The professionalization of cybercrime is on the rise, with increasingly sophisticated and simultaneous attacks.
As a response to this growing threat, we propose an Identity-First approach, which places digital identity at the core of security strategy — ensuring that every interaction is authenticated in real time without compromising user experience.
This report explores the main factors shaping the evolution of digital fraud, including the acceleration of digitalisation, changing consumer behaviours, regulatory fragmentation, and cybercriminals’ access to advanced technologies.
Alicante, October 13, 2025 – Facephi has launched the Fraud Intelligence Report 2025, an in-depth study of the current fraud landscape. The report analyses how Fraud as a Service (FaaS) has undergone a structural transformation, becoming a global underground industry, and stresses the need for an Identity-First Security approach — one that focuses on user identity and continuous authentication to counter new risks such as personalised and AI-powered fraud attacks.
“Fraud as a Service has changed the rules of the game: every digital interaction is now an opportunity for criminals. We’re no longer dealing with improvised scams full of spelling errors — cybercrime has evolved into well-organised operations that replicate human behaviour and evade traditional controls. That’s why we must protect identity as a whole, not just validate a face once. We need to secure the entire lifecycle,” said Javier Mira, CEO of Facephi.
The professionalization of digital identity fraud
The World Economic Forum estimates that cybercrime will have a global impact of $10.5 trillion per year by 2025, with identity fraud as a key driver. This trend has been reinforced by the rise of Fraud as a Service (FaaS).
This model has created an ecosystem in which complete “fraud kits” — including tools, guides, and support — are sold, allowing anyone to launch scalable attacks. This has turned identity theft into a valuable commodity, giving rise to an organised criminal industry.
Such professionalization multiplies the number of attackers, enables simultaneous attacks, increases sophistication, and reduces costs — while making law enforcement efforts far more complex.
An Identity-First approach to combat modern attacks
In this new landscape, identity is no longer just a document or a set of data — it’s a personal key. The traditional system-centric model of cybersecurity is outdated.
We propose an Identity-First Security paradigm, placing digital identity at the centre of operations and protecting the entire identity lifecycle. This model ensures that verification becomes the first line of defence, enabling real-time authentication against a user’s unique “digital DNA,” while maintaining a frictionless experience.
This approach establishes a new standard for end-to-end digital trust, based on three pillars:
- Prevention of identity impersonation,
- Detection of unauthorised account takeovers (ATO),
- Prevention of authorised fraud, such as mule accounts.
A snapshot of digital fraud: key sectors and drivers
The rise of these criminal activities is driven by factors such as rapid digitalisation, evolving consumer behaviour, regulatory fragmentation, and criminal access to AI-driven tools.
The banking sector is one of the most affected, with account takeovers and deepfake-based attacks. Fintechs and neobanks face fake account creation and onboarding fraud, while the gaming industry is exposed to large-scale fraud from device farms that exploit promotions or manipulate reward systems.
The report also highlights how cybercrime-as-a-service challenges current regulations — due to slow legislative updates, inconsistent legal frameworks, lack of consensus on definitions, and the increasing technical sophistication of cyberattacks.
Download the full report here.