Fraud-as-a-Service: Inside the Dark Web's Booming Business Model
Fraud-as-a-Service is a cybercrime business model where an individual bad actor provides the necessary tools and services to other bad actors in order to make their fraudulent online activity easier. FaaS schemes are almost indistinguishable from how normal, level businesses - constantly optimising their return on investment through scalable tactics.
Some of the key elements of FaaS include:
- Commodification of Cybercrime: FaaS transforms traditional hacking and fraud methods into services that can be easily purchased or subscribed to; similar to legitimate SaaS (Software-as-a-Service) offerings. FaaS offers a wide range of tactics and personal information that can be used by cybercriminals to commit fraudulent activities.
- Accessibility: FaaS lowers the entry barrier for engaging in cybercrime by providing user-friendly interfaces, tutorials, and customer support. This enables fraudsters of any skill level to successfully commit fraud by purchasing prepackaged scams.
- Diversity of Services: FaaS is not limited to a single tactic, and can facilitate a multitude of different fraudulent attacks. These platforms offer a wide range of services, including but not limited to the tools to commit credit card fraud, identity theft, and DDoS (Distributed Denial of Service) attacks. High-end FaaS providers will offer custom-built tools which are tailored towards a client’s specific needs, often focusing on high-value targets.
Typical FaaS Business Structure
Source: Juniper Research
While it's relatively easy in an online world to attempt a single act of eCommerce fraud anonymously, creating a fraud operation large enough to make it worth the risk requires time, money, and technological expertise. FaaS providers operate beyond the scope of conventional search engines, existing on the dark web which requires specific software for which to gain access. This part of the internet houses illicit forums and marketplaces where FaaS providers can advertise and sell their services to novice fraudsters. This is also accompanied by customer support and user reviews; ensuring customer satisfaction and illustrating how these FaaS schemes operate much like a legitimate business.
What Tools Do FaaS Providers Use?
FaaS providers utilise a vast array of different tools to create their prepackaged schemes and will even rent out the use of these tools to other fraudsters. Some common FaaS tools include:
- App Cloners allow for multiple instances of the same app to be created on the same device and change its source code to enable relevant features. This allows for the bypass of security features that detect multiple account creation.
- Image Injection allows for the inserting of doctored/fraudulent images to spoof verification processes designed to identify new users. This can also be used to submit fraudulent proofs of purchase or delivery confirmations.
- Emulators simulate different devices and environments; helping to mimic legitimate device activity at scale, avoiding detection.
- Application Tampering Techniques enable individuals to change certain information that is collected from them on an application. For instance, things such as location spoofing can be used to manipulate the geographical location of a device to evade services that rely on location data.
- Botnets leverage up to thousands of infected computers to conduct DDoS attacks or leverage clicks on ads that are placed on fraudulent websites for example.
Tools such as the aforementioned are used to enable fraud attacks such as ATO (Account Takeover) fraud, refund fraud, online payment fraud, and synthetic identity fraud. They are either used by the FaaS provider to create fraud packages to sell, or are rented out to individual fraudsters on a subscription basis.
Furthermore, FaaS providers may have access to stolen payment card information, healthcare records, or social media accounts. They can use this data to create fake users, which are then sold or rented to subscribers, or they simply sell the raw data to fraudsters to create their own fake accounts. FaaS has democratised online financial crime for fraudsters that do not possess the necessary technical knowledge and has made committing fraud more accessible than ever before.
How Much of a Threat Does FaaS Pose to Businesses?
The FaaS model is akin to the SaaS (Software-as-a-Service) model, meaning that fraudulent information and tools are easily accessible to dark web users. By lowering this barrier for entry, businesses are at an increased risk of fraud attacks. This, in addition to the employment of artificial intelligence and machine learning amongst fraudulent methods, has resulted in bad actors being able to focus on the rapid execution of attacks.
The financial damage caused by FaaS-supported attacks can be devastating, and further potential revenue can be lost through consumer trust in the business being spoilt. In order to defend against FaaS tactics effectively, proactive fraud prevention strategies are essential. Things such as velocity checks, which analyse the rate at which users are completing transactions, and geolocation, which monitors the location from which a user is attempting their transaction, can help to accurately determine whether a user’s behaviour is illegitimate or not. App tampering and device emulation are also metrics that merchants can analyse in order to halt attacks with greater accuracy.
Therefore, it is possible for merchants to defend against the threats that FaaS poses, but it is imperative that the fraud prevention strategies they employ continually evolve in order to keep pace with the emerging threats that FaaS enables.
Latest research, whitepapers & press releases
-
ReportOctober 2025Telecoms & Connectivity
Travel SIMs & eSIMs Market: 2025-2030
Our comprehensive Travel eSIMs research suite comprises detailed assessment of a market undergoing rapid growth. It provides insight into how travel eSIM providers can differentiate their services to maximise success in the market over the next two years.
