In the 2024 edition of our Digital Banking Fraud Trends in LATAM report (published in September), we highlighted three key trends:
- A 32% increase in reported fraud during the first half of 2024 compared to the first half of 2023.
- A 113% rise in malware cases during 2024’s H1.
- An increase in the use of mobile devices to commit fraud, showing that 79% of all fraud cases originated from mobile channels. Interestingly, 30% of all fraud in the region came via from mobile browsers (vs. mobile digital banking applications), which is somewhat unique to the region when compared to other banks across in Asia, Australia, Europe and North America.
With H2 of 2024 now complete and H1 of 2025 well underway, we can now follow up on the trends we highlighted in last year’s LATAM report.
Fraud volumes
We continue to see increasing fraud cases. H2 of 2024 saw a 17% increase in fraud cases compared to the same period in 2023. This has continued into 2025. While we only have data from January through April of this year, already we’re seeing 7% more fraud cases in H1 of 2025 than we saw in H1 of 2024.
This increase isn’t consistent across the region, however, with BioCatch customers in countries such as Brazil and Chile reporting fewer cases throughout the last four quarters. Meanwhile, Ecuador, Mexico, Panama, and Uruguay all saw fraud volumes more than double.
Malware
Malware continues to plague several Latin American countries. Cases did decrease in the second half of last year compared to 2024's H1, but in the first four months of 2025, we’ve already seen more cases than in the first six months of last year.
Countries hit worst by malware include Argentina (although both malware volumes and the overall ratio of malware cases vs. all fraud cases do appear to be on the downward trend in the country), Colombia, and Mexico. Ecuador has also started to report more malware cases than we’ve seen previously.
Use of mobile devices
After a slight decrease (one percentage point) in H2 of 2024, 2025 has so far seen 88% of all fraudulent sessions take place on mobile devices – a 13% increase in the proportion of mobile fraud cases vs. all fraud cases in the region.
When looking at whether these sessions took place via a mobile browser or on a mobile banking app, we see that while fraudulent sessions conducted from mobile browsers peaked at around 40% of all LATAM fraud in H2 of 2024 (up from that previously mentioned 30% in H1 of last year), in H1 of 2025, the percentage of fraudulent sessions conducted from mobile browsers is back down to around 25% of all fraud in the region.
In summary, we’re seeing the trends we highlighted in September continue to hold—in some cases, continuing to increase.
What's next
If we dive into the malware fraud data we’re seeing out of LATAM, we do see a shift in the types of malware most commonly reported.
Throughout 2023 and 2024, more than 80% of all malware was web-based, using strains such as Grandoreiro, as highlighted in our 2024 report. So far in 2025, however, we’re seeing approximately half of all cases taking place on mobile devices.
This comes as no surprise. Banks in the region have strengthened their malware defenses, making it harder for fraudsters to use web-based malware. Rather than changing strains, fraudsters have resorted to changing platforms altogether. Fortunately, behavior tells a consistent story across web and mobile, enabling banks to continue protecting their customers.
Stolen device fraud (where the victim’s device is physically taken from them and then used by fraudsters to transact from digital banking platforms), continues to rise in the region. In 2024, we saw an increase of 50% in Q1, followed by increases of 18%, 14%, and 25% respectively in the final three quarters of the year. In 2025, we’ve seen a 49% increase in Q1. While this fluctuation appears odd at first glance, it could owe to seasonality, considering most of the region enjoys their summer months in Q1, when more people are outside (and thus more vulnerable to device theft) more regularly.
We also saw cases of remote-access fraud double in the first quarter of this year. Fraudsters leverage remote access via a host of different fraud MOs, ranging from standard account takeover using either the victim’s device or malware, to social engineering scams where fraudsters use screen-sharing to better guide their victims.
One trend to look out for is the detection of mule accounts. While volumes remain somewhat low compared to other regions, we are starting to see a significant increase in the bad accounts detected and reported by our LATAM customers. As banks in the region continue to explore new, proactive ways to combat money laundering, it will be interesting to see how these volumes evolve.
