Executive Summary: A Payments Revolution With a Shadow

Few countries have embraced mobile payments as completely as Peru. According to the country’s Central Reserve Bank, more than 67% of all digital transactions in Peru now run through just two apps — Yape and Plin — with usage growing more than 70% year over year. Street vendors in Lima, taxi drivers in Arequipa, and market stalls in Cusco that dealt only in cash five years ago now display QR codes next to their produce.

The fraud economy noticed. The director of Peru’s national police (PNP) cybercrime division has warned that roughly 90% of computer fraud cases in the country now move through digital wallet accounts — because the money moves instantly, and because tracing it once it lands in a mule account is slow, bureaucratic work. In the first quarter of 2025 alone, Peru logged 7,206 reports of computer fraud and nearly 3,000 reports of identity fraud, and investigators consider those figures a dramatic undercount of what actually happens on the street.

Peru’s scam landscape in 2026 is a study in how fast fraud adapts to new payment rails: fake transfer receipts, tampered QR codes, industrial-scale bank phishing, tourist ticket fraud aimed at the millions who visit Machu Picchu, and a long-running export industry of call-center extortion targeting Spanish speakers in the United States.

The Fake Voucher Economy: Scamming the Seller, Not the Buyer

Peru’s signature scam inverts the usual direction of payment fraud — the victim is the merchant. A customer buys goods at a market stall or arranges a purchase over WhatsApp, then shows the seller a payment confirmation screen from Yape or Plin. The screen is fake — generated with editing tools or one of the dedicated “fake voucher” apps circulating in Peruvian criminal channels. Police have logged hundreds of formal complaints about simulated transfers, and the true number is assumed to be far higher because most defrauded vendors never report a loss of 50 or 100 soles.

The technique has become startlingly sophisticated. Investigators have documented scammers using artificial intelligence tools to simulate the distinctive Yape confirmation sound — the audio cue vendors rely on when they’re too busy to check the screen. When the notification chime itself can be faked, an entire layer of informal trust collapses.

QR code tampering adds a second layer. As reported by Peruvian media, criminals print their own QR stickers and paste them over the legitimate codes displayed at shops and stalls, silently redirecting customer payments into accounts controlled by the gang. The merchant loses the sale; the customer believes they’ve paid; nobody notices until the end of the day’s accounting.

Industrial Phishing: 370 Domains Against One Bank

Peru’s banks are under sustained impersonation attack. Researchers at Group-IB documented a campaign running since 2024 in which threat actors created a network of phishing domains impersonating one of Peru’s leading banks — roughly 370 unique domains identified in a single coordinated campaign. The lure is a fake digital loan application: victims searching for quick credit find convincing bank-branded sites, complete application forms, and are then walked through “verification” steps designed to harvest their card numbers and PIN codes.

It’s a well-chosen hook. Peru has a large informal economy where fast small-sum credit is in constant demand, and a population of relatively new digital banking users who have little experience distinguishing a real bank domain from a clone.

Extortion Goes Digital — and Wallets Collect the Ransom

Peru’s most violent crime trend has also plugged into the payment apps. The Public Prosecutor’s crime observatory recorded more than 78,000 extortion reports in a single eight-month stretch — a wave largely driven by organized gangs targeting small businesses, transport operators, and construction firms. Increasingly, the collection mechanism is a digital wallet: pay the number on the message, or your bus route, bodega, or building site becomes a target. The same instant, semi-anonymous transfers that make Yape convenient for commerce make it convenient for coercion.

The Tourist Trap: Fake Machu Picchu Tickets

Peru’s crown jewel attraction has its own dedicated fraud industry. Fraudulent websites and social media pages impersonate official Machu Picchu ticket vendors, taking payment for entry passes that either don’t exist or won’t scan at the gate. The cloned sites copy the government’s design closely enough to deceive thousands of visitors a year — many of whom discover the fraud only after traveling days to reach the Sacred Valley. The only legitimate online source is the government-run ticketing system at culturacusco.gob.pe, a fact buried beneath paid search ads for lookalike resellers.

Around the tourist economy, older analog scams persist: rigged taxi meters from the airport, counterfeit soles passed to distracted visitors, and “gold” jewelry that’s anything but.

The Export Business: Call Centers Targeting the Diaspora

Peru also runs an outbound fraud industry. In a case prosecuted in the United States, a Peruvian national was sentenced to more than six years in federal prison for supplying internet phone lines, caller-ID spoofing, and call-recording services to a network of fraudulent Peruvian call centers. Those centers extorted thousands of Spanish-speaking consumers in the US, falsely threatening court proceedings, fines, and deportation-adjacent consequences unless victims paid for English-language courses and products they had never ordered. It’s a reminder that Lima’s fraud economy doesn’t stop at the border — it follows the language.

Who Gets Hurt

Research on elder fraud in Latin America found that 18% of Peruvian scam victims lost between S/3,801 and S/38,000 — sums that in a country with a median monthly income under S/2,000 can represent a year or more of earnings. Older Peruvians navigating banking apps for the first time, rural users onboarded straight from cash to QR codes, and small merchants operating on razor-thin margins absorb losses that rarely get reimbursed and rarely get investigated.

Protecting Yourself

If you sell in Peru — verify in the app, not on the screen. Never accept a customer’s phone screen or a notification sound as proof of payment. Open your own Yape or Plin app and confirm the money actually arrived before handing over goods.

Check your QR codes physically. If you display a printed QR code, inspect it regularly for stickers pasted over the original, and test-scan it yourself.

Never apply for loans through links or ads. Type your bank’s address manually or use its official app. No legitimate Peruvian bank asks for your card PIN to “verify” a loan application.

Buy Machu Picchu tickets only from the official government site (culturacusco.gob.pe) or authorized agencies you’ve verified independently — never through search ads or social media sellers.

Report fraud, even small amounts. Complaints filed with the PNP’s cybercrime division and the Fiscalía build the case volume that forces resources toward the problem. Silence is what keeps the fake voucher economy profitable.

Peru digitized its money in half a decade. Its fraud protection culture is still catching up — and until it does, the safest assumption is that any payment you haven’t verified inside your own app hasn’t happened.