Blog / News

FaaS: What is it and why is Fraud-as-a-Service trending?

Social media is king. People across the globe can communicate and interact in real-time with minimal effort. But what happens when fraudsters use this to advertise their very particular set of skills?

18 August 2022

FaaS: What is it and why is Fraud-as-a-Service trending?

Social factors have always had a huge impact on our buying habits. But smartphones and social networks have completely transformed the way customers shop. Your business can reach and influence a global audience just by logging into Instagram and Twitter. Unfortunately, so can fraudsters.

Social media sites and messaging apps have become promotional channels for professional fraudsters. These “fraudsters for hire” offer their shady skills to help genuine customers looking to get your products for less than they're worth.

In the past, you’d have to venture onto the deep web to get this kind of service – not anymore. According to one fraud fighter: “all of this fraud as a service is right on the surface web and it is the cause of the majority of fraud on our network”. So what does this mean for your business and what can you do to stop it?

What is fraud-as-a-service (FaaS)?

Fraud as a service is when a bad actor provides a service to your customers to enable fraudulent activity. Fraudsters use a range of criminal methods to make purchases on behalf of clients, who then pay them a fraction of the cost. This essentially works out as free money for the fraudster.

There are usually two actors at play: the skilled professional fraudster who makes a living committing fraud and the naive opportunist who wants a sneaky deal, but probably wouldn’t go out of their way to commit fraud themselves.

Some customers might not be completely aware of the illicit tactics used to get these steep discounts. But when the cost of living shoots up or money becomes tighter, a sly saving here or there becomes more appealing. And this is what fraudsters are banking on.

What is the role of social media here?

Consumers are 71% more likely to make a purchase based on social media referrals. And almost 80% of consumers say a company’s social media posts impact their purchases. Clearly social media is a powerful marketing and sales tool. But what happens when the same tools are used by fraudsters to promote themselves?

Leading social media sites like Reddit, Twitter, TikTok and Snapchat are chock-full of these schemes. Fraud as a service is growing and becoming more readily available. As put by one fraud analyst: “TikTok is a cesspit of fraudsters. If you know what to look for, it's like a never-ending rabbit hole”.

Merchants across all industries are being hit. One fashion retail brand reports seeing adverts offering 50-60% off their products. According to an online grocery retailer - “we were digging online and we found a couple of Facebook groups selling to customers – “you can get 50% off your groceries.” And for food delivery businesses, the “pizza plug” is a well-known favorite for young people looking for a cheap bite.

These fraudsters are comfortably capitalizing on the reach of social media. Worryingly, this has meant that it is easier for the average customer to participate in fraud - knowingly or not.

What fraud methods are they using?

Fraudsters use a variety of methods to get items for their customers that you’ll likely be familiar with.

Online payment fraud is a common one. Fraudsters use stolen credit cards to place orders or buy items, and then advertise their stolen wares online at a discount. The fraudster gets free cash, the customer gets an unbelievable deal, and you get hit with a loss.

Fraud as a service using account takeover is becoming increasingly popular, particularly on “aged” accounts. The outcome is similar to online payment fraud, except the fraudster places orders using an existing customer’s account. Shrewd fraudsters understand that they can take advantage of a loyal customer's good reputation. They face less friction and are less likely to have their order blocked.

Fraudsters can also use refund fraud as part of their fraud as a service schemes. One of the easiest ways to commit refund fraud is by taking over an established customer account. This is because the merchant is more likely to accept the refund. The fraudster can then make use of the money credited back to the account – “they place an order to one customer and they’ll get a refund to pay for their next customer’s order. They're only putting money up once and they’re getting loads back”.

What should merchants look out for?

Fraud as service is a major contributor to growing online fraud and cybercrime. And this only gets worse as things get more expensive and fraudsters get more organized. Although they use techniques that you may be familiar with, the patterns may differ, so it can be hard to track and eliminate.

That said, there are a few patterns that you can keep an eye out for on your network. According to one fraud expert, “we see multiple accounts, loads of addresses but the same payment method – for example, a PayPal account. And that is the indicator”.

This is because customers using these questionable services are often geographically spread out. If we look at a compromised food delivery account, a genuine customer will only have a couple locations that they get food sent to. But the account takeover fraudster might order food to several different addresses not unique to one location. This is a clear sign that fraudsters are making purchases on behalf of customers.

What steps can you take?

Revisit your rules with account age conditions

You can’t assume that a customer is who they say they are. Fraudsters know that you don’t want to negatively impact the experience of a loyal customer, and are exploiting this. Keep an eye on changes to long standing accounts – don't let this be a point of entry!

Track social media

Are you tracking mentions of your business online? Intelligence gathering is a key piece of fraud detection and social media is a goldmine. It can be time consuming, but it’s worth incorporating into your processes.

Retrain your machine learning model

Fraudsters are fast and adaptable but fortunately, so is machine learning. But only if you keep feeding your models as much data as possible. When you do spot patterns, make sure you’re retraining your model with this new behavior. Machine learning is better than rules at stopping fraudsters before they’ve even placed their first order.

Stay alert

Don't take old behavior for granted – just because you haven’t noticed something yet, doesn't mean it isn't happening. Learn more about how you can secure your customers and business from all angles.

Related content