More Mexicans Have a Smartphone Than Reliable Running Water.

And nobody calls it what it actually is: a political decision about which infrastructure we chose to build — and which ones we didn't.

JM

JMCoach · #TheHowMaker

 

Two infrastructure systems. Two investment decisions. Two different political priorities. One country living with the consequences of both.

In 2024, 81.7% of Mexicans over age 6 used a mobile phone.
In 2024, only 52.3% of urban Mexicans had a constant, reliable water supply.

Read that again.

These are not estimates. They are the official numbers — published by INEGI and CONAGUA, the same government institutions responsible for measuring exactly this kind of gap. They are not disputed. They are simply not talked about in the same sentence.

We celebrate the smartphone number as progress. We lament the water number as a persistent challenge. What we almost never do is place the two figures side by side and ask the obvious question: how does a country build the infrastructure to connect 99 million people to mobile networks — and simultaneously fail to provide half its urban population with water they can count on turning the tap and finding?

The answer is not complicated. It is uncomfortable. It is a political decision. And understanding it is essential for anyone who cares about what digital progress actually means — and who it actually serves.

The Numbers Side by Side

Digital Connectivity · 2024

98.6M

Mexicans using a mobile phone in 2024 — 81.7% of the population over age 6. Among them, 96% use smartphones.

INEGI · ENDUTIH 2024 / IFT

Water Access · 2023–2024

52.3%

of urban Mexicans report having a constant, reliable water supply — down from 62.4% in 2019. It is getting worse, not better.

INEGI · ENCIG 2023 / El Financiero

Internet Access · 2024

83.1%

of the Mexican population used internet in 2024 — a record high. Urban areas: 86.9%. Rural areas: 68.5%. The gap persists.

INEGI · ENDUTIH 2024

Treated Water · 2022

14%

of Mexicans have access to treated, safe water at home, according to WHO. 92% have "access to water" — but access and reliability are not the same thing.

WHO 2022 / DAPA Mexico

Let that sit for a moment. Mexico has built a digital connectivity infrastructure that reaches more than four out of five people. It has not built a water infrastructure that guarantees reliable, constant supply to even half of those living in its cities. And in rural areas — where water scarcity is most acute — the infrastructure gap for both is larger, even if mobile connectivity has grown faster there than anywhere.

The smartphone reached communities where the water pipe never did. That is not a technology success story. It is an infrastructure priority story.

Why the Comparison Is Not Unfair

Some will argue that telecommunications and water infrastructure are different problems — different technical complexity, different funding mechanisms, different timelines. That is true, and it is also the argument that has been used for decades to avoid the comparison. The technical differences are real. The political convenience of treating them as entirely separate is also real.

The facts make the comparison unavoidable. Mexico's telecommunications sector attracted massive private investment — primarily from a single dominant operator, but investment at scale nonetheless — under a regulatory framework that made connectivity a commercial opportunity. The IFT was created specifically to govern that investment and promote competition. When the commercial incentive was clear, the infrastructure followed. Not perfectly, not equitably, but it moved.

Water infrastructure in Mexico is constitutionally the responsibility of municipalities — many of which lack the technical capacity and the budget to maintain existing systems, let alone build new ones. CONAGUA estimates that approximately 30% of potable water in Mexico is lost to infrastructure leaks before it reaches anyone's tap. The national water balance shows 9,500 million cubic meters of groundwater being extracted annually in excess of natural recharge — the country is mining water it will not replace. Nine states including major industrial and population centers saw their reliable water supply decrease between 2021 and 2023. Chihuahua, Nuevo León, Puebla, Veracruz.

30% of Mexico's piped water leaks out before anyone drinks it.
Meanwhile, the country built mobile coverage for 99 million people.

The comparison is not unfair because the two things are technically equivalent. The comparison is fair because they reflect the same political economy: when there is a clear private return on investment, infrastructure gets built. When the beneficiaries are primarily poor, rural, or politically marginalized communities — and the return on investment is long-term, diffuse, and public — the investment does not follow at the same pace.

The Narrative of Digital Progress and What It Hides

The ENDUTIH 2024 results were celebrated across Mexico as evidence of transformative progress. And in one sense they deserve to be. Going from 39% of households with internet access in 2015 to 73.6% in 2024 is a real change that has real consequences for people's lives. Access to information, government services, economic opportunity, telemedicine, education — these are not trivial benefits.

73.6%

of Mexican households with internet access in 2024, up from 39% in 2015

INEGI · ENDUTIH 2024

30%

of Mexico's piped water is lost to infrastructure leaks before reaching any household

CONAGUA · National Water Statistics

9

states where reliable water supply decreased between 2021 and 2023, including Nuevo León and Veracruz

INEGI · ENCIG 2023

161 MXN

average monthly spending on a prepaid mobile plan — the most common type. That is approximately 8 USD.

INEGI · ENDUTIH 2024

But the narrative of digital progress becomes distorted when it is used to substitute for the harder conversation about basic services. When a government announces that 83% of the population uses internet as evidence of development — without noting that the same population is drinking water stored in household tanks because the municipal supply is unreliable — it is using one number to obscure another.

