If you’re a payment provider, the fraud threat facing your merchants is your threat too. What’s more, it’s evolving faster than most defenses can keep up.
Increasing digitization, widespread AI-powered automation and the explosion of dark web marketplaces are all accelerating the growth of fraud. But there’s a critical shift happening that doesn’t get enough attention: the emergence of fraud-as-a-service (FaaS). Professional service providers on the dark web are packaging complex fraud tools into turnkey offerings, eliminating barriers to entry and powering a surge in attacks.
In March 2026, leading global threat intelligence company Recorded Future released its annual Payments Fraud Intelligence report, drawing on data and trend from the past year. The findings were stark: FaaS has reached industrial scale, with services spanning card testing, merchant account theft, eSkimmer deployment and one-time password (OTP) interception.
These insights highlight how fraud has evolved over the past year and what it means for your business.
The Rise of Professionalized FaaS
One of the clearest trends is the growing professionalization of FaasS across four key areas:
Card Testing
Recorded Future’s data showed that card-testing-as-a-service is booming, particularly on Telegram. Over the past year, more than 27 million card records were exposed on Telegram channels offering card generation and testing services alone. These channels use bank identification number (BIN) attacks to find valid cards by generating mass lists of numbers from known BINs, then running them to sort winners from losers.
As more FaaS providers launch on easily accessible platforms like Telegram, testing volumes will only grow. For you and your merchants, the impact is direct: falling victim to a testing campaign is disastrous, especially when it triggers a wave of chargebacks from successful tests.
Merchant Fraud
AI-powered fraud tools, including phishing kits, credential stuffing services and synthetic identity generators, are making it easier for bad actors to access merchant accounts. Recorded Future detected a four-times increase in scam merchant accounts year over year, impacting 230 processors across 40 countries.
While accessing a merchant account is often the first step in a longer, more complex fraud scheme, one of the fastest-growing threats was hit-and-run scam websites. These sites steal money through sales of products and services that don’t exist. Scammers impersonate established brands, use social media ads to drive traffic to a network of fake ecommerce sites and harvest authorized payments. The chargebacks are inevitable, but by the time they arrive, the scammer’s already moved on.
ESkimmers
ESkimmers (also called Magecart attacks) are the digital equivalent of the physical skimmers that steal card data at gas pumps and convenience stores. They’re injected into online checkouts through malware kits that are now available as-a-service on the dark web. The business model is straightforward: an experienced provider handles installation and operation of the malware in exchange for a share of the proceeds or the raw data it generates.
Recorded Future detected 7,300 new eSkimmer infections, bringing the total to 10,500. The company estimates that 234 million transactions were compromised through Magecart in 2025. Centralized ecommerce services like platforms and marketplaces are prime targets because of the sheer volume of transactions flowing through them. If you’re serving those merchants, that exposure lands on you.
One-Time Password Interception
OTP interception is becoming an increasingly important fraud service because it enables digital wallet fraud at a time when consumers are adopting wallets at record pace. Recorded Future saw an uptick in ghost tapping and near-field communication (NFC) relay fraud. In these schemes, bad actors use intercepted one-time passwords along with stolen card information to load a card onto a digital wallet on a burner phone. That phone is then sold on the dark web, or in some cases sent to mules who use the stolen credentials to buy goods on behalf of organized crime networks.
This is one of the harder problems in fraud right now. Digital wallet transactions are often treated as “trusted” by anti-fraud systems thanks to the security features, like biometrics, that make wallets secure in legitimate use. That trust becomes a vulnerability when the wallet itself is compromised, and there’s no easy fix.
What the Rise in FaaS Means for You
Complex Fraud Is Now Accessible to Anyone
Industrialized FaaS effectively eliminates barriers to entry. Even inexperienced bad actors can carry out complex attacks, as long as they’re willing to pay. This also creates an insulating layer for the most sophisticated fraudsters: they’re profiting not by committing attacks directly, but by packaging and selling the tools to others.
When you combine that professionalization with wide-scale access to AI and easy automation, the math gets worse quickly. More attackers, more attacks, more complexity, lower costs. The overall attack surface facing your business is about to expand significantly.
Your Fraud Defenses Must Be Highly Integrated and Orchestrated
Industrialized FaaS represents an escalation in the ongoing war between fraudsters and the organizations trying to stop them. Attacks are getting more complex and more frequent, and they’re hitting on multiple fronts simultaneously. Defenses need to match that sophistication.
In order to stay ahead, you need anti-fraud systems that treat fraud defense not as a bolt-on feature, but as a fully integrated, native part of your payments technology stack. AI-powered detection tools that analyze more information in less time and compare it against enormous databases of known fraud patterns are now essential. Information on fraud must also flow freely between tools in the stack and between teams within your organization.
The bottom line: it’s imperative that your fraud defense is a deeply embedded function that keeps your merchants safe without damaging approval rates.
How NMI Helps You Fight Back
We offer a full line of fraud defense tools designed to integrate with your payments offerings and your merchants’ daily operations. As an NMI partner, you benefit from:
- AI-powered fraud prevention through Kount, which uses machine learning to detect and block fraud in real time across billions of transactions
- Advanced security features including network tokenization, point-to-point encryption (P2PE) and 3-D Secure (3DS)
- Native card testing detection built directly into your gateway
- Automated underwriting tools for better detection of merchant account fraud at the point of onboarding
To find out how we can help you wall off your merchants from the next generation of advanced fraud, reach out to a member of our team today.
