AU10TIX: FaaS Drives 100% Surge in Cyber Fraud Attacks

The emergence of Fraud-as-a-Service (FaaS) platforms has transformed cybercrime into an industrialised operation, according to research from identity verification provider AU10TIX. 

These platforms enable fraudsters to access deepfake generators for creating synthetic selfies and videos, phishing kits for email and web-based scams, and botnet infrastructure for credential stuffing and account takeovers.

Rise of Automated Mega-Attacks

The scale of coordinated fraud campaigns doubled in 2024, reaching an average of 8,000 unique incidents per operation. 

AU10TIX's Serial Fraud Monitor system, which tracks document origins to identify attack patterns, detected one campaign that generated 4,580 different identity permutations targeting four geographical regions and three industries simultaneously.

South-east Asia emerged as the epicentre of these large-scale attacks, accounting for 88% of incidents. 

Vietnam represented 59% of attack origins, followed by Malaysia at 13%, the Philippines at 9%, and Indonesia at 5%. The United States and Colombia accounted for 8% and 4% respectively.

FaaS operators can launch attacks within hours using platforms that combine AI tools for synthetic identity generation, bots for mass account creation, and deepfake generators to circumvent ID verification systems. 

The service structure includes data aggregators selling stolen identities, AI synthesisers generating fake profiles, and bot coordinators managing automated attacks.

Evolution of Attack Methods

Data from AU10TIX shows attack methods evolved significantly throughout 2024. 

The company's quarterly analysis reveals a sharp decline in document number exploitation, replaced by increased use of image templates and synthetic selfies. 

This transition accelerated in Q3 when AI-generated content emerged as fraudsters' preferred method for bypassing verification systems.

The technical sophistication of FaaS platforms has expanded to include automated tools for creating convincing identity documents, synthetic facial images that can pass liveness checks, and coordinated botnets capable of launching simultaneous attacks across multiple geographical regions.

Sector Analysis and Impact

The payments sector experienced a decline in fraud attempts, with attack volumes decreasing from 54% in Q2 to 43% in Q4 2024. 

This reduction coincided with increased law enforcement activity and a migration to social media platforms, where attack volumes increased from 3% in Q2 to 16% in Q3, reaching 30% by Q4.

Social media platforms have become particularly vulnerable as they expand into e-commerce functionality. 

The report identifies these platforms as attractive targets due to their combination of financial transactions and relatively limited identity verification requirements compared to traditional payment providers.

Regulatory Impact and Industry Response

The cryptocurrency sector saw attack volumes decrease by 49% from 2023 peaks following the implementation of Markets in Crypto Assets (MiCA) regulations. 

Quarterly data shows cryptocurrency-related attacks started at 31% in Q1, dropped to 24% in Q2, rose to 29% in Q3, before settling at 24% in Q4, demonstrating the stabilising effect of regulatory oversight.

The increasing sophistication of FaaS platforms has contributed to projections of US fraud losses reaching US$40bn by 2027. 

This forecast reflects the emergence of an ecosystem comprising data theft, synthetic identity generation and automated attack deployment.

According to a 2023 World Economic Forum report cited in the research, trust in digital platforms has declined due to rising concerns about fake accounts and manipulated content. 

The report identifies social networks as particularly vulnerable without implementation of robust identity verification systems.

Combat Strategies and Technology

AU10TIX's research emphasises the need for consortium validation and enhanced selfie detection capabilities to combat sophisticated fraud. 

The company's Serial Fraud Monitor system demonstrates the effectiveness of pattern recognition in identifying coordinated attacks, particularly in social media environments where deepfakes and synthetic identities threaten platform credibility.

The report highlights the emergence of new verification technologies designed to counter AI-generated content, including advanced liveness detection systems and cross-platform identity validation protocols. 

These tools aim to identify synthetic identities while maintaining user experience for legitimate customers.

“2024 has been a game-changer in fraud prevention. FaaS has taken cybercrime to a new level, enabling coordinated mega attacks that now average over 8,000 incidents each. 

“By embracing smarter fraud prevention strategies and layered defences, businesses can get ahead of these threats and build stronger trust with their users,” says Dan Yerushalmi, CEO of AU10TIX.

Explore the latest edition of FinTech Magazine and be part of the conversation at our global conference series, FinTech LIVE. 

Discover all our upcoming events and secure your tickets today.

FinTech Magazine is a BizClik brand