As the 2026 FIFA World Cup unfolds across North America, one of the tournament’s biggest viral stars isn’t a player—it’s Freddy, a German fan whose trip across North America has captivated millions online. Spanning flights and hotels, sporting events, restaurants, attractions, and rideshares, Freddy’s journey offers some useful lessons for ticketing and travel merchants. It demonstrates how event travelers buy across an ecosystem and how legitimate World Cup behavior can look risky (and vice versa).

One visitor, dozens of merchants

Since arriving in the U.S. for the tournament, Freddy has documented an increasingly elaborate itinerary, patronizing everything from airlines to college football stadiums, MLB games, concerts, and, of course, World Cup matches.

Viewed through a fraud-prevention lens, World Cup travelers like Freddy follow many of the patterns that often trigger fraud controls.

The customer books expensive international flights. Then they purchase event tickets in multiple cities. They make hotel reservations in unfamiliar locations. They buy food, transportation, and entertainment services across state lines. Their devices, IP addresses, and payment patterns change frequently as they travel. They may make last-minute changes or airline trips as team standings and game schedules change. 

To a rules-based fraud system, that activity can resemble account takeover (ATO), stolen-card testing, or synthetic identity fraud. In reality, it may simply be a passionate fan following their team across the tournament.

Freddy’s journey is an extreme example, but millions of World Cup visitors are creating similar patterns at scale. At the same time, fraud is a real threat to ticketing and travel merchants during the World Cup. 

The World Cup pitch can be a minefield of fraud

With three nations co-hosting 104 matches across 16 cities, the largest World Cup in history has created an enticing opportunity for cybercriminals not only to cash in, but also to blend in with legit fans like Freddy. 

Riskified analysts have been tracking travel and ticketing fraud trends for years, including transaction patterns from the 2022 FIFA World Cup. They’ve also been closely monitoring discussions across dark web communities, where scammers have been actively coordinating around the 2026 World Cup for months. Fraud infrastructure, phishing campaigns, and money-movement services have been actively marketed specifically for “World Cup season.”

These activities include fake-ticket scams, fraudulent visa-related services, misleading accommodation offers, even stolen streaming accounts and counterfeit merchandise. The fraud community is exploiting every access point the tournament creates, and that includes this year’s high-dollar ticket marketplace.

With face-value ticket prices up to 10 times higher than in Qatar, fans are paying thousands of dollars for seats at top venues. They’re paying even more at the approved secondary marketplaces. And anywhere there’s big money being spent online, you’ll find fraudsters trying to get in on the action.

Combining industry trends, insights from the 2022 World Cup, and dark web intelligence, here’s how merchants can balance fraud prevention with a frictionless fan experience as demand for this summer’s hottest tickets reaches fever pitch. 

Travel and ticketing are even riskier than usual

Flights and hotels, in general, have a higher risk profile than traditional physical goods industries and other digital products. And major sporting events have always been attractive targets for fraudsters. Tickets are highly liquid digital assets that can be purchased and transferred almost instantly, often with limited customer identity information and little time for merchants to conduct extensive payment reviews.

During events like this World Cup, several factors layer on additional risk and complexity: 

  • Last-minute transactions multiply. Flights booked within a week of departure are consistently riskier compared to plan-ahead orders, Riskified found, and a fraudster is 80% more likely to buy a last-minute ticket than a good customer, likely because they know vendors are in a rush to fill upcoming flights. But legit last-minute bookings are likely to rise as World Cup fans scramble to book transportation to see their team in the next round.

    Urgency is also one of the strongest predictors of ticket fraud. Riskified’s analysis of secondary-market ticket transactions during Qatar 2022 showed that same-day ticket purchases were nearly six times riskier than those made further in advance. Risk climbed sharply during the final 72 hours before the event, when buyers faced the greatest pressure to secure seats, and merchants had the least time to evaluate transactions.
  • Flights and tickets are pricey. International flights are a lucrative target for fraudsters in part because their average order value is nearly 3.5x that of domestic flights. For airlines, this means the wrong decision on an international flight payment can have an outsized impact.

    As for tickets, Riskified data from Qatar shows fraud activity concentrating in the $1,000-$2,500 range. These purchases are valuable enough to yield meaningful returns for criminals yet common enough to avoid attracting additional scrutiny.
  • Ground travel volume is at its peak. June to August is traditionally the peak season for train and bus bookings, with volume about 30% higher than the rest of the year. Fraudsters, who aim to mimic legitimate buying behavior, double their fraud attempts during these busy months, making July and August +40% riskier for fraud. World Cup fans making regional trips by train or intercity bus could potentially add to this volume. 
  • Some risk patterns are counterintuitive. Riskified data from Qatar 2022 revealed two patterns that may throw ticket merchants for a loop this year. The first is that risk does not mirror sales volume. While ticket demand remained strong throughout the tournament, fraud activity increased steadily as the competition progressed, ultimately reaching levels 366% above the pre-tournament baseline. The sharpest increases occurred during the final weeks, when matchups became more meaningful and inventory became increasingly scarce — just when merchants tend to prioritize speed and customer experience over manual review. This creates an attractive window for fraudulent purchases.

The second is that individual buyers are riskier than bulk purchasers, reversing the usual risk pattern for event tickets. Single-ticket purchases consistently exhibited higher fraud risk than larger orders in Qatar. Criminals likely favor these smaller transactions because they attract less attention and can be scaled across multiple compromised payment credentials or accounts.

In both cases, merchants must evaluate the broader behavioral context surrounding each transaction, including account history, payment patterns, device intelligence, and network-level signals.

A merchant playbook for the knockout rounds

  • Monitor every player. Organized fraud rings rarely operate through isolated transactions. Effective prevention requires visibility into patterns across merchants, accounts, devices, and payment credentials. Ticket and travel merchants need data visibility across the entire journey to properly assess risk. Context is essential.
  • Watch the clock. Same-day match ticket purchases were 5.7 times riskier than advance purchases in Qatar, with the final 72 hours before an event representing a particularly high-risk window. For flights, a fraudster is 80% more likely to buy a last-minute ticket than a good customer.
  • Focus on the midfield. Riskified’s data from Qatar shows that fraud historically peaks in the middle $1,000-$2,500 transaction range, where criminals can maximize returns while minimizing scrutiny.
  • Beware the lone striker. Single-ticket orders often present greater fraud risk than larger purchases.

Mounting a network defense

The lesson from Freddy’s viral adventure? During an event as large and complex as the World Cup, businesses that can connect more of the dots will be better equipped to stop fraud without blocking genuine customers.

Riskified works with leading ticketing and travel merchants and OTAs, processing roughly half a billion travel transactions each year. Riskified’s dynamic technology examines patterns at a network-wide scale. By using machine learning to gauge which checkout pathway is right for each transaction’s risk level — whether to authorize, decline, or judiciously deploy additional verification where it’s absolutely necessary — merchants can more precisely filter out bad orders and maximize good ones.