Bots Hit Banks with Thousands of Micro-Transactions

Autonomous bots and AI agents are carrying out a growing share of organized card fraud in 2026 — entirely without human involvement. A February 2026 analysis places AI-driven fraud at the top of the list of financial threats for the coming year. What is new about these attacks is not just the technology, but the architecture itself: system speaks directly to system, and no human operator sits at a keyboard monitoring the transactions.

How machine-to-machine fraud works

In a classic carding operation, a criminal would manually enter stolen card details on a website to check whether a card was still active. That process is slow, traceable and requires human resources. The automated variants that now dominate the threat landscape work in a fundamentally different way.

A bot network or AI agent receives a list of card data — typically purchased on darknet markets — and begins systematically sending micro-payments of less than one cent to real or artificially created payees. The amounts are so small that they rarely trigger alerts for the cardholder or the bank. The response from the payment platform, however, reveals whether the card is valid, whether funds are available, and whether the card's security parameters match. The entire validation process can be completed for thousands of cards within minutes.

card fraud is not a new phenomenon, but this fully automated version represents a qualitative shift in the level of threat.

No human checkpoint — that is the point

What sets the latest waves of attacks apart from earlier fraud methods is the absence of human decision points. Previously, even advanced fraud required a person to intervene at some stage — approving a transaction, registering an account or reviewing a result. In the agent-to-agent model now spreading rapidly, the criminal system's AI communicates directly with the bank's or payment service's API with no human in the loop.