Digital Transactions Authoritative, insightful and timely information for payments professionals
Fraud-as-a-service offerings last year made it easier than ever for criminals to perpetrate mega-fraud attacks across payment, social media, and cryptocurrency platforms, says a report from AU10TIX, a provider of identity-verification solutions.
Fraud-as-a-service refers to online marketplaces that sell the tools criminals need to perpetrate fraud, such as artificial-intelligence-based tools for generating synthetic identities.
According to the report, one of the biggest attacks in 2024 used 4,580 variations of the of the same ID template across four regions of the world—North America, Latin America, Europe Middle east and Africa, and Asia-Pacific. The Asia-Pacific region was the epicenter of the global assault, accounting for 88% of the attacks. North America was relatively unscathed, accounting for 8%.
AU10TIX tracked millions of transactions processed globally for the report.
Overall, the number of variations used per mega attack in 2024 doubled to 8,000 compared to 2023, the report says.
Still, while fraud-as-a-service has made mega attacks easier to perpetrate, one piece of good news is that identity fraud in the payment sector decreased in 2024. Identity fraud accounted for 54% of attacks in payments during the first quarter, then decreased to 52% in Q2 and 39% during Q3, before rising slightly to 43% during Q4. The decline is attributed to tougher law enforcement, the report says.
Social-media platforms were also a prime target for fraudsters, as consumers increasingly use them for e-commerce purchases. That trend has “opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms,” the report says.
Some 30% of identity-fraud attacks targeted social media in Q4, compared to a mere 3% in Q1, according to the report.
“Social media…must prioritize self-regulation and adopt advanced defenses like sharper selfie detection and consortium validation,” the report says. “These aren’t optional any more—they’re essential to protecting authenticity and credibility.”
Tools criminals can access through FaaS marketplaces include bots for mass account creation, phishing kits, which provide criminals ready-made tools for email and Web-based scams, stolen consumer data, and deepfake generators to create synthetic selfies and videos to bypass liveness tests. ID liveness compares a live facial image to the photo on a consumer’s identity document to ensure the person attempting to access the account is real.
“These tools have made large-scale fraud easier to execute, putting platforms under pressure to innovate or lose user trust,” the report says.
The answer to the increasing sophistication of fraud attacks, the report says, is to invest in more intelligent fraud-prevention and detection tools and to collaborate with organizations and individuals that have the tools and skills to uncover fraud.
“By doing so, businesses can safeguard trust and stay ahead of evolving threats,” the report concludes.
