Accertify: AI Fraud and the Rise of Cybercrime Marketplaces

Cybercrimes of today are faster, smarter and more accessible than ever before.

From fraud-as-a-service operations to AI-powered phishing and behavioural manipulation, today’s threat landscape is evolving into a highly organised digital economy where even low-skill actors can launch sophisticated attacks at scale.

As enterprises face growing pressure to defend customer journeys, contact centres and online platforms, traditional security approaches are no longer enough.

Organisations are increasingly turning to AI, behavioural analytics and layered defence strategies to detect fraud patterns, identify anomalies and respond to threats in real time.

In this Q&A with Cyber Magazine, Stuart Mann, Director of Fraud & Account Protection Product Management at Accertify, explores how cybercrime marketplaces are evolving, why enterprise risk exposure is growing and how businesses can strengthen their fraud prevention capabilities in an AI-driven era. 

How has fraud-as-a-service changed the entry barrier for cybercrime in recent years?

Fraud‑as‑a‑service (FaaS) has fundamentally lowered the barrier to entry for cybercrime by separating technical capability from criminal intent.

Rather than needing specialist skills in malware, bots or large‑scale credential attacks, aspiring fraudsters can now purchase or rent end‑to‑end services delivered by more experienced operators.

A striking evolution of this model is the growing willingness of consumers to actively participate by handing over login credentials and personal details to third parties who act on their behalf.

In these scenarios, fraudsters no longer need to compromise accounts through techniques such as credential stuffing or phishing.

Instead, access is granted willingly, enabling low‑volume, human‑driven logins that lack traditional bot‑like signals and can appear legitimate at a surface level.

This shift has made fraud more accessible, harder to attribute, and operationally simpler to execute.

At the same time, FaaS introduces new detection opportunities for organisations.

Behavioural and contextual signals – such as the same device accessing multiple customer accounts, unusually high familiarity with account pages or location mismatches between purchase and refund activity – can reveal professional fraud operators acting across customers.

As fraud becomes more service‑driven and human‑mediated, visibility increasingly depends on behavioural consistency rather than overt technical attacks.

What does the rise of a SaaS-style cybercrime ecosystem mean for enterprise risk exposure?

The rise of a SaaS‑style cybercrime ecosystem significantly expands enterprise risk exposure by industrialising access to fraud techniques and lowering the skill threshold required to exploit weaknesses.

FaaS models enable a broader pool of actors to identify and monetise procedural loopholes rather than technical vulnerabilities, pushing attacks towards areas of least resistance such as contact centres and customer support channels.

Fraudsters increasingly refine scripts, phrases and emotional triggers that are most effective when interacting with human agents, turning social engineering into a repeatable service rather than an ad‑hoc tactic.

As a result, enterprise risk management must move beyond perimeter security and account takeover prevention to explicitly address first‑party abuse and process‑driven exposure.

Migrating customers to self‑service digital channels can reduce this risk while generating richer behavioural data, including patterns in chatbot interactions, language reuse and journey familiarity that are difficult for genuine customers to replicate.

This data enables stronger detection and continuous improvement of controls.

More broadly, SaaS‑style cybercrime increases risk through scale and specialisation: criminals now collaborate as ecosystems, reuse infrastructure, and rapidly adapt based on feedback.

This accelerates attack cycles and raises the cost of inaction.

Some organisations are responding by proactively stress‑testing their own processes, using adversarial techniques to identify vulnerabilities before criminals do.

How is AI being used to help attackers scale, automate or improve fraud tools?

AI is increasingly used by attackers to scale, automate, and refine fraud at a pace that overwhelms traditional controls.

On the scaling side, generative AI lowers the effort required to build and adapt attack tooling, enabling the rapid creation of credential‑testing bots, automation scripts and social‑engineering workflows.

Bot traffic now outweighs human traffic across much of the internet, and AI allows attackers to operate below common detection thresholds.

Instead of high‑volume, single‑IP bursts, credential‑stuffing attacks can be distributed, low‑and‑slow, dynamically rotating devices, locations and behaviour to bypass network‑level and edge‑based protections.

AI also supports real‑time decisioning during attacks, selecting which accounts, flows or channels offer the least resistance.

Beyond access attacks, generative models are used to fabricate convincing supporting evidence for fraud, such as synthetic images of damaged goods, contaminated food or failed deliveries, making manual review increasingly unreliable.

