Fraud as a Service (FaaS)
Fraud as a Service (FaaS) refers to situations in which a bad actor or larger fraud ring allows others to hire them to commit fraudulent activity for the purpose of making money or causing harm. The term can also be used when an individual purchases tools, code, or software from a bad actor to carry out fraud themselves. It is, in essence, a third-party business model where the product is the fraud itself.
Frequently asked questions
How does FaaS work?
FaaS works very simply. If an individual would like to carry out a fraud attack against a specific target or to achieve a specific goal, but they do not have the experience or skill to carry out the attack themselves, they can hire one or more bad actors to commit the crime on their behalf.
The process of hiring the fraudster can vary. It can happen via word-of-mouth connections and can also be done through online communities, sometimes on the dark web.
Which types of fraud can be carried out via FaaS?
Virtually any type of fraud can be offered as FaaS. Typically it involves types of fraud which are difficult, or which require technical expertise.
Examples of what FaaS can help facilitate include:
- Distributed denial of service (DDoS) attacks
- Botnet development
- Digital heists of sensitive information (identity information, payment details, PII, etc)
- Account takeover (ATO) attacks
- Creation of synthetic identities
- Online payment fraud
- Creation of buyer/seller closed-loop accounts
The fraudsters or fraud rings offering FaaS may specialize in certain types of fraud, such as marketplace fraud, auction fraud, or money laundering, though this is not always the case.