersonation easier for fraudsters or expose answers to common security questions. This figure underscores how the era of social media and data broker ecosystems has inadvertently created a rich environment for social engineering attacks.
The implications extend beyond individual consumers. Every piece of personal information shared publicly — birthdays, pet names, employer details, family relationships — becomes potential raw material for a convincing phishing message or an account recovery bypass attempt. Adopting stronger habits around preventing personal and financial data theft has never been more relevant given how extensively fraudsters now mine open-source information before targeting individuals.
What the Industry Is Doing — and Where Gaps Remain
Financial institutions are responding. Investment in AI-based fraud detection, behavioral biometrics, and anomaly detection systems has accelerated across the banking sector. These tools are increasingly capable of identifying suspicious patterns that no human analyst could catch at scale. Yet the same generative AI capabilities being deployed defensively are simultaneously being refined and weaponized offensively, ensuring that no single technological solution provides lasting protection on its own.
What This Means for Consumers and the Road Ahead
The Capco findings arrive as regulators in the United States are intensifying scrutiny of financial institutions' fraud prevention obligations. The Consumer Financial Protection Bureau has been examining how banks handle fraud disputes, particularly those involving push payment scams where consumers are manipulated into authorizing transfers themselves. Liability frameworks for these cases remain a contested legal and policy question.
For consumers and businesses, the picture is complex but not hopeless. Trust in financial institutions remains strong and the banking sector's investment in AI-based fraud detection continues to grow. However, the survey makes clear that consumers cannot afford to be passive participants in their own financial security.
Practical Steps for Staying Protected
The survey data points to three actionable priorities for readers navigating this environment.
-
Monitor account activity consistently and enable transaction alerts. Catching unauthorized purchases early — before losses escalate — remains one of the most effective and accessible defenses available to everyday consumers.
-
Treat biometric authentication as one layer of security, not a complete solution. Strong, unique passwords used alongside biometric tools provide meaningful additional protection, particularly as deepfake capabilities continue to advance.
-
Be deliberate about what personal information is shared publicly online. Reducing your digital footprint directly limits the raw material fraudsters use to craft convincing impersonation attempts — a simple but genuinely impactful habit.
As AI capabilities advance, the line between a legitimate bank communication and a sophisticated fraud attempt will only grow thinner. The Federal Trade Commission's consumer fraud reporting resources provide a useful reference point for consumers who want to stay informed about emerging scam tactics and understand their rights when fraud occurs.
Staying informed and adopting layered security habits remains the most effective defense available to everyday consumers today.