The past year proved to be one of the most intense on record for threat intelligence teams operating across the financial crime landscape. Throughout 2025, investigators spent countless hours uncovering how fraud-as-a-service ecosystems are evolving, scaling, and professionalising at a pace that continues to outstrip traditional controls.
According to Resistant AI, from document fraud marketplaces to “verified” account trading and the accelerating use of generative AI, the findings paint a clear picture of a maturing criminal economy that is increasingly difficult to disrupt.
One of the most significant findings was the sheer industrial scale of document fraud enabled by online template farms. What was once a specialist activity requiring advanced design skills has become widely accessible, with more than 360k templates from over 15k issuers circulating across hundreds of websites. These platforms collectively attract millions of visits each month, with templates typically selling for around $28 and often for much less.
Beyond public websites, a substantial portion of this activity operates through messaging platforms such as Telegram, where automated bots and direct communication make ordering and fulfilment almost frictionless. As a result, acquiring a convincing fake document now requires little more than a basic search and a few clicks, reinforcing the resilience of the fraud-as-a-service model heading into 2026.
Alongside fake documents, 2025 also exposed the rapid expansion of the “verified” account marketplace. Researchers identified hundreds of thousands of listings for accounts across more than 3k platforms, spanning banks, crypto services, exchanges, marketplaces, social media networks and freelance portals.
These markets do not exist in isolation. Instead, they bundle documents, identities, contact details and even corporate structures into packaged offerings. This convergence allows serial fraud, money laundering networks and large-scale scam operations to operate with alarming efficiency, using accounts that are indistinguishable from legitimate users.
Attempts to dismantle these ecosystems have shown just how resilient they are. A high-profile law enforcement takedown of a document farm in 2025 initially appeared successful, with domains seized and operations disrupted.
However, within months the service had resurfaced under new domains, regained traffic and re-established its customer base. This pattern is increasingly common. Farms routinely migrate infrastructure, mirror platforms across multiple jurisdictions and maintain contingency channels to keep customers informed. Their operational security reflects an expectation of enforcement pressure rather than fear of it.
Generative AI added another layer of complexity over the year. Advances in image generation have made forged documents almost indistinguishable from genuine ones, with earlier visual flaws disappearing rapidly as models improved. Automation and API-driven workflows are lowering the barrier further, enabling fraud at unprecedented scale across use cases such as expense abuse, insurance fraud and invoice manipulation.
In response, detection efforts are shifting towards layered approaches that analyse structural patterns, textures and anomalies beyond simple metadata checks, supported by vast real-world training datasets.
Finally, research highlighted the overlooked role of template hubs and document-hosting platforms. Sites designed for legitimate knowledge sharing often host thousands of authentic documents uploaded by unsuspecting users. These materials can be easily repurposed by fraudsters, providing a continuous supply of high-quality source documents.
Together, these five insights underline a stark reality: financial crime ecosystems are adaptive, interconnected and persistent, demanding equally adaptive detection and intelligence strategies in the years ahead.
Find more on RegTech Analyst.
Copyright © 2026 FinTech Global