This is not unique to Mexico. It is a pattern visible across emerging economies where digital infrastructure has outpaced physical infrastructure. The smartphone becomes a substitute for the services the state did not deliver: telemedicine instead of clinics, digital banking instead of bank branches, online government services instead of functional local offices. The device is real. The access is real. The substitution for missing infrastructure is also real.

When connectivity becomes the substitute for services the state did not deliver, digital progress stops being an achievement and starts being an alibi.

The Investment Gap Is a Decision, Not a Destiny

Here is the number that puts everything in context: the UN estimates that every dollar invested in safe water and sanitation infrastructure returns between three and twelve dollars in economic benefits — through reduced healthcare costs, increased productivity, and decreased time spent obtaining and treating water. It is one of the highest-return infrastructure investments a government can make.

And yet the investment does not follow at the scale the need demands. Why?

Because water infrastructure does not have a private investor with the same motivation that built the cellular towers. Because the communities with the least reliable water access are also the communities with the least political weight. Because fixing a leak in a rural water system in Guerrero or Oaxaca does not generate the same headline as announcing 100 million mobile subscribers. Because the incentive structures in Mexican public spending — across administrations and parties — have consistently underweighted physical infrastructure for basic services relative to the visibility of digital announcements.

In communities where water arrives twice a week by truck, internet arrived first. That sequence is a policy choice, not a technical inevitability.

This is not a left or right argument. The underinvestment in water infrastructure has been consistent across six-year terms, multiple parties, and different economic philosophies. It is a structural feature of how Mexico allocates public resources — and of how private capital flows in the absence of the regulatory frameworks that made telecommunications investment commercially viable.

The question is whether the same political will that built the IFT, structured the telecommunications concessions, and drove mobile penetration to 81.7% can be applied to water — with different ownership models, different regulatory incentives, and a genuine accounting of what the deficit is costing the country in healthcare, productivity, and human dignity.

What This Means for Digital Transformation — Really

For those working in technology, digital transformation, or public policy, this comparison matters in a very practical way. Every conversation about AI, IoT, smart cities, digital health, or connected government takes place in a context where the infrastructure underneath those promises is uneven — often radically so.

Building a telemedicine platform for rural communities that lack reliable water is not the same problem as building one for an urban hospital. Building a smart water meter network for a system that loses 30% of its water to leaks before those meters is not a technology problem — it is a political priority problem that technology can help solve, but cannot solve alone. Designing digital government services for populations that alternate between internet access and water rationing requires understanding both deficits, not just the one with the better press release.

The honest version of digital transformation in Mexico — in any emerging market — starts with the acknowledgment that connectivity is necessary and insufficient. That reaching 83% internet penetration while 47.7% of urban residents cannot count on water is not a paradox to be explained away. It is a mandate to ask different questions about which infrastructure problems deserve the same urgency, the same investment frameworks, and the same political will that built the mobile network.

A country where you can stream video but cannot count on water from your tap is not a digital success story.
It is an infrastructure priority story with some chapters missing.

The Conversation Worth Having

None of this is a reason to stop celebrating digital connectivity. Smartphones and internet access have genuinely transformed what is possible for millions of Mexicans — in health information, economic opportunity, civic participation, and daily life. The ENDUTIH numbers represent real change for real people.

But progress should be measured against the full list of what people need — not just the things that attracted private capital. The right benchmark for a country's development is not how many people have smartphones. It is how many people have smartphones and reliable water and functional health infrastructure and educational access and physical safety.

When we measure progress with only the metrics that look good, we end up making policy that optimizes for the measurement — not for the people. Mexico is not unique in this. But Mexico's specific combination of world-class digital penetration and deeply inadequate water infrastructure makes the gap unusually visible — and unusually instructive.

The next time someone celebrates Mexico's digital progress with an INEGI chart, ask them to put the water access chart next to it. The conversation that follows is the one worth having.

The goal was never to connect everyone to the internet. The goal was always to improve lives. Connectivity is a tool, not a destination — and tools are only as good as the problems they are aimed at.

If this made you think — share the question

"More Mexicans have a smartphone than reliable running water. And we call that digital progress. What does that tell us about which infrastructure we actually decided to build?" — JMCoach

Sources · INEGI · Encuesta Nacional sobre Disponibilidad y Uso de Tecnologías de la Información en los Hogares (ENDUTIH) 2024 — May 2025 (81.7% mobile users; 83.1% internet users; 73.6% households with internet; 161.8 MXN average prepaid spend) · INEGI / IFT · ENDUTIH 2024 Press Release — 98.6 million mobile users · INEGI · Encuesta Nacional de Calidad e Impacto Gubernamental (ENCIG) 2023 — only 52.3% of urban Mexicans report constant reliable water supply, down from 62.4% in 2019; 9 states reduced reliable supply 2021–2023 · CONAGUA · Estadísticas del Agua en México 2023 — 30% of piped water lost to leaks; 9,500 million m³ groundwater overextraction annually · WHO / OPS 2022 — 92% of Mexicans have access to potable water source; only 14% have access to treated water at home · DAPA Mexico — data compilation from CONAGUA, INEGI, OMS · UN Water — estimated $3–$12 economic return per $1 invested in safe water and sanitation infrastructure · El Financiero — "Crisis de agua crece en México: Casi la mitad de la población no tiene acceso a suministro constante" — March 2024.

