Kris Mayes warned that crypto ATM scams are accelerating in Arizona, with reported losses topping $177 million from Arizonans in 2024. Her office says the playbook is consistent: scammers create urgency, push victims to withdraw cash, and then direct them to feed that cash into cryptocurrency kiosks where the funds become far harder to claw back.
The Attorney General’s office says these schemes typically start with unsolicited calls, texts, or emails that impersonate government agencies, banks, or even relatives, and they disproportionately target older adults. Mayes’ message was blunt and operational: “No legitimate governmental or official entity will ever demand payment in cryptocurrency,” and anyone who hears that demand should treat it as a fraud signal and report it quickly, including via the dedicated portal at azag.gov/consumer/topics/crypto.
What Arizona’s new crypto kiosk law changes
Arizona’s response is not just a warning campaign—it’s a control upgrade backed by a new law aimed at interrupting scam flows at the point of sale. The Cryptocurrency Kiosk (ATM) License Fraud Prevention law (HB2387) took effect on September 26, 2025, and it sets clearer rules for kiosk operators around limits, disclosures, and remediation.
The law caps exposure by limiting daily transactions to $2,000 for new customers (wallets under 10 days) and $10,500 for existing customers, while also forcing more “speed bumps” before a transaction can proceed. In practice, kiosks must display prominent on-screen warnings and require customer acknowledgement, creating intentional friction designed to break the coercion loop scammers rely on.
It also creates a recovery pathway for new customers by requiring refund eligibility when fraud is reported within 30 days and backed by a verified law-enforcement report, including associated fees. That makes timing a core variable: the office emphasizes that waiting too long can be the difference between a viable refund claim and a dead end, which is why it’s directing victims to report incidents as soon as they suspect wrongdoing.
Operational takeaways for consumers and operators
The Attorney General’s office is pairing the new rules with a statewide awareness push alongside Better Business Bureau and local law enforcement, including warning materials installed at kiosks. The intent is straightforward risk reduction: give people clear, in-context prompts before they send money, and make the reporting pathway obvious when something feels off.
For kiosk operators, the law effectively formalizes a higher compliance baseline by requiring prominent disclosures and the use of anti-fraud blockchain analytics, which increases both cost and accountability. For consumers, the value proposition is equally direct: tighter limits and mandated warnings reduce single-day damage, while the 30-day reporting window and refund framework improve the odds of recovery when victims act fast.
For treasury teams and institutional stakeholders tracking retail on-ramps, Arizona’s approach is a notable precedent that reshapes the risk profile of cash-to-crypto flows and could influence broader state-level policy direction. In the near term, the practical play is to treat the portal and the 30-day clock as key process checkpoints when advising clients, supporting incident response, or updating internal risk communications.
