There is a thought experiment I want to invite you to sit with before we go anywhere else.
Imagine a country. Its economy generates over four hundred and forty billion dollars every year. It employs millions of people. It has supply chains, logistics networks, research and development, customer acquisition strategies, and international operations spanning every continent. It has adapted to every new technology faster than most legitimate industries. And it reinvests its profits relentlessly into innovation.
That country is fraud. And according to INTERPOL’s 2026 Global Financial Fraud Threat Assessment, it generated four hundred and forty-two billion dollars in losses in 2025 alone.
To put that in context: if fraud were a national economy, it would rank among the world’s largest. It dwarfs the GDP of most countries. And unlike those countries, it produces nothing. It creates no value. It only transfers it; from the people who earned it to the people who stole it.
Every twelve seconds, someone in the United Kingdom becomes a fraud victim. Not a statistic in a report. A person. A human. With a story. With a loss that is not only financial but frequently emotional, psychological, and in the most serious cases, permanent.
Fraud is not a technology problem with a human dimension. It is a human problem that technology has made catastrophically scalable.
The Oldest Business in the World
Before we discuss where fraud is going, I want to take you to where it began. Because the story of fraud’s origins contains a truth that no amount of digital transformation has changed.
The year was 300 BC. A Greek sea merchant named Hegestratos, together with his partner Zenosthemis, devised what is now recognised as the earliest recorded instance of financial fraud in Western history. The instrument they exploited was called a “bottomry”; a maritime loan in which a ship owner borrowed against the value of their vessel and cargo. The terms were elegantly simple: if the ship completed its voyage and delivered its cargo, the loan was repaid with interest. If the ship sank, the debt was cancelled. The entire risk of the voyage sat with the lender, not the borrower.
Hegestratos saw the architecture of the arrangement and understood its vulnerability. He took out the bottomry against a shipment of corn. Then he loaded no corn. His plan was to sail a short distance from port, sink the empty ship, pocket the loan, and separately sell the corn he had never declared. The lender would have no cargo to repossess. The debt would be cancelled by a disaster that was entirely manufactured.
The plan failed. His crew discovered what he was doing in the hold. Hegestratos attempted to escape and drowned. Zenosthemis was tried in the Athenian courts.
Two thousand three hundred years later, the mechanics of that fraud are instantly recognisable. The exploitation of information asymmetry; the lender could not know the ship was empty. The manipulation of contractual architecture to reverse risk. The use of a manufactured event to destroy the evidence. These are not ancient techniques. They are the template for insurance fraud, securities fraud, and credit fraud as practised at scale today.
The tools are different. The impulse is identical. Fraud is not a modern pathology. It is one of the oldest expressions of human ingenuity turned against other human beings.
The Scale That Should Stop Us in Our Tracks
INTERPOL does not use cautious language in its 2026 assessment. It rates the overall global risk from financial fraud as High, and expects the scale to escalate significantly over the next three to five years. The primary accelerant: AI, no surprise here!
AI-enhanced financial fraud is, according to the INTERPOL report, four and a half times more profitable than traditional methods. Agentic AI systems can now autonomously plan and execute complete fraud campaigns; from reconnaissance to the delivery of ransom demands; without human intervention at each step. Fraud-as-a-service platforms have made enterprise-grade attack infrastructure available for subscription fees that put it within reach of anyone willing to pay. The barriers to entry for sophisticated fraud have collapsed.
TransUnion’s analysis of business fraud losses through 2025 found that companies worldwide lost an average of 7.7 percent of their annual revenue to fraud. In the United States that figure reached 9.8 percent – a 46 percent increase from the previous year. Digital account takeover fraud grew 141 percent between 2021 and 2025. Only four percent of fraud victims globally recover their losses.
These numbers are not background context. They are a description of a crisis that is expanding faster than the institutions designed to contain it. And they represent, at the human level, stories that never make the statistics. The elderly person who lost their savings to a voice clone of their grandchild. The small business owner who transferred funds to an account that did not belong to the supplier they had worked with for years. The family whose financial security was destroyed by a manufactured emergency that arrived through a channel they trusted.
Fraud is not a technology problem with a human dimension. It is a human problem that technology has made catastrophically scalable.
A Remarkable Coincidence From 300 BC
Here is the thing that has always struck me about the year 300 BC.
In the same year that Hegestratos was in a ship’s hold, attempting the world’s first recorded insurance fraud, something else was happening in Alexandria. A mathematician named Euclid was completing a work called Elements; thirteen books that would become one of the most important texts in the history of human thought. Among the propositions it contained was a proof, elegant and complete, that prime numbers are infinite in quantity. Numbers divisible only by themselves and one, scattered through the integers with a pattern that looked random but was not, extending without end into the furthest reaches of mathematics.
Euclid had no idea what he had given the world. For over two thousand years, prime numbers were considered the purest example of knowledge for its own sake. Beautiful, certainly. Fascinating, absolutely. Useful, apparently not.
Then, in 1977, three researchers at MIT; Ron Rivest, Adi Shamir, and Leonard Adleman; published a paper that turned two thousand years of mathematical aesthetics into practical infrastructure. The RSA algorithm, named for its inventors, showed that the difficulty of factoring the product of two very large prime numbers could be used as the basis for encryption. A message encrypted with a public key derived from that product could only be decrypted by someone who knew the original primes. And finding those primes, given only their product, would require a computational effort measured not in seconds but in millions of years.
Every time you see a padlock in your browser. Every time a payment is processed securely. Every time an encrypted message travels across the internet. You are using Euclid’s prime numbers. He proved their infinitude in 300 BC so that, twenty-three centuries later, they could protect us from the descendants of Hegestratos.
