New Delhi, May 22 -- Underworld fraud has undergone its own version of the platform economy. What was once driven by technically sophisticated actors has evolved into an organised, scalable ecosystem where tools, infrastructure and support can be bought almost off the shelf. Fraud today increasingly resembles a coordinated industry rather than isolated criminal activity.

In a conversation with TechCircle, Sandesh Gs, Chief Technology Officer (CTO) at Bureau, said the biggest change in digital fraud is not simply the rise in attacks but the transformation of fraud's underlying structure.

"For a long time, large-scale fraud depended on a small number of highly skilled individuals," Sandesh said. "You needed real technical expertise in building malware, staying ahead of security systems and moving money without raising alerts. That naturally limited both participation and scale."

That limitation no longer exists, he argued. Fraud now functions much like a service economy, where the people creating tools are often different from those executing attacks. In underground communities and encrypted channels, fraud kits are sold like software subscriptions, complete with pricing plans, updates and support.

The shift, according to Sandesh, changes the economics of cybercrime entirely. "What this has done is turn fraud from the work of isolated actors into coordinated networks with defined roles," he said. "One group builds tools, another runs attacks and another manages mule accounts that receive and move stolen funds."

Fraud increasingly mirrors a supply chain model. Developers create phishing kits, document forgery software, automation systems and deepfake tools. Operators deploy these assets to run scams, while mule account networks route and disperse stolen money.

The modular structure is what makes these systems resilient. "If mule accounts are blocked, new ones are created. If a tool is shut down, another replaces it," Sandesh explained.

That same infrastructure can also be reused across institutions and fraud categories, making detection harder for banks and fintech firms. A device farm used for promotional abuse, for instance, can later be repurposed for account takeover or payment fraud. "So while the type of fraud may look different on the surface, the underlying system and infrastructure often remain the same," he said.

The shift also challenges assumptions about who fraudsters are. Popular perception still imagines highly skilled individuals operating complex systems. But Sandesh believes many operators today require surprisingly little technical expertise.

"The expertise now sits with the people building the tools," he said. "The people using them often don't need much technical knowledge at all." Underground offerings now include OTP interception systems, fake banking interfaces and automated scam management dashboards. Some even come with operational support.

The accessibility of these tools may be the most worrying part. Complete identity profiles can reportedly be assembled for under Rs.400, while scam kits are available on subscription models for as little as $20-$50 a month.

"A useful comparison is cloud computing," Sandesh said. "Before cloud, only large organisations could afford advanced infrastructure. Cloud made that accessible to everyone. Fraud has gone through a similar shift." That democratisation of capability may help explain the scale of fraud in India. Government figures presented in Parliament pointed to nearly 24 lakh digital fraud cases and losses of Rs.4,245 crore in the first ten months of 2025.

But volume alone is not the challenge. Fraud itself is becoming harder to detect. Traditional systems rely heavily on transaction-level monitoring, looking for unusual transfers or suspicious patterns. Sandesh argued that organised fraud is increasingly designed to evade such detection. "Modern fraud is designed so that each transaction appears normal," he said. "Accounts look legitimate, activity stays within expected limits and nothing stands out in isolation."

The signals emerge only when viewed collectively: the same device appearing across multiple accounts, money moving through chains of users or behavioural patterns repeating across seemingly unrelated individuals.

"Fraud is no longer an isolated event; it's a connected system," Sandesh said. That is driving greater reliance on network-level intelligence, device signals and behavioural analysis. Identity information can be stolen or fabricated, but behaviour often leaves traces.

"What's much harder to fake is how a real user behaves, and how a real device looks over time," he noted. For financial institutions, the message is clear: the future of fraud defence may depend less on spotting suspicious transactions and more on understanding hidden relationships between users, devices and behaviour. As Sandesh put it, the fraud economy itself now operates like a platform business - connected, modular and built for scale.

Published by HT Digital Content Services with permission from TechCircle.