AU10TIX Year-End Report on Global Identity Fraud Names 2024 ‘The Year of Fraud-as-a-Service (FaaS)’

AU10TIX, a global technology leader in identity verification and management, today released its 2024 Report on Global Identity Fraud. Drawing insights from millions of transactions processed around the globe from January to December 2024, the report uncovers significant trends in large-scale organized identity fraud. “2024: The Year of Fraud-as-a-Service (FaaS)” outlines how ‘the industry’s dark engine’ offers user-friendly fraud kits that enable amateurs to execute complex attacks against thousands of accounts in minutes.

“FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to 8,000+ incidents,” said Dan Yerushalmi, CEO of AU10TIX. “Using AI-driven tactics such as deepfake selfies and synthetic identities, organized fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defenses can businesses stay ahead of emerging threats and strengthen trust with their users.”

FaaS platforms provide all the tools, templates and automation that fraudsters need to commit widescale identity fraud, deepfakes, and cyberattacks, including:

• Deepfake generators to create synthetic selfies and videos
• Botnets to automate mass-scale account creation and takeover
• Phishing kits for email and web-based scams
• Dark web marketplaces: a hub for buying stolen data

AU10TIX Identifies 2024 Mega Attack of 4580 Unique Permutations

In one instance, AU10TIX detected a single mega attack spanning four geographies (APAC, EMEA, LATAM, NA) and three industries (payments, crypto, social media). It involved 4,580 unique permutations of the same ID template and had all the markings of an FaaS-enabled attack. APAC led the pack as the epicenter of 2024’s mega attacks, taking 88% of the overall share.

Other 2024 Trends

Social media became a critical battleground for fraud and misinformation in 2024, with a surge of activity related to elections, international conflicts, and other hot-button topics. Users also increasingly leveraged these platforms for e-commerce, which opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms. As a result, a full 30% of identity fraud attacks targeted social media in Q4, compared to a mere 3% in Q1.

As fraud increased on social media platforms, it declined in the payments sector, historically the most targeted industry. Payments saw 54% of attacks in Q1, but due to tougher law enforcement, the number had declined to 43% by Q4.  Attacks against the crypto sector also decreased to 24% and stabilized following the implementation of MiCA regulations in 2023.

Key Takeaways

AU10TIX’s 2024 Report on Global Identity Fraud offers three actionable insights to help organizations protect against identity fraud:

• Social Media Platforms Must Invest in Smarter Fraud Detection – Enhanced selfie and fraud detection tools are necessary to protect social media engagement, ensure account authenticity, and prevent the risks posed by fake accounts.
• Engage in Transparent Collaboration – Consortium validation and visual fraud simulations are powerful tools against FaaS-driven mega attacks. Organizations can leverage consortium insights to add a robust second layer of protection and risk mitigation.
• Be Proactive – Don’t just react to what’s happening now; prepare for what’s coming next. Future-proofing means adopting AI-driven validation and multi-layer defenses to combat deepfakes, synthetic identities, and emerging threats.