If your organization works in digital transformation, public policy, smart infrastructure, or regulated sectors — and you want to think more clearly about which problems technology actually solves and which ones require different conversations — let's talk.

The How Maker · #JMCoach
Digital Transformation · Public Sector Technology · Smart Infrastructure · AI & Data Platforms · Regulated Industries · Executive & Board Advisory

mxjormer@gmail.com  ·  linkedin.com/in/mxjormer  ·  jmcoach-mx.blogspot.com  ·  @JormerMx

The fraud tax that's quietly killing fintech margins

 

The fraud tax that's
quietly killing fintech margins
— and what no one reports

Fraud rates in fintech grew 156% year-over-year in 2024. In Mexico, identity theft fraud jumped 77% in a single year — and financial institutions reimbursed just 1.4% of affected users. The great fintech opportunity is real. So is the great fintech liability. And the two are connected in ways most platforms would rather not discuss publicly.

Jorge Mercado · #JMCoach

There is a number that does not appear in any fintech pitch deck, any Series B memo, or any investor relations call. It does not appear in the beautifully designed annual report showing user growth, NPS improvement, and revenue per active customer. The number is the real cost of fraud — not the fraud that is detected and blocked, which gets reported as evidence of the platform's effectiveness. The fraud that gets through. The fraud that is absorbed as a cost of doing business, averaged into the unit economics, and quietly subsidized by the capital that was raised to grow the company. In Mexico alone, financial fraud losses reached approximately MX$14.5 billion in 2024 — roughly US$760 million — according to CONDUSEF. Identity theft and banking data theft were the primary causes in nearly 40% of cases. And financial institutions reimbursed just 1.4% of affected users. That's not a statistic about fraud. It's a statistic about who pays for it — and it isn't the platform.

The fintech that does not have a real-time fraud detection architecture is not just accepting risk — it is actively transferring that risk to its customers, its investors, and eventually its regulators. The moment regulators start asking specific questions about reimbursement rates and detection gaps, the platform discovers that "we have a fraud team" is not the same answer as "we have a fraud architecture."

156%year-over-year growth in fraud rates in the fintech sector in 2024 — the fastest-growing risk categorySumsub · Fintechmagazine.com

324%increase in account takeover attacks in Mexico between end of 2024 and early 2026 — highest in Latin AmericaBioCatch · Mexico Business News 2026

77%increase in identity-theft fraud in Mexico's banking system in 2024 — MX$11.3B (US$611M) in lossesCONDUSEF · Mexico Business News 2025

1.4%of fraud losses reimbursed to affected users by Mexican financial institutions in 2024 — the rest is absorbed by customersCONDUSEF · 2025

$43Bprojected global credit card fraud losses by 2026 — a number growing faster than the platforms trying to stop itNVIDIA · Fintechmagazine.com

The four angles of the same problem

Fintech fraud is not one problem with one solution. It is four interconnected problems that look different from the outside but share the same root: platforms that grew faster than their operational and security infrastructure, financed by capital that had no patience for the "boring" work of risk architecture. Understanding each angle is how you understand why the aggregate numbers are so large — and why the opportunity to fix it is equally large.

Angle 1: The opacity problem — what doesn't get reported

Mexico · Reporting Gap · Real Losses vs. Published Losses

CONDUSEF data represents what gets formally reported. Industry experts in Mexico consistently estimate that only 10% to 20% of actual digital financial fraud reaches formal complaint channels. The rest is absorbed silently: the user who doesn't know they can complain, the small transaction that isn't worth the friction of reporting, the business that writes off the loss rather than document the incident. Mexico experienced a 324% increase in account takeover attacks between end of 2024 and early 2026, according to BioCatch — making it the highest-growth fraud target in all of Latin America, significantly ahead of Colombia's 188% increase. That escalation also came with a 234% increase in fraud involving remote-access tools and a 150% rise in social engineering attacks. The published loss numbers are the floor, not the ceiling.

The opacity extends to the fintechs themselves. NuBank does not publish Mexico-specific fraud loss data. Clip, Kueski, and Konfío do not disclose their fraud rates. Three Mexican financial institutions were sanctioned by the U.S. Treasury in June 2025 for facilitating money laundering — a risk that emerges precisely from the absence of real-time monitoring at the operational level. CONDUSEF reported a 155% year-over-year jump in mobile banking fraud complaints in one quarter alone. When the reported data jumps that fast, the unreported data is moving faster.

Angle 2: The consumer trap — who really pays

User Trust · Reimbursement Gap · NuBank · Easy Credit Economics

Here is the part that users rarely understand: when a fintech gives you a credit card with minimal verification, a wallet with instant activation, or a buy-now-pay-later product with no underwriting friction — that generosity is not philanthropy. It is a calculated bet on your behavior at scale, partially subsidized by venture capital. The fraud losses that result from that approach are built into the unit economics as a cost of acquisition. When the fraud exceeds the model's assumptions, it becomes a solvency question disguised as a risk management one.

NuBank — the largest neobank in Latin America with over 100 million customers — reported a credit loss provision of US$1.4 billion in 2023, driven in part by aggressive expansion into riskier credit segments. Its cost of risk reached 6.1% of its portfolio. Nu Mexico does not break out local fraud and credit loss data. The 1.4% reimbursement rate CONDUSEF documented for all Mexican financial institutions means that when something goes wrong — when the account is taken over, when the transaction is fraudulent — the customer absorbs 98.6% of the cost. That is not a fraud prevention strategy. It is a cost transfer strategy. The platforms that will win long-term are the ones that invert that ratio — not because regulators force them to, but because trust is the only asset in financial services that cannot be rebuilt quickly once it's gone.

The user who gets defrauded and isn't reimbursed does not become a churned customer in the platform's analytics. They become an active detractor, a regulatory complaint, and eventually a data point in the investigation that the fintech's compliance team will wish they had addressed operationally, not reactively.

Angle 3: The technical debt trap — AI as experiment, not architecture

AI Misuse · Fraud Detection · Siloed Systems · Model Drift

The financial sector now represents 27% of all data breaches globally — the highest of any industry, up from 19% in 2022. Fintech breaches average US$5.9 million per incident. Crypto platforms lost over $7 billion to hacks between 2022 and 2024 alone. And 41.8% of fintech breaches originate from third-party vendors — the APIs, the payment processors, the KYC providers — not from the fintech's core system directly.

The response most platforms have is to add an AI fraud detection tool. Sometimes several. Each one trained on different data, monitoring different signals, producing alerts that no one has a process to act on systematically. That is not a fraud architecture. That is a fraud archaeology project — discovering what happened after the fact, at cost. Real fraud detection runs in real time, on clean data, with a model that is continuously updated on new fraud patterns, with a decision engine that can act — block, flag, escalate — in the time between transaction initiation and settlement. Deloitte's Center for Financial Services estimated that by 2027, advances in generative AI will cost banks an estimated $40 billion in AI-driven fraud. That number reflects what happens when attackers have access to the same tools as defenders, but defenders haven't built the architecture to use those tools operationally.

The platform that added a fraud AI model on top of fragmented identity data, inconsistent transaction schemas, and an operations team that doesn't have a defined process for acting on model outputs is not more protected. It has more expensive dashboards and the same gaps.

Angle 4: The capital trap — what happens when the subsidy ends

Venture Capital · Apalancamiento · Burn Rate · Profitability Reckoning

Mexico's fintech sector attracted US$865 million in venture capital in 2024 — representing 74% of all VC deployed in Mexico that year. That concentration is both a signal of confidence and a structural risk. When the capital that subsidizes customer acquisition, absorbs fraud losses, and funds the "path to profitability" deck at slide 18 becomes more selective — as it already has globally, with total fintech investment hitting a seven-year low of $95.6 billion in 2024 — the math of fintech economics becomes merciless.

Global Authorized Push Payment (APP) fraud — where users are manipulated into approving fraudulent transactions — is projected to surge from US$150 billion in 2017 to US$250 trillion by 2027 according to LSEG. APP fraud is particularly dangerous for fintechs because it targets the user, not the platform's systems. The user approves the transaction. The platform has no technical obligation to reimburse. The loss appears in the user's account, not the platform's fraud ledger. That is the fraud that will most efficiently extract value from fintechs that built acquisition machines but not operational defense systems — because when it scales, it scales silently, through user behavior, not system breach.

$250TAPP Fraud volumes projected by 2027 — surging from $150T in 2017. The fastest-growing attack vector in digital paymentsLSEG · Fintechmagazine

$40Bestimated losses banks will face by 2027 from GenAI-enabled fraud — attackers using the same tools as defendersDeloitte Center for Financial Services

41.8%of fintech breaches originate from third-party vendors — APIs, KYC providers, payment processorsSecurityScorecard 2025

86%of banks surveyed are investing in new technology to combat fraud — but investment alone doesn't equal architectureComplyAdvantage · Fintechmagazine

90%reduction in phishing losses achievable with new adaptive technology — when it's properly implementedVisa · Fintechmagazine

The fintech that treats fraud prevention as a compliance checkbox and AI as a marketing feature is not building a financial institution. It is building a growing liability with a beautiful interface. The ones that will still be operating at scale in 2030 are building the operational and technical infrastructure now — while they still have the capital to do it deliberately rather than the urgency to do it reactively.

The opportunity that the fraud conversation obscures

Here is what gets lost in the fraud narrative: the opportunity side of these numbers is enormous. Visa's data shows that adaptive technology can reduce phishing losses by up to 90%. The WEF survey found that fintechs using AI effectively reported 74% higher profitability and 75% reduced costs. The 86% of banks investing in new fraud prevention technology are not doing so reluctantly — they're doing it because the ROI on well-implemented fraud architecture is among the highest in the entire technology investment portfolio.

