Fraud-as-a-Service in the AI Age: Why Defenses Depend on Data Accuracy

If there were a single theme of conversations at Money20/20 this year, it was this: fraud has become industrialized, and AI is its new operations team.

On stage and in corridors, leaders spoke about fraud-as-a-service (FaaS) platforms, AI agents, and the uncomfortable reality that the same tools used to delight customers can be turned into industrial-scale abuse. At the same time, almost every AI session circled back to one deceptively simple point: AI is only as useful as the data beneath it.

That's particularly true in fraud. As fraudsters weaponize residential proxies and AI agents, we're watching the rise of "synthetic users," automated customers that look, move, and pay like real people… until they don't. And while defenders are responding with their own LLMs and AI agents, they're playing an entirely different game. Attackers can afford trial and error. If a residential proxy gets flagged, they rotate to another and try again.

Defenders don't have that luxury. Every false positive costs them customer trust; every false negative costs them money. And when your IP data is inaccurate, you don't even realize you're making the wrong call — you block a legitimate user thinking they're suspicious, or wave through a fraudster because your data told you they looked safe.

When every decision counts, if you want AI to help you fight fraud, your IP data has to be bulletproof.

From DIY Fraud to Fraud-as-a-Service

Not long ago, large-scale online fraud required serious skill. You needed to write your own bots, source your own infrastructure, and manage operational security.

Today, those barriers have collapsed. Vendors offer fraud-as-a-service subscriptions that package everything: phishing kits, fake ID templates, OTP-bypass bots, mule-recruitment networks, and even helpdesk support. OTP bots marketed on Telegram, for instance, charge around $150 per month for premium access. Payment plans, subscription tiers, customer support: fraud now operates like a legitimate SaaS business.

Operation SIMCARTEL illustrates the infrastructure layer at scale. In October 2025, law enforcement from Austria, Estonia, Finland, and Latvia, coordinated by Europol, dismantled a SIM farm network based in Latvia. The operation seized 1,200 SIM box devices with 40,000 active SIM cards and shut down two criminal websites.

The platform had facilitated 49 million fake online accounts using phone numbers from over 80 countries. Austrian authorities traced 1,700+ fraud cases and €4.5 million in losses to the network; Latvia tallied 1,500 cases and €420,000. The customers of SIMCARTEL never needed to understand how SIM boxes work. They rented access, paid in crypto to avoid tracking, and deployed the infrastructure for their own scams.

This is cybercrime-as-a-service at industrial scale, and the blueprint for what's coming next.

How AI + Residential Proxies Are Scaling "Synthetic Users"

Residential proxies have always been fraught with abuse. They let bots route traffic through real user devices and home IP addresses, making automated traffic indistinguishable from normal human behavior. Now combine that with AI agents, and things get far more interesting.

The emerging pattern works like this:

1. Scripted "form bots" handle the repeatable work: registration, login, card testing, micro-purchases.
2. Residential proxies give each session plausible geography: correct country, realistic ISP mix, low-velocity IP rotation that mimics human movement patterns.
3. AI agents sit on top, acting like a human operator:
   • Navigating new UX flows and error states
   • Rerouting when a proxy or account is blocked
   • Adapting behavior in response to friction (extra KYC, step-up authentication)

The result is a bot that behaves like a legitimate, slightly clumsy human. And it can scale to millions of attempts.

Researchers have documented how bots, proxies, and LLM-driven decision-making are bundled together in card-testing attacks to systematically probe defenses. The technical sophistication keeps pace with each new defense mechanism: when step-up authentication appears, the bot learns to handle it; when velocity checks tighten, the bot slows down; when an IP is flagged, it rotates to the next proxy.

As a novice fraudster, you don't build this yourself. You rent the bot, rent the proxy, buy the playbook, pay in crypto, and get started.

Asymmetric Warfare

Defenders are going agentic, too, but they face much higher stakes. The fintech and banking side is making efforts to fight back. There's been a clear shift from AI hype to AI as core fraud-fighting infrastructure:

• Banks and PSPs are deploying multi-agent AI systems where different agents analyze transactions, gather evidence, and generate case summaries for human investigators.
• LLM-enhanced models are being used to interpret complex transaction graphs, pull insights from unstructured data, and help analysts query fraud datasets in natural language.
• There's a growing focus on securing AI agents themselves: controlling their access, monitoring their actions, and ensuring they can't be weaponized by attackers.

So both sides are running agent stacks now. And defenders need better data than ever.  If your fraud defenses are trained on poor-quality or shallow data, especially around IPs, devices, and networks, you're just building a more sophisticated way to be confidently wrong.

Why IP Data Quality Is Make-or-Break

In this environment, IP data is one of the core signals your AI agents rely on to understand what's really happening:

• Location & network type: Is this a plausible IP for this user? Is it a mobile carrier, residential ISP, data center, or known anonymizer?
• Proxy / VPN / residential proxy flags: Was this IP observed as part of an anonymizer network?
• Historical behavior: Has this user's account been accessed from IPs in 10 different countries within 24 hours? Did it suddenly flip from a hosting ASN to residential?
• Stability & movement: Is this IP stable over time or constantly repurposed across geographies?

Now imagine training a fraud-fighting LLM on historical events where that IP data was noisy or shallow:

• Residential proxies mislabelled as "normal broadband"
• Heavily abused hosting IPs wrongly treated as low-risk
• Missing historical context: only a snapshot for "today," not how the IP behaved over 18 months

Your models learn that bad behavior is normal, good behavior is suspicious, or that IPs simply don't matter much. When you deploy those agents into production, they carry those biases forward.

One of our enterprise customers recently requested substantial historical IP datasets specifically to train internal LLM-based fraud analysis systems. Their logic was straightforward: if the model is going to reason about risk, it needs to see what IPs actually did over time — not a single static label applied retroactively.

But historical IP intelligence only helps if it's:

1. Evidence-based – rooted in measurement (routing changes, latency patterns, direct interactions with anonymizer services).
2. Contextual – enriched with ASN, network type, proxy/VPN usage, and geography, so models learn patterns, not just point labels.
3. Time-aligned – exposing what was known then, not today's best estimate retro-applied to the past.
4. Explainable – giving fraud teams enough provenance to understand why an IP looked risky or benign at the time.

This is where high-quality IP datasets that are measured, contextual, and evidence-first become the difference between AI that actually helps and AI that just adds noise.

How to Make Your AI Agents "IP-Aware"

If you're building or evaluating AI-driven fraud systems, a few pragmatic steps can ensure IP data is helping, not hurting:

Interrogate vendor methodology. Ask how they detect proxies, VPNs, and residential proxy networks. Choose vendors who directly interact with services or have robust measurement infrastructure, rather than relying purely on AS names and hostnames.

Demand historical coverage. For LLM and agent training, you need time-stamped IP context, not just current labels. Check how far back the provider can go, and whether signals are available at daily or weekly granularity.

Continuously re-evaluate IP patterns. As new FaaS and residential proxy services emerge, patterns of "normal" change. Feed updated IP intelligence into your models and constantly evaluate what is working and what is not.

Fighting Fraud-as-a-Service with Data-as-a-Service

Fraud-as-a-service isn't going away. If anything, SIM farms like SIMCARTEL, residential proxy networks, and AI-driven bot kits are just the early prototypes of a broader criminal platform economy. The economics are too compelling: low barrier to entry, high scalability, plausible deniability for individual operators.

Defenders have access to AI agents, automation, and rich data, too. But they face a harder problem: attackers can afford to fail 90% of the time and still profit. Defenders can't. Money20/20 sessions made it clear that agentic AI will define the next wave of fraud prevention, but only when it's built on data accurate enough to thread the needle between security and customer experience.

IP data sits at the heart of this asymmetry. Get it wrong, and you're training sophisticated models on a distorted view of the internet. Get it right, and you give your AI agents the context they need to distinguish a human from a "bot human," and a customer from a FaaS subscriber, without sacrificing either security or experience.

In the age of fraud-as-a-service, attackers can afford to be wrong. You can't.