In the same year that the world’s first fraud was committed, the mathematics that would eventually protect us from fraud was being written. The problem and its solution arrived together. We just had to wait two thousand years to connect them.
The Conservation of Problems and Solutions
I find myself drawn to a way of thinking about this that comes from my physics background. In quantum mechanics, pair production describes the spontaneous creation of a particle and its corresponding antiparticle from energy; matter and antimatter, generated together, inseparable in their origin. Conservation of energy and mass means neither appears without the other.
I wonder sometimes whether something similar operates in the history of human problems. Whether the problem and its solution are, in some meaningful sense, created at the same time; the solution waiting in the structure of things, invisible until the moment someone looks in the right direction.
Hegestratos devised the architecture of fraud. Euclid, in the same year, described the mathematics that would one day make it possible to build systems resistant to that architecture. Neither knew what the other was doing. Neither could have imagined the connection. And yet the connection exists, and we live inside it every time we conduct a secure digital transaction.
This is not mysticism. It is a genuine observation about the history of ideas: that the resources needed to solve a problem are often already present, waiting to be recognised and applied. The question is always whether we will choose to look closely enough.
Humanised Cryptography: The SIM
Which brings me to where I always arrive in these conversations. Not at the abstract question of how cryptography works, but at the concrete question of how it reaches the people who need it.
Cryptography, for most of its history, was the exclusive province of states and specialists. The mathematics required to implement it was inaccessible to ordinary people. The infrastructure required to deploy it was available only to governments and large institutions. The promise of Euclid’s primes remained, for most of human history, locked behind technical barriers that most of humanity could not cross.
Then, in 1991, something changed. The first SIM-based mobile phone call was made. And cryptography became, for the first time, something that ordinary people used every day without knowing they were using it.
The SIM; the Subscriber Identity Module; contains a unique cryptographic key stored securely in hardware that only the mobile network can communicate with. When a mobile network authenticates a subscriber, it performs a cryptographic challenge-response with the SIM directly. The key never leaves the device. It is never typed, never displayed, never transmitted in recoverable form. The authentication happens invisibly, between the network and the chip, without requiring any knowledge or action from the person holding the phone.
This is what humanised cryptography looks like. Not cryptography that asks you to understand key lengths or certificate authorities or modular arithmetic. Cryptography that works because you have a phone and the phone has a SIM. Cryptography that provides the same level of protection to the person with an eight-hundred-dollar smartphone as to the person with a twenty-dollar handset. Cryptography that has authenticated billions of people, billions of times, for over thirty years, without ever once asking them to memorise a prime number.
The SIM is Euclid’s mathematics, made human and inclusive.
The Business Model of Fraud, and Its Counter
Fraud is a business. INTERPOL is explicit about this. It has business models, competitive dynamics, innovation cycles, and customer acquisition strategies. The fraudsters who are operating at scale in 2026 are not opportunists. They are entrepreneurs in the most clinical sense of that word; people who identified a market inefficiency and built operations to exploit it.
The market inefficiency they are exploiting is a specific one. It is the gap between the capability of the digital systems people use and the ability of those systems to reliably know who they are talking to. The internet was not designed to identify us humans, it was built without an identity layer. Thirty years of patches and workarounds; passwords, security questions, OTPs, biometrics; have not closed that gap. They have complicated it.
Fraud, in almost every form it takes, ultimately depends on that gap. The fraudster who impersonates a bank representative depends on the fact of not being able to verify who is on the line. The account takeover depends on credentials that can be stolen because they are stored in recoverable form. The synthetic identity fraud depends on identity systems that cannot distinguish between a real person and a manufactured one.
The SIM closes the gap. Not partially. Structurally. An authentication system built on SIM-based cryptographic keys does not have credentials that can be phished, because there are no credentials on the user’s side to steal. It does not have passwords that can be cracked, because there are no passwords. It does not depend on the user making the right decision under emotional pressure, because the user makes no decision at all; the authentication happens in the background, invisible to the user, between systems that cannot be manipulated by social engineering.
This is the answer that 300 BC gave us, twice, simultaneously: the problem and the solution, arriving together, waiting for us to connect them.
I always remind myself and everyone – the “I” in SIM stands for “Identity”, it did the same in 1991 when it was introduced, and it’s the same when we are using eSIMs in 2026.
What the Numbers Are Asking Us
Four hundred and forty-two billion dollars in 2025. A 54 percent rise in fraud-related alerts from 2024 to 2025. AI-enhanced fraud four and a half times more profitable than traditional methods. A trajectory that INTERPOL expects to escalate significantly over the next three to five years.
These numbers are not asking us to be more vigilant. Individual vigilance, as I have written before, cannot be the primary defence against systems specifically engineered to defeat it, as the target is our humanness. These numbers are asking us to change the architecture.
Every year we continue to build digital services on password-based authentication is another year in which the economics of fraud remain irresistible. The cost of attack is collapsing. The potential returns are enormous. The human cost is borne by individuals who had no meaningful choice in how the systems that failed them were designed.
The mathematics of the solution has been available since 300 BC. The engineering of the solution has been available since 1991. The infrastructure to deploy it at global scale exists today, in the GSMA Open Gateway and the SIM-based authentication APIs – Number Verify, which I had the privilege to invent for the industry in 2016 and that mobile operators are now making available to developers and enterprises.
The only thing that has ever been missing is the decision to use what we already have.
Fraud is the world’s oldest business. The tool that can make it dramatically harder to run is the world’s most widespread cryptographic device, sitting in the pocket of more than five billion people.
The problem and the solution have been with us for the same amount of time.
The question is only which one we choose to act on.
