Lets begin with a number. $442 billion. That is the sum lost to scams globally last year. Every cent of it transferred willingly by the people who lost it, every transaction validated without objection by the financial institutions that processed it. Interpol now places fraud in the same category as cocaine trafficking, heroin distribution and organised prostitution. It is, by any measure, one of the most lucrative industries on earth.

The uncomfortable addendum, offered by a fraud intelligence specialist at Transform Finance's 4th Annual FinCrime Leaders Summit Europe, Amsterdam, is that $442 billion is almost certainly an undercount. Fraud is chronically under-reported - partly because victims feel shame, partly because the amounts involved are sometimes too small to pursue, and partly because many victims do not realise they have been defrauded until months after the fact. "The only thing we can agree on," one panellist observed, "is that the attack rate is high and many are victims." One social media company disclosed in its annual report that 10% of its revenue - approximately $16 billion - derived from advertising that was suspicious or fraudulent in nature. No enforcement action followed.

The scale is one thing. The structure is another.

From Basement to Boardroom

The popular image of the fraudster - a lone operator in a darkened room, running scams for pocket money - has not been accurate for some time. What replaced it is considerably more disturbing.

Satellite images shared during the summit tracked the growth of a single fraud compound near the Myanmar-Thai border from 2020 to 2025: from open agricultural land to a purpose-built facility housing an estimated 20,000 workers. Across Southeast Asia, Africa, Eastern Europe and Central America, these operations have proliferated. One compound alone is now estimated to house people from 80 different nationalities. The total number of individuals forced to work in such facilities - many of them trafficking victims who were themselves deceived to get there - runs to well over 100,000.

This is organised crime operating with the logic of a business. Chinese triads provide financing. Cybercrime cartels coordinate the procurement of phishing kits and operational tools. Local militias provide security. Human resources functions recruit workers. CRM systems manage victim pipelines. Finance departments handle the laundering chain. One fraud intelligence specialist who has tracked these compounds since 2021 was precise about what this represents: "It is not hidden. You can find it on Google Maps. It is so profitable that they are expanding everywhere."

Crucially, this is the point the industry has been slowest to internalise, this model is already being superseded. The compound with 20,000 workers is becoming redundant. Agentic AI can now execute the entire fraud lifecycle, from initial contact to emotional manipulation to coached authorisation to fund transfer, without a human operator. The workforce requirement collapses to near zero. The cost of a fully automated scam operation is, in the words of one speaker, cheaper than a Netflix subscription.

The Fraud Engine

Understanding why fraud works at scale requires understanding why it works on individuals. That conversation at the Amsterdam summit was anchored in cyberpsychology - the study of how human cognition behaves differently in digital environments, and how those differences can be systematically exploited.

The core insight is that fraudsters do not hack systems. They hack people. And they do so using exactly the same psychological levers that legitimate businesses use to drive customer behaviour: familiarity, social proof, manufactured urgency, authority, loss aversion, and the tendency of a busy mind to default to pattern recognition rather than critical analysis. The same techniques that drive click-through rates in digital marketing - the countdown timer, the scarcity signal, the personalised recommendation are the techniques that drive victims to transfer money they would never otherwise move.

There are three distinct stages in a modern fraud. The first is emotional: creating urgency, fear, excitement or hope sufficient to suppress the victim's critical faculties. The second is coaching: a sustained period of trust-building and incremental commitment that may last days, weeks or months. Romance fraud, at its most elaborate, involves a grooming phase that mirrors the dynamics of an abusive relationship - isolation, manufactured dependency, and a calculated escalation that leaves the victim convinced the relationship is real and the stakes are personal. The third stage is the transfer itself: the moment at which the victim, now fully conditioned, authorises the payment.

The architecture of most financial institutions' fraud defences addresses almost exclusively the third stage. The first two happen entirely outside the bank's visibility - on social media platforms, messaging applications and dating sites that are outside its jurisdiction and carry no comparable liability for the losses they facilitate. By the time the transfer reaches the institution, the fraud is, in a meaningful sense, already done.

The Asymmetry Problem

The panel session that followed heard a question put plainly: if we know all of this, why are criminals still winning?

The answers were varied, but they converged on a theme. Criminals operate with a speed and agility that institutions structurally cannot match. A dark web fraud toolkit targeting a specific bank's customers can be built, listed and operational within hours. A financial institution deploying a new detection rule must first commission a business case, convene a working group, conduct a technology assessment, clear multiple steering committees, and satisfy its risk governance framework. By the time the defence is in place, the attack pattern has moved on.

AI is deepening this asymmetry. Fraud powered by artificial intelligence is, by one estimate, 4.5 times more profitable than non-AI fraud. Deepfake video generation is available as a subscription service for ten dollars a month. Voice cloning requires ten seconds of recorded audio. Synthetic identity documents can be produced for five dollars. In one case study presented at the summit, an entirely fabricated investment platform - complete with a regulatory certification, an AI-generated financial adviser, a scripted onboarding conversation and a convincing KYC process - was constructed and deployed in under a day. The victim, a Swiss citizen seeking a modest investment return, ultimately authorised fourteen separate payments to four beneficiaries. Nothing in the process triggered a bank alert. Everything was done by the book - the criminal's book.

"Behind every fraud, every scam, there is a money transfer," one speaker told the room. "If you do not master your transfer, you will never control fraud."

A Lifecycle Defence

The prescription that emerged from the summit was not a single solution but a structural reorientation. If fraud is a lifecycle, the defence must become one too.

Detection of the emotional stage is possible - natural language processing tools can identify the patterns of urgency, flattery and pressure that characterise fraud initiation. Detection of the coaching stage can be supported by behavioural biometrics. Detection of the transfer stage requires real-time monitoring augmented by external intelligence that reaches beyond the institution's own data. And crucially, all of it must be assembled into a coherent picture at the point of decision.

Verification of payee measures introduced across Europe with considerable fanfare were assessed candidly. UK data suggests that criminals adapted within six months of their introduction, engineering perfect name matches to defeat the control. In one analysis shared at the summit, fraud cases involving a perfect VOP match doubled following the regulation's introduction. The fraudsters had anticipated the defence and adjusted accordingly.

The same candour applied to the $442 billion figure itself. Several speakers expressed the view that the number, extraordinary as it is, reflects only what is reported, recorded, and attributed. The true cost in lost savings, broken relationships, mental health consequences, and the trafficking of the people conscripted into the scam compounds, is not on any spreadsheet.

One fraud investigator offered a closing thought that stayed with the room. For every million euros not stolen through fraud or scams, she had been told, approximately four fewer people are trafficked to the scam centres of Southeast Asia. The financial crime problem and the human rights problem are, at scale, the same problem.

The industry has the tools to make a significant dent in both. The question is whether it will deploy them with the urgency the situation demands.

This article is part of Transform Finance's coverage of the 4th Annual FinCrime Leaders Summit Europe, Amsterdam 2026.