At the same time, AI is being used to improve fraud‑prevention tools in response to these threats.

Solution providers leverage machine learning and large language models to analyse attacks quickly, describe their behavioural “DNA”, and update models or rules accordingly.

Computer vision is used to detect manipulated or AI‑generated images submitted with claims, while behavioural models identify anomalies across journeys rather than single events.

AI is also being applied offensively by defenders, stress‑testing systems and processes to uncover vulnerabilities before attackers can exploit them.

Why are low-skill attackers now becoming a serious and persistent enterprise threat?

Low‑skill attackers are becoming a serious and persistent enterprise threat because cybercrime has been industrialised, democratised and culturally normalised for a new cohort of participants.

FaaS models remove the need for technical expertise, allowing individuals with minimal skills to access pre‑built tools, data and end‑to‑end services that can be deployed at scale.

This has significantly increased attacker volume and persistence, even as individual skill levels decline.

A notable shift is the growing involvement of younger demographics.

In recent years, nearly half of identified cybercrime suspects have been aged 21 or younger, driven by easy access to tools, digital fluency and targeted recruitment through social media, gaming platforms and encrypted messaging apps.

Many are drawn in by promises of quick money or view their activity as low‑risk, gamified experimentation rather than serious criminal behaviour.

Others are used as money mules or operational intermediaries by more organised criminal groups, insulating senior actors from direct exposure.

For enterprises, the risk is cumulative rather than sophisticated: large numbers of low‑skill attackers repeatedly probe business logic, customer service channels, refund processes and account recovery flows.

When combined with automation and AI‑assisted adaptation, even unsophisticated abuse becomes economically damaging and difficult to eradicate

What are the most effective layered defence strategies you are seeing using AI and behavioural analytics?

The most effective layered defence strategies combine continuous risk assessment with multiple, purpose‑built AI and machine‑learning models applied across the entire customer journey.

Rather than relying on a single, monolithic model, leading organisations deploy specialised models designed to analyse distinct interactions – such as account creation, log‑in behaviour, profile changes, payments, refunds and customer support engagement.

A model optimised for log‑in risk, for example, will focus on authentication signals and behavioural familiarity, while payment‑risk models prioritise transaction patterns, velocity and intent.

Crucially, this layered approach must also include industry‑specific models, as the relevance of signals varies significantly by sector.

In airlines, behaviours such as “impossible routes”, last‑minute itinerary changes or repeated name corrections are high‑risk indicators, while in retail, signals like the distance between billing and shipping addresses or refund behaviour across multiple delivery locations carry greater weight.

Tailoring models to industry context improves precision and reduces unnecessary friction for legitimate customers.

These models operate as a layered decisioning stack, sharing context and outputs to inform downstream controls.

Device and environmental intelligence provides a baseline layer, while User Behaviour Analytics assess keystroke dynamics, mouse movement, navigation familiarity and time‑on‑page.

Higher‑level orchestration models then correlate behaviour across journeys, enabling continuous reassessment of risk and adaptive treatment as tactics evolve.

How is the “marketplace economy” for cybercrime evolving and what is driving its rapid professionalisation?

The cybercrime “marketplace economy” is evolving into a highly structured, professionalised ecosystem that increasingly resembles legitimate digital commerce.

According to CIFAS, UK fraud cases reached a record 444,000 in 2025 – around 1,200 reports per day – reflecting both the scale and accessibility of modern fraud.

Online forums, social media platforms, and even step‑by‑step e‑books now allow inexperienced actors to learn directly from seasoned criminals, dramatically shortening the time needed to become operational and adapt tactics.

Economic pressures are also a powerful catalyst.

Ongoing global inflation has heightened demand for fast, low‑effort income, while language such as “hacks”, “glitches” or “infinite money loops” serves to normalise and sanitise behaviour that is, in reality, fraud.

This framing lowers psychological barriers and weakens moral accountability, particularly among younger participants.

At the same time, cybercrime has expanded well beyond FaaS into phishing, social engineering and scam facilitation, where victims may not even realise they are being manipulated.

The marketplace model thrives because rewards often outweigh perceived risks.

Collaboration among criminals is frictionless, while legitimate organisations struggle to share intelligence due to data‑privacy constraints.

Reimbursement policies designed to protect scam victims are also being exploited, further widening the ecosystem.

Together, these forces are accelerating the commercialisation and resilience of cybercrime.