Fraud as a Service (FaaS): Everything You Need to Know


The 2017 LexisNexis® True Cost of Fraud report makes for sobering reading. After surveying nearly 1,200 risk and fraud executives, the report concluded that fraud in retail, commerce, lending and financial sectors cost these industries more than 2.5 times the dollar amount of the actual fraud. Up to 31 percent to 43 percent of monthly transactions involved fraud attempts.

It gets worse. According to PwC’s 2018 Global Economic Crime and Fraud Survey, 49 percent of organizations globally said they had been a victim of fraud and economic crime.

DevOps Connect:DevSecOps @ RSAC 2022

What is FaaS?

In CSO Online, Daniel Cohen of the Online Threats Managed Services group at RSA says that FaaS offerings range from: “DDoS attacks and botnet rentals to stolen payment cards, healthcare records, and social media accounts for sale in just a single click. And with the increasing demand and competition in the deep web, some cybercriminals are making customer service guarantees a key differentiator for their services with try-before-you-buy options and returns for ‘faulty’ merchandise such as bad payment cards.”

However, FaaS is not just a blanket definition for digital fraud. While it does utilize techniques like phishing, whaling, insider fraud, SQL injection, and ATM-skimming, the concept more accurately refers to an insidious invasion of cyber criminals in an organized manner by:

  • Utilizing a global network of criminals for international fraudulent collaboration through underground forums
  • Creating a Dark Web platform from which FaaS activities take place
  • Making fraud a profitable product that can be sold on
  • Developing a network of services to aid fraudsters in committing digital crimes and converting stolen goods into cash

The FaaS model will gain traction in 2019 as it provides would-be cybercriminals with the means and opportunity to develop their own fraud businesses, at low cost and with little knowledge. The product (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Penny Hoelscher. Read the original post at: