Fraud-as-a-Service: Inside the Dark Web's Booming Business Model
Fraud-as-a-Service is a cybercrime business model where an individual bad actor provides the necessary tools and services to other bad actors in order to make their fraudulent online activity easier. FaaS schemes are almost indistinguishable from how normal, level businesses - constantly optimising their return on investment through scalable tactics.
Some of the key elements of FaaS include:
- Commodification of Cybercrime: FaaS transforms traditional hacking and fraud methods into services that can be easily purchased or subscribed to; similar to legitimate SaaS (Software-as-a-Service) offerings. FaaS offers a wide range of tactics and personal information that can be used by cybercriminals to commit fraudulent activities.
- Accessibility: FaaS lowers the entry barrier for engaging in cybercrime by providing user-friendly interfaces, tutorials, and customer support. This enables fraudsters of any skill level to successfully commit fraud by purchasing prepackaged scams.
- Diversity of Services: FaaS is not limited to a single tactic, and can facilitate a multitude of different fraudulent attacks. These platforms offer a wide range of services, including but not limited to the tools to commit credit card fraud, identity theft, and DDoS (Distributed Denial of Service) attacks. High-end FaaS providers will offer custom-built tools which are tailored towards a client’s specific needs, often focusing on high-value targets.
Typical FaaS Business Structure
Source: Juniper Research
While it's relatively easy in an online world to attempt a single act of eCommerce fraud anonymously, creating a fraud operation large enough to make it worth the risk requires time, money, and technological expertise. FaaS providers operate beyond the scope of conventional search engines, existing on the dark web which requires specific software for which to gain access. This part of the internet houses illicit forums and marketplaces where FaaS providers can advertise and sell their services to novice fraudsters. This is also accompanied by customer support and user reviews; ensuring customer satisfaction and illustrating how these FaaS schemes operate much like a legitimate business.
What Tools Do FaaS Providers Use?
FaaS providers utilise a vast array of different tools to create their prepackaged schemes and will even rent out the use of these tools to other fraudsters. Some common FaaS tools include:
- App Cloners allow for multiple instances of the same app to be created on the same device and change its source code to enable relevant features. This allows for the bypass of security features that detect multiple account creation.
- Image Injection allows for the inserting of doctored/fraudulent images to spoof verification processes designed to identify new users. This can also be used to submit fraudulent proofs of purchase or delivery confirmations.
- Emulators simulate different devices and environments; helping to mimic legitimate device activity at scale, avoiding detection.
- Application Tampering Techniques enable individuals to change certain information that is collected from them on an application. For instance, things such as location spoofing can be used to manipulate the geographical location of a device to evade services that rely on location data.
- Botnets leverage up to thousands of infected computers to conduct DDoS attacks or leverage clicks on ads that are placed on fraudulent websites for example.
Tools such as the aforementioned are used to enable fraud attacks such as ATO (Account Takeover) fraud, refund fraud, online payment fraud, and synthetic identity fraud. They are either used by the FaaS provider to create fraud packages to sell, or are rented out to individual fraudsters on a subscription basis.
Furthermore, FaaS providers may have access to stolen payment card information, healthcare records, or social media accounts. They can use this data to create fake users, which are then sold or rented to subscribers, or they simply sell the raw data to fraudsters to create their own fake accounts. FaaS has democratised online financial crime for fraudsters that do not possess the necessary technical knowledge and has made committing fraud more accessible than ever before.
How Much of a Threat Does FaaS Pose to Businesses?
The FaaS model is akin to the SaaS (Software-as-a-Service) model, meaning that fraudulent information and tools are easily accessible to dark web users. By lowering this barrier for entry, businesses are at an increased risk of fraud attacks. This, in addition to the employment of artificial intelligence and machine learning amongst fraudulent methods, has resulted in bad actors being able to focus on the rapid execution of attacks.
The financial damage caused by FaaS-supported attacks can be devastating, and further potential revenue can be lost through consumer trust in the business being spoilt. In order to defend against FaaS tactics effectively, proactive fraud prevention strategies are essential. Things such as velocity checks, which analyse the rate at which users are completing transactions, and geolocation, which monitors the location from which a user is attempting their transaction, can help to accurately determine whether a user’s behaviour is illegitimate or not. App tampering and device emulation are also metrics that merchants can analyse in order to halt attacks with greater accuracy.
Therefore, it is possible for merchants to defend against the threats that FaaS poses, but it is imperative that the fraud prevention strategies they employ continually evolve in order to keep pace with the emerging threats that FaaS enables.
Latest research, whitepapers & press releases
-
ReportSeptember 2025Telecoms & Connectivity
A2P & Business Messaging Market: 2025-2030
Our extensive A2P & Business Messaging research suite comprises detailed analysis of a market undergoing rapid evolution. It provides guidance to mobile operators on how to navigate this shift and grow revenue from business messaging in the future.
