Identity fraud is no longer limited to sophisticated actors. What once required technical expertise and insider knowledge can now be purchased through ready-made kits and subscription services. Fraud has become professionalized, packaged, and distributed at scale through an underground economy that mirrors the structure of legitimate software markets.
This model is known as Fraud-as-a-Service (FaaS). It lowers the barrier to entry, increases the volume of attacks, and fuels the rise of identity theft in ways that few traditional defenses are designed to stop.
Fraud has become professionalized, packaged, and distributed at scale.
What is Fraud-as-a-Service?
Fraud-as-a-Service operates much like Software-as-a-Service. Instead of requiring years of skill or custom coding, criminal groups offer plug-and-play solutions that make identity fraud accessible to anyone with money to spend. Marketplaces advertise services with tiered pricing, updates, and even customer support. Some operate openly on the dark web, while others blend into encrypted social media channels.
The structure is simple. A buyer subscribes to a toolkit, downloads the necessary scripts or applications, and can begin launching attacks within hours. No advanced knowledge of coding or cyber operations is required. The service model ensures the tools stay current, while subscription fees provide steady income streams for the developers.
Anyone can now buy into identity theft with a few clicks and a small subscription fee.
The Fraud Toolkit
What is sold under the FaaS model covers the entire spectrum of identity crime. Examples include:
-
Synthetic identity kits: Bundles of stolen Social Security numbers, names, and fabricated credit histories ready to use in account creation.
-
Deepfake and voice-cloning services: AI tools that can impersonate an executive or family member convincingly over phone or video.
-
Credential stuffing kits: Automated tools that test millions of stolen usernames and passwords across banking, retail, and email platforms.
-
Phishing packages: Pre-built websites and email templates that mimic legitimate institutions, with hosting included.
-
Document forgery tools: Software that can generate fake driver’s licenses, passports, or pay stubs to bypass verification checks.
-
Money mule networks: Access to accounts and intermediaries for laundering stolen funds.
The presentation is striking. These offerings are marketed with screenshots, tutorials, and customer testimonials in the same style as legitimate SaaS vendors. The difference is the end use: identity theft, fraud, and financial loss.
The underground economy now markets fraud with the polish of legitimate software companies.
Why FaaS is Growing
Three factors are driving the rapid expansion of Fraud-as-a-Service.
-
Accessibility: With subscription pricing as low as a few dollars per month, even low-level criminals can participate.
-
Innovation: Just as software developers patch and upgrade features, FaaS providers continually update their toolkits to bypass security controls.
-
Scalability: Automation means thousands of attacks can be launched simultaneously, magnifying the impact of each tool.
The result is a democratization of crime. What was once limited to a handful of skilled groups is now within reach of anyone willing to rent the tools.
Fraud is no longer a specialist’s trade. It has been democratized.
The Impact
The impact is visible in rising fraud numbers. Entrust’s 2025 Identity Fraud Report found that digital document manipulation rose 244 percent year over year, much of it powered by forgery tools sold through FaaS channels. SpyCloud’s 2025 Identity Exposure Report identified 721 million compromised credentials in circulation, often packaged into “combo lists” designed for automated attacks.
FaaS also creates a long-tail effect. Instead of a few major attacks making headlines, the number of smaller but still damaging incidents grows. More consumers are targeted, more small businesses are hit, and more sectors feel the impact. The cumulative cost is substantial.
Attribution is also harder. Because many attackers are simply renting tools, the source of an incident can be difficult to trace. This complicates law enforcement efforts and allows marketplaces to flourish with relative impunity.
Fraud-as-a-Service turns identity theft into a high-volume, low-skill crime.
Looking Ahead
Fraud-as-a-Service is positioned to drive much of the identity crime landscape in 2026. Synthetic identities, AI-enabled scams, credential abuse, and wire fraud all benefit from toolkits that can be bought rather than built. The service model ensures that as defenses adapt, criminal tools will adapt just as quickly. The scale of attacks will continue to rise as long as FaaS remains profitable and accessible.
The same model that made software accessible to businesses is making fraud accessible to criminals.
Conclusion
Fraud is no longer a specialist’s trade. It is an open market with subscription tiers and customer support. Fraud-as-a-Service has lowered the bar for entry, expanded the reach of identity theft, and created a constant churn of new attacks.
The result is an identity fraud ecosystem that is more scalable, more resilient, and more damaging than in years past. As long as these services remain available, the question is not whether individuals and organizations will be targeted, but how often.