What Is Fraud as a Service?
Fraud as a service is the name given to fraudsters who sell their tools, services, and expertise on the dark web in order to carry out fraud on behalf of paying clients. Entire organizations focused on fraud have been built around this model. They use professional operations that focus on service efficiency, client acquisition, monetization, product development, and so on, just as legitimate businesses do.
The concept of software as a service (SaaS) continues to boom, especially in the US. Unfortunately, fraudsters are also now selling their services, resulting in the growth of fraud as a service, as well as a huge range of other types of service businesses.
How Does Fraud as a Service Work?
Fraud as a service (FaaS) works as many other business models do – it provides clients with services that they cannot perform themselves. The particular mix of tools and services varies between different FaaS providers. One might offer phishing and hacking services, for example, while another launches botnet attacks.
The presence of such services means that cybercriminals, or simply criminals in general, don’t need to go through the time and trouble of learning how to carry out certain actions themselves when conducting illegal activities. They can simply use the fraudsters’ services instead – for a cost.
FaaS businesses range from small enterprises to large networks engaging customers through free trials and introductory offers, delivering training services, developing new products, providing customer care, and more.
Learn how SEON’s powerful fraud detection software can help your business detect and prevent fraud.
Learn More
What Fraud Methods Are FaaS Providers Using?
Fraud as a service providers use a range of methods to support their clients to commit crimes. Some of the most common include:
Online payment fraud | Payment fraud is when a fraudster uses stolen credit card details and personal information to carry out online transactions without the cardholder’s consent. A criminal who wants to carry out online payment fraud can do so by purchasing stolen credit card numbers and other details from a fraud as a service business. |
Account takeover | An account takeover is when someone logs into and uses an account that isn’t theirs. It can be done to impersonate the account owner, access sensitive personal information, conduct CEO fraud, and more. Instances of account takeover fraud are increasing, with estimates suggesting that 22% of adults in the US have fallen victim to it, with average losses in the region of $12,000 per case. Cybercriminals who don’t want to hack into accounts to take them over themselves can pay FaaS providers to do it for them. |
Refund fraud | The term refund fraud encompasses a range of activities, such as requesting refunds without returning goods or requesting refunds at the same time as requesting chargebacks. It can include innocent or accidental refund requests, opportunistic refund fraud, and malicious friendly fraud, which FaaS providers are happy to carry out for their clients. |
Account farming | Account farming is when fraudsters build up and maintain banks of online accounts, for example for webmail services or social media sites. FaaS providers use automated tooling and processes to do so at scale, resulting in a bank of active, trusted accounts that they can sell to clients. |
How Serious Is Fraud as a Service?
The threat of fraud as a service is growing. Just as the software as a service market is booming, with a projected CAGR of 19.7% between 2022 and 2029 according to Fortune Business Insights, so too is the FaaS market. This presents a significant problem for businesses.
Financial criminals, owing to the ever-growing range of illicit services available to them, are increasingly being equipped to both commit and pay for fraud.
This is reflected in global fraud statistics. Juniper Research reports that ecommerce fraud cost organizations a global total of $41.4 billion in 2022 alone. Other types of fraud have followed similar upward trajectories, with fraud as a service feeding increased criminality around the world.
How to Protect Against Fraud as a Service
Businesses can guard against FaaS criminals by using an end-to-end anti-fraud solution that includes:
- Know Your Customer (KYC) and Know Your Business (KYB) checks
- bespoke risk scores and rules
- behavior analytics
- digital and social media lookup as part of in-depth background checks
- email, phone, and IP analysis
- device fingerprinting
Businesses must also remember the importance of the people element when guarding against fraud. A staff team that has been trained to recognize spear-phishing attacks, for example, can provide a robust line of defense against fraud.