Fintechs currently hold just 3% of the global banking and insurance revenue pool in a $13 trillion market. Mexico's payments and remittances segment is projected to grow 76% by 2027. Digital payments grew from 29% to 46% of Mexican adults in five years. The unbanked population — 23% of Mexican adults — represents an addressable market that no traditional bank has served effectively. That opportunity is real, accessible, and not going away.

But capturing it requires something the first era of fintech consistently underinvested in: the operational trust that comes from protecting customers at the level the product promises. A fintech that tells users their money is safe, processes their transactions instantly, and reimbursed 1.4% of fraud losses has a trust gap that compounds over time. The users who stay despite that experience are the ones with no better option. The users who leave are the ones with choice. And the market that the fintech is trying to expand into — lower-income adults, the informally employed, small businesses — are precisely the users most likely to never return after one bad experience.

"Most fintechs today are user acquisition machines financed by capital, trying to become profitable financial institutions afterward. That 'afterward' is where most of them fail — especially when they are just burning money and calling fraud losses 'cost of growth.'"— Jorge Mercado · #JMCoach · CNBV-regulated fintech executive

What the architecture of a trustworthy fintech actually looks like

This is where the conversation has to become concrete. Saying "invest in fraud prevention" or "use AI responsibly" is not advice — it's a caption. The specific things that separate a fintech with a fraud architecture from a fintech with fraud awareness are operational decisions, not technology purchases.

Real-time decision intelligence — not retrospective dashboards

Fraud Detection · Decision Engine · Real-Time · Not Batch

Fraud happens in milliseconds. The transaction is initiated, the authorization is requested, the settlement occurs — and if the fraud detection ran a batch job overnight, the money is already gone. A real fraud architecture makes decisions in the authorization gap: between transaction initiation and settlement, the model evaluates the transaction against behavioral signals, device fingerprints, velocity patterns, geographic anomalies and account history, and it acts — approves, blocks, or flags for step-up authentication — before the transaction completes. That requires clean data flowing from every touchpoint in real time, a model that is continuously retrained on the platform's actual fraud patterns (not generic benchmarks), and a decision engine with defined escalation paths that the operations team actually follows. It is not a product. It is a process that a product enables.

Predictive risk — not reactive rules

Risk Operations · Predictive Models · Credit + Fraud + Compliance

Rules-based fraud detection fails against novel attack patterns by definition: it can only block what it has seen before. The 156% year-over-year growth in fintech fraud rates and the 324% increase in account takeovers in Mexico are evidence that attackers are operating faster than rules can be written. Predictive models that learn from behavioral signals — how a user typically navigates the app, how long they spend on each screen, what devices they use, from where, at what times — can detect account takeovers and social engineering attacks before a transaction is even initiated. BioCatch, which documented Mexico's ATO explosion, builds exactly this type of behavioral biometrics. The architecture principle is simple: model the normal so precisely that the abnormal is immediately visible, even when the abnormal is technically within the user's own account credentials.

AI with a defined role — not AI as a silo experiment

AI Application · Process-First · Governance · Not a Dashboard Project

The WEF survey of 240 fintech firms found that among those using AI effectively, 83% reported improved customer experience and 74% reported higher profitability. The key word is "effectively." In practice, the fintechs that got those results deployed AI on top of defined processes, clean data, and clear ownership of the model's outputs. The ones that got the opposite results deployed AI as a standalone capability — a model that generates alerts no one acts on, a scoring system that isn't connected to the authorization decision, a recommendation engine that runs on stale data and produces personalization that's six months behind the customer's actual behavior. AI in fintech is not a product category. It is a force multiplier for the operational quality that already exists. If the operations are fragmented, AI fragments them faster. If the operations are coherent, AI scales them exponentially.

Security from the first line of code — not the last layer of defense

Security by Design · Third-Party Risk · API Governance

With 41.8% of fintech breaches originating from third-party vendors, the security perimeter of a fintech is not its own systems — it is every API it calls, every SDK it embeds, every data processor it contracts. A security architecture that is designed from the start — with vendor risk assessment, API governance, data classification, access control by role and by data sensitivity, and continuous monitoring of all integration points — costs dramatically less than a security response after a breach. The IBM Cost of a Data Breach Report 2025 documented that organizations with extensive AI in security operations shortened breach times by 80 days and reduced average breach costs by $1.9 million. That number is available to fintechs that build the architecture. It is unavailable to fintechs that add security tools on top of an architecture that was never designed with security as a principle.

The fintech built securely from the start does not look different from the outside. The difference is entirely internal: in how decisions are made, how data flows, how models are governed, and how the team responds when something goes wrong. That internal difference is what separates a €460 million fraud loss (UK, 2023) from a 90% reduction in phishing losses (Visa, adaptive technology). Same threat. Different architecture.

The four questions that define whether a fintech has an architecture or just tools

Can you tell me, in real time, what your current fraud rate is by product, channel and customer segment? Not last month's number from the analytics team — the number right now, as transactions are being processed. If retrieving that requires a data pull, the fraud architecture is not operational.

When a fraud event occurs, what is the defined process from detection to resolution — including who contacts the customer, within what timeframe, and what the reimbursement criteria are? If the answer varies by which team member is on shift, it is a culture, not a process.

How does your fraud model learn from new attack patterns? Not "we update it periodically" — specifically, who owns model retraining, on what schedule, triggered by what criteria, reviewed by whom. If no one has a complete answer, the model is drifting.

What percentage of your fraud detection triggers are acted on within the authorization window — before settlement? For most fintechs, the honest answer to this question reveals that most of their fraud detection is retrospective, not preventive. That's where the $760 million in Mexico goes.

The fintech fraud problem is not a technology problem. The technology to solve it exists, is commercially available, and is documented to work. Visa's 90% phishing loss reduction is real. AI-driven behavioral biometrics that detect account takeovers before the first unauthorized transaction is real. Real-time decision engines that run in the authorization gap are real. They are not being used at scale in Mexico's fintech market because building them requires something that does not appear in a growth deck: operational discipline, process clarity, and the willingness to invest in the infrastructure before it is urgently needed.

The fintechs that build that infrastructure now — while they have capital, while the regulatory pressure is building but not yet acute, while the trust gap is recoverable — will be the ones that capture the actual fintech opportunity. The $13 trillion banking and insurance market. The 23% of unbanked Mexican adults. The $66 billion annual remittance corridor. The 76% growth in payments and remittances projected through 2027.

That opportunity does not go to the fastest grower. It goes to the platform that users trust with their money when something goes wrong — and that gets them their money back.

Sources: CONDUSEF Mexico 2024–2025 · BioCatch / Mexico Business News April 2026 · Sumsub Fraud Intelligence Report 2024 · Fintechmagazine.com July 2025 (ComplyAdvantage, NVIDIA, UK Finance, Visa, Mastercard, LSEG data) · Alloy State of Fraud Benchmark Report 2024–2025 · SecurityScorecard 2025 · Deloitte Center for Financial Services 2024 · IBM Cost of a Data Breach Report 2025 · WEF "Future of Global Fintech" 2025 (Cambridge Centre for Alternative Finance) · BCG / QED Investors 2025 · Finnovista Fintech Radar Mexico 2024 · Mobile Time Latinoamérica 2026 (Jumio / Samer Atassi) · FTC Consumer Fraud Report 2024 · Kroll 2024 Financial Sector Breach Report · NuBank Annual Report 2023 · CNBV · BNamericas CONDUSEF data.

Jorge Mercado · #JMCoach
Certified Professional Coach · CTO · Enterprise Architecture · C-Level
CNBV-regulated fintech · PCI-DSS · KYC · Face-ID · AWS Bedrock + Anthropic + MCP in production
Fraud architecture · Real-time risk · AI in financial services · Regulated sectors Mexico & LATAM

twitter.com/JormerMx  ·  linkedin.com/in/mxjormer  ·  jmcoach-mx.blogspot.com

Iot running today!

 

IoT Is Not the Future.
It's the Infrastructure
That's Already Running.

In 2018 we asked what IoT could become. In 2026 the answer is everywhere — on the factory floor, in the hospital room, along the pipeline, in the field, and through the city grid. The question now is whether your organization knows how to use it.

JM

JMCoach · #TheHowMaker

 

The physical world is now the data layer. Every sensor, every device, every connected asset is already generating the signal. The gap is in reading it correctly — and acting on it faster than the competition.

Back in 2018, writing about the Internet of Things felt like describing a promising horizon. The potential was clear: billions of objects generating continuous data streams, revealing patterns invisible to human observation, creating entirely new categories of business intelligence. The anchors were also clear — bandwidth, storage, processing power, security, and the stubborn difficulty of connecting old infrastructure to new protocols.

Eight years later, most of those anchors have been cut. Not all the way — complexity remains, and anyone who tells you IoT deployment is simple is selling you the part that isn't the hard part. But the structural picture has changed fundamentally. The question in 2026 is not whether IoT works. It is whether your organization has the architecture, the data strategy, the cloud backbone, and the business knowledge to extract value from the infrastructure that is already running.

The Numbers Have Caught Up With the Vision

Let's start with the scale, because it matters for understanding what kind of problem this is now.

21.1B

connected IoT devices globally by end of 2025 — up 14% year over year

IoT Analytics · State of IoT 2025

39B

projected connected devices by 2030 at 13.2% CAGR — AI cited as primary growth driver

IoT Analytics · 2025

$1.35T

global IoT market size in 2025 — growing to $2.72 trillion by 2030 at 15% CAGR

Mordor Intelligence · 2025

79.4 ZB

of data generated by IoT devices in 2025 alone — one zettabyte equals one trillion gigabytes

IDC Global DataSphere IoT Forecast · 2025

$498B

Industrial IoT market projected by 2030 — manufacturing, energy, logistics as top verticals

Statista Industrial IoT Forecast · 2025

3 in 4

active devices worldwide are now IoT-enabled — surpassing non-IoT devices since 2020

DemandSage · IoT Statistics 2026

These are not aspirational projections from technology optimists. They are tracked actuals and near-term forecasts from analysts counting active connections, chipset shipments, and enterprise spending quarter by quarter. The market that in 2018 was still largely conceptual for most organizations is now the infrastructure layer underneath the AI systems everyone is building.

That last sentence is the critical one. Artificial intelligence does not generate its own input. It operates on data — and the most valuable, continuous, real-time data about physical operations in the real world comes from IoT sensors. The two technologies are not competing for budget. They are the same infrastructure investment viewed from two ends. IoT is the data collection layer. AI is the reasoning layer. Multi-cloud is the processing and storage layer that ties them together. Miss any one of the three and the other two underperform badly.

IoT generates the data. AI reasons about it. Multi-cloud processes, stores, and distributes it — across geographies, regulatory jurisdictions, and performance requirements simultaneously.

Why Multi-Cloud Is Not Optional Anymore

In the early days of IoT deployment, the cloud architecture question was simple: pick a provider, deploy your message broker, connect your devices, store your data. AWS, Azure, or GCP — the infrastructure decision was largely a technology preference and a vendor relationship.

That simplicity is gone. Real IoT deployments at enterprise scale now face requirements that no single cloud provider can fully satisfy simultaneously: regulatory data residency mandates that require certain data to stay in a specific geography; latency requirements that push processing to the edge; cost optimization that routes different workloads to different providers based on unit economics; and disaster recovery requirements that mean no single provider's availability zone failure should take down an operational industrial system.

The right multi-cloud IoT architecture is not the one that uses the most providers. It is the one that assigns each workload to the platform where it performs best — and integrates them so seamlessly that the seams are invisible to the application layer.

In practice this means an IoT platform might collect and pre-process sensor data at the edge with AWS Greengrass or Azure IoT Edge, route time-series data to a specialized store, run ML inference on NVIDIA accelerated cloud infrastructure, store cold historical data in the lowest-cost object store available, and expose clean APIs through a managed gateway on whichever provider the existing enterprise systems already integrate with. Each decision is a business decision as much as a technical one — driven by cost, latency, compliance, and team capability. The organizations that get this right had someone who could hold all four variables simultaneously.

The Real Competitive Edge: Business Knowledge in the Loop

Here is what the technology narrative around IoT consistently underweights. The sensors are cheap. The connectivity is commoditized. The cloud platforms are mature. The AI models are capable. None of those facts are the differentiator anymore.

The differentiator is whether the person designing the IoT solution understands the business process it is meant to improve — deeply enough to know which signals matter and which ones are noise, which latency threshold separates actionable from useless, which data point needs to be on a real-time dashboard and which one belongs in a monthly operational report. A vibration sensor on a motor generates enormous amounts of data. Most of it is irrelevant. Knowing which pattern predicts a failure mode twelve hours before it happens — and integrating that prediction into the actual maintenance workflow — requires knowing how maintenance operations work, not just how Kafka topics work.

This is where domain knowledge becomes the multiplier on technology investment. The same IoT infrastructure that produces modest efficiency gains in one organization produces transformational results in another, because someone in the second organization understood the business process well enough to point the sensors at the right thing and connect the output to the right decision.

The data has always been there. What changes is the quality of the question you ask it — and that question comes from business knowledge, not from technology.

Where It's Working: Sector by Sector

The convergence of IoT, AI, and multi-cloud is not uniform across industries. In some sectors value creation is already mature and measurable. In others it is still in early deployment. Here is an honest picture of where things stand in 2026.

Manufacturing & Industry 4.0

The most mature IoT sector. Predictive maintenance — using vibration, temperature, and acoustic sensors to predict equipment failure before it occurs — is proven technology with documented ROI. Process automation leads all IoT use cases globally with 58% enterprise adoption. Smart factories connect production lines, quality control, energy consumption, and supply chain in a single operational data layer. The challenge in 2026 is no longer whether it works — it is how to migrate legacy equipment into connected systems without stopping the line.

Healthcare & Clinical

The Internet of Medical Things (IoMT) is moving from hospital infrastructure monitoring into continuous patient care. Remote monitoring for chronic conditions — diabetes, hypertension, cardiovascular risk — generates data streams that AI analyzes to detect deterioration before it becomes an emergency. Over 70% of healthcare executives globally identified IoT-enabled operational efficiency as their top strategic priority for the next three years (Deloitte 2025). Mexico's 2025 approval of clinical AI software as a Class II medical device signals the regulatory framework is adapting to the technology.

Energy & Oil and Gas

IoT in energy operates at the intersection of physical safety and commercial optimization. Pipeline sensors, wellhead monitors, pressure and flow meters, and environmental compliance sensors generate the data that keeps operations safe and regulators satisfied. Smart grids use IoT to track real-time consumption and load balance across distribution networks. In oil and gas, the combination of edge processing — because you cannot send raw sensor data from a deepwater platform via satellite for every micro-decision — and multi-cloud analytics for fleet-level pattern recognition is where the architecture gets interesting and the business case becomes compelling.

Agriculture & Food Safety

The fastest-growing IoT end-use vertical, with a projected 19.2% CAGR through 2030 (Mordor Intelligence). Soil moisture sensors, weather stations, drone-integrated monitoring, and satellite data feeds are converging into precision farming platforms that optimize irrigation, fertilization, and harvest timing with granularity that was economically impossible a decade ago. In regulated food production, IoT-enabled traceability from field sensor to cold chain to distribution point is becoming a commercial requirement, not just a compliance one.