VIEW -
ReportOctober 2025IoT & Emerging Technology
Direct to Satellite Market: 2025-2030
Juniper Research’s Direct to Satellite research suite provides satellite providers, investors, and partners, such as Mobile Network Operators, with an extensive analysis and insights into the direct to satellite market.
VIEW -
ReportSeptember 2025Fintech & Payments
Instant Payments Market: 2025-2030
Juniper Research’s Instant Payments research suite provides a wide-ranging and strategic analysis of this market; enabling stakeholders - from banks, infrastructure providers, regulators, and businesses - to understand future growth, key trends, and the competitive environment.
VIEW -
ReportSeptember 2025Fintech & Payments
Anti-money Laundering Systems Market: 2025-2030
Our AML Systems research suite provides a detailed and insightful analysis of this evolving market; enabling stakeholders from financial institutions, law enforcement agencies, regulatory bodies and technology vendors to understand future growth, key trends, and the competitive environment.
VIEW -
ReportSeptember 2025Fintech & Payments
A2A Payments Market: 2025-2030
Our A2A Payments research suite provides detailed analysis of this rapidly changing market; enabling A2A payments service providers to gain an understanding of key payment trends and challenges, potential growth opportunities, and the competitive environment.
VIEW -
ReportSeptember 2025Telecoms & Connectivity
Mobile Messaging Fraud Prevention Market: 2025-2030
Our Mobile Messaging Fraud Prevention research suite provides a detailed and insightful analysis of a market set for significant disruption over the next five years. It enables stakeholders from mobile operators, enterprises, and mobile messaging fraud prevention vendors to understand how the market for mobile messaging fraud will evolve, as well as the impact of AI, RCS, and the evolving competitive environment.
VIEW
-
WhitepaperOctober 2025IoT & Emerging Technology
Beam Me Up: The Direct to Satellite Revolution
Our complimentary whitepaper, Beam Me Up: The Direct to Satellite Revolution, evaluates the future key services that satellite providers must offer in the direct to satellite market.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
Core Banking Transformation - A Strategic Conversation with SAP Fioneer
Core banking transformation is no longer optional, as regulatory change, rising compliance costs, and shifting customer expectations make legacy systems unsustainable. Anna Koritz, Global Head of Transaction Banking at SAP Fioneer, shares how banks can overcome cultural and technical hurdles and why SAP Fioneer’s modular, cloud-ready approach enables confident modernisation.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
From Detection to Prevention: The Next Era of Anti-money Laundering
Our complimentary whitepaper, From Detection to Prevention: The Next Era of Anti-money Laundering, examines the state of the AML systems market; considering the impact that a changing regulatory environment and a growing number of use cases is having on the market. Additionally, it includes a forecast summary of the total value of the AML systems market in 2030.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
3 Key Trends Driving Instant Payments
Our complimentary whitepaper, 3 Key Trends Driving Instant Payments, assesses how key trends are driving the evolution of the instant payments market, and which challenges these resolve. Additionally, it includes a forecast summary of the global transaction values via instant payment schemes by 2029.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
Ascending-to-Ailing: The Deceleration of A2A Adoption
Our complimentary whitepaper, Ascending-to-Ailing: The Deceleration of A2A Adoption, examines the state of the A2A payments market; considering the impact of this payment method and how it is shaping the modern payments landscape through lower fees and enriched user experience.
VIEW -
WhitepaperSeptember 2025Telecoms & Connectivity
RCS Fraud: Emerging Threats in Next-gen Messaging
Our complimentary whitepaper, RCS Fraud: Emerging Threats in Next-gen Messaging, examines the future of the messaging fraud prevention market, with a particular focus on the latest trends within RCS Business Messaging (RBM). Additionally, it includes a forecast summary of the total cost of fraud over RBM to subscribers in 2030.
VIEW
-
IoT & Emerging Technology
Satellite Broadband Market to Break $20 Billion by 2030, as Satellite Constellations Disrupt Established Services
October 2025 -
Fintech & Payments
Subscription Economy to Reach $1.2 Trillion by 2030 Globally, Despite Increasing Subscription Fatigue
October 2025 -
Fintech & Payments
AML Systems Market to Surpass $75 Billion by 2030 Globally, With LexisNexis Risk Solutions, Oracle, and Experian Leading the Defence
September 2025 -
Fintech & Payments
Instant Payments to Exceed $110 Trillion by 2029 Globally, Accelerated by European Regulation & FedNow Impact
September 2025 -
Fintech & Payments
B2B Payments to Hit $224 Trillion by 2030 Globally, Driven by Emerging Market Expansion
September 2025 -
Fintech & Payments
A2A Transaction Value to Reach $195 Trillion in 2030 Globally, Driven by Advanced Value-added Services
September 2025