VIEW -
ReportAugust 2025Fintech & Payments
Fraud Detection & Prevention in Banking Market: 2025-2030
Our Fraud Detection and Prevention in Banking research suite provides a comprehensive and in-depth analysis of the types of fraud, and methods that can be used to overcome them. This enables stakeholders such as banks, financial institutions, and fintechs to understand future growth, key trends and the competitive environment.
VIEW -
ReportAugust 2025Sustainability & Smart Cities
Smart Buildings Market: 2025-2030
Our Smart Buildings research suite provides in-depth analysis and evaluation of how hardware and software service providers are reimagining smart building solutions as living ecosystems, using Internet of Things (IoT) and AI.
VIEW -
ReportAugust 2025Telecoms & Connectivity
Network APIs Market: 2025-2030
Our Network API research suite provides operators, CPaaS providers, and other GSMA channel partners with extensive analysis and actionable insights into the rapidly growing network API market. It contains data that allows stakeholders in the market to make informed decisions on their product development and business strategies in the network API market.
VIEW -
ReportJuly 2025Fintech & Payments
B2B Payments Market: 2025-2030
Juniper Research’s B2B Payments research suite provides a comprehensive and insightful analysis of this market; enabling stakeholders from B2B payment platform providers to regulators and banks, to understand future growth, key trends and the competitive environment.
VIEW -
ReportJuly 2025Fintech & Payments
Subscription Economy Market: 2025-2030
Juniper Research’s Subscription Economy research suite provides a comprehensive and insightful analysis of this progressing market, enabling stakeholders, from subscription management providers to regulators and subscription providers, to understand future growth, key trends and the competitive environment.
VIEW
-
WhitepaperAugust 2025Fintech & Payments
Synthetic Identity Fraud: The Lurking Threat to Modern Banking
Our complimentary whitepaper, Synthetic Identity Fraud: The Lurking Threat to Modern Banking, examines the current fraud landscape; explaining the role of key actors in the fraud prevention landscape, and recent developments within the fraud prevention industry.
VIEW -
WhitepaperAugust 2025Sustainability & Smart Cities
Foundations of Smart Buildings: AI, IoT & Energy Efficiency
Our complimentary whitepaper, Foundations of Smart Buildings: AI, IoT & Energy Efficiency, evaluates the main technical components of smart building architecture; being the key objectives and challenges for their acquirement and deployment in the market, as it currently stands.
VIEW -
WhitepaperAugust 2025Telecoms & Connectivity
How Operators Can Unlock the $8 billion Network API Opportunity
Our complimentary whitepaper, How Operators Can Unlock the $8 billion Network API Opportunity, explores how operators can capitalise on the opportunities in the network API market, both now and in the future.
VIEW -
WhitepaperJuly 2025Fintech & Payments
Breaking the Innovation Logjam in B2B Payments
Our complimentary whitepaper, Breaking the Innovation Logjam in B2B Payments, assesses the key areas where B2B payments are being modernised, the key trends driving change, and the main challenges to further development.
VIEW -
WhitepaperJuly 2025Fintech & Payments
Subscribed for Success: Navigating the Future of the Subscription Economy
Our complimentary whitepaper, Subscribed for Success: Navigating the Future of the Subscription Economy, assesses the future of the subscription economy market; examining key drivers such as AI, regulations, and sustainability goals.
VIEW -
WhitepaperJune 2025Telecoms & Connectivity
Roaming Tech Horizon 2025
Download your copy of the Roaming Tech Horizon, and discover which roaming technologies are set to soar; so you can focus on the innovations with staying power, not just hype.
VIEW
-
Telecoms & Connectivity
Cellular IoT Connectivity Revenue to Exceed $30 Billion Globally in 2030
August 2025 -
Sustainability & Smart Cities
eScooter Spend to Surpass $7 Billion Globally by 2030, as Rider Freedom Spurs Growth
August 2025 -
Telecoms & Connectivity
Branded Calling to Verify 90 Billion Calls Globally by 2029, as Unified Verification Frameworks Boost Subscriber Protection
August 2025 -
Fintech & Payments
Fraud to Cost Financial Institutions $58.3 Billion by 2030 Globally, as Synthetic Identities Threaten Fraud Tidal Wave
August 2025 -
Sustainability & Smart Cities
Industrial Smart Buildings: Energy Wastage and Bespoke Vertical Solutions to Drive 525% Surge in Deployments by 2030
August 2025 -
Telecoms & Connectivity
Network API Revenue to Exceed $8 Billion by 2030 Globally, as KYC Identified as the Next Major Opportunity
August 2025