Government & Smart Cities

Smart city deployments — traffic sensors, water infrastructure monitoring, waste management, public safety systems — represent the largest government IoT investments. The complexity here is governance, not technology: data sovereignty, inter-institutional integration, procurement rules, and the challenge of connecting systems built by different agencies over different decades. Results in this space require combining technology knowledge with deep familiarity with how public sector procurement, compliance, and operations actually work — not just how the sensors talk to each other.

Hospitality & Retail

In hospitality, IoT is reshaping both the guest experience and the operational backend. Energy management systems that adjust climate and lighting based on occupancy sensors. Preventive maintenance for mechanical and HVAC systems. Asset tracking for housekeeping logistics. Guest-facing devices that personalize room environments. The integration challenge — connecting PMS, POS, IoT sensors, and mobile apps into a coherent operational picture — is exactly the kind of cross-functional architecture problem that requires business process understanding and technology depth in the same person.

Logistics & Supply Chain

Real-time cargo tracking, cold chain monitoring for pharmaceuticals and food, predictive fleet maintenance, warehouse automation — logistics was one of the earliest IoT adopters and remains one of the highest-ROI environments. AI-driven demand forecasting layered on IoT-generated inventory data is producing measurable reductions in stockouts and overstock simultaneously. The technology is proven. The challenge is integration into legacy ERP and WMS systems that were not designed with real-time sensor data in mind.

The warehouse is one of the highest-ROI environments for IoT deployment — real-time inventory visibility, predictive maintenance, and autonomous routing have documented payback periods under eighteen months in most mature deployments.

The Architecture Principles That Actually Hold

After building IoT-connected systems across multiple sectors, regulated environments, and cloud platforms, certain design principles have proven themselves consistently. They are not framework religion — they are earned observations.

Edge before cloud. Not all data should travel. The sensor generating 10,000 readings per second does not need to send all 10,000 to the cloud. It needs to detect the anomaly at the edge, send the alert, and archive the compressed summary. Edge computing reduces latency for time-critical decisions and dramatically cuts cloud ingestion costs for high-frequency sensors.

Security by design, not by retrofit. IoT devices are persistent attack surfaces. A connected sensor on a production line or a medical device on a clinical network with a default password and no update mechanism is a liability that grows over time. Zero-trust device authentication, encrypted communication, over-the-air update capability, and network segmentation must be designed in — before the first device ships, not after the first incident.

Data governance from day one. The IoT data layer generates enormous volumes of heterogeneous data from devices of varying reliability. Without governance — data quality rules, master data management for device identity, lineage tracking, and retention policies — the data lake becomes a data swamp within eighteen months. The AI models trained on that data inherit the quality problems.

Business process integration or nothing. An IoT dashboard that no one acts on is expensive decoration. The value of IoT data is realized when the insight it generates is integrated into a business process that a human or an automated system responds to. That means designing the alerting logic, the escalation workflow, the maintenance ticket creation, and the regulatory report generation as part of the deployment — not as a future phase.

The multi-cloud IoT architecture is not a diagram exercise. It is a set of binding decisions about where data lives, where it is processed, and how it flows — decisions that carry regulatory, financial, and operational consequences for years.

What Changed Since 2018 — And What Didn't

The original 2018 article noted that regulations would be either the catapult or the anchor for IoT's development. Eight years later that observation has aged well — but the balance has shifted. In most sectors and most markets, regulation has become a catapult. Data residency requirements are driving multi-cloud architectures that are actually better engineered. Healthcare regulations are forcing clinical-grade rigor into medical IoT deployments that makes them more trustworthy. Environmental regulations in energy are creating mandatory IoT monitoring requirements that fund deployments which then generate additional operational value beyond compliance.

What hasn't changed is the paradox noted in 2018: we are accumulating more data than ever, and the ratio of useful insight to raw data volume has not kept pace. The 79 zettabytes are real. The quality of the questions being asked of that data is still the limiting factor. That is a business knowledge problem, not a technology problem. And it remains the primary reason IoT investments underperform their potential in organizations where technology leadership and business leadership are not having the same conversation.

"Human beings evolve when they realize they are human." The technology is only as powerful as the human process it serves — and only as good as the business knowledge of the person who designed how the two connect.

The organizations winning with IoT in 2026 are not the ones with the most sensors. They are the ones whose technology leadership and business leadership are solving the same problem together.

If your organization has IoT data that isn't generating the business value it should — or is planning a deployment and wants to build it correctly the first time — the conversation is worth having.

The How Maker · #JMCoach
IoT Architecture · AI & Data Platforms · Multi-Cloud Strategy · Industrial IoT · Healthcare Tech · Energy & Hydrocarbons · Smart Operations · Regulated Environments · Executive & Board Advisory

mxjormer@gmail.com  ·  linkedin.com/in/mxjormer  ·  jmcoach-mx.blogspot.com  ·  @JormerMx