Mexico Loses MX$11.3 Billion to Cyber Fraud

Mexico’s financial system faces a surge in cybercrime, recording MX$11.3 billion (US$611 million) in losses from digital fraud in 2024 alone, according to Cloudflare. This phenomenon, driven by social engineering techniques, highlights the obsolescence of traditional security mechanisms and underscores the need for a new digital trust paradigm, says the company.

According to Facephi’s Fraud Intelligence Report 2025, 72% of successful fraud attempts were executed through the psychological manipulation of users. This figure exposes the limitations of an approach focused solely on customer education. “Digital literacy is essential, but we cannot delegate all responsibility to the citizens. Banks, payment providers, and governments must implement systems that prevent fraud from being completed even when someone takes the bait,” says Javier Barrachina, Director of R&D, Facephi.

This problem reveals a gap in the institutional response. Figures from Cloudflare indicate losses from identity theft increased 77% compared to the previous year. Despite this economic damage, financial institutions only reimbursed 1.4% of the total to affected customers. This data not only reflects the ecosystem's vulnerability but also erodes user trust.

The issue has evolved from simple fraudulent emails to complex multi-channel scams, which may use cloned voices in automated calls, fake profiles on social media, or WhatsApp messages to simulate legitimate communications from banks, corporations, or even personal contacts. Attackers also segment their targets with precision, using platforms like TikTok for young people, Facebook for adults, and WhatsApp groups for professional environments to adapt the deception to each potential victim's profile.

Given this sophistication, conventional authentication mechanisms like passwords and SMS verification have proven insufficient. The Facephi report highlights that emerging technologies are most effective in mitigating these risks. Biometrics, for example, can reduce successful frauds by up to 90%. Real-time liveness detection achieves 70% accuracy against identity spoofing that uses deepfakes. Additionally, implementing collaborative systems between banks and fintechs, known as trust frameworks, has resulted in a 60% decrease in the reuse of mule accounts, according to the report.

A specific challenge is the rise of spoofing attacks that use Generative AI, which leverage the abundance of photos and videos on social media. To counter this threat, identity verification must now confirm that the person is real, alive, and present during the transaction.

Facephi developed passive detection technology that analyzes elements imperceptible to the human eye in the background. These include skin texture, lighting, and facial depth micro-details, which do not require forced actions from the user. This technology is certified under the international standard ISO/IEC 30107-3, validating its effectiveness against basic attacks, such as printed photos, and advanced attacks like high-quality 3D masks.

The final objective is not to completely eradicate deception attempts, Barrachina says. Instead, the goal is to build resilient systems where fraud cannot be consummated, even if a user falls victim to social engineering. This involves designing security architectures where compromised personal information is insufficient to authorize transactions, raising the difficulty of attacks until they are no longer profitable for cybercriminals.