The New Retirement Reality

The "traditional" UK retiree is a vanishing demographic. As of 2026, the Office for National Statistics (ONS) and the DWP report that over 1.1 million UK pensioners now reside overseas. This isn't just a trend for high-net-worth individuals; it is a cross-demographic shift driven by global mobility and the search for lower costs of living.

However, the risk to pension schemes doesn't start at the point of retirement. It begins decades earlier.

The Rising Challenge of the Mobile Workforce

While pensioners moving abroad is a well-documented trend, a more systemic risk is quietly accumulating in the "deferred" category: The Young Mobile Workforce.

• The 75% Stat: Recent data reveals that 75% of UK emigrants are now under the age of 35. These are young professionals moving for global career opportunities.
• The "Digital Decay" of Small Pots: These individuals leave behind small, auto-enrolled pension pots. Within a few years of moving, their UK digital footprint (electoral roll, credit headers) begins to decay, making them "untraceable" by standard domestic methods.
• Fragmented Careers: By the time these workers reach retirement, they may have accrued numerous different pots. The administrative cost of managing these "lost" small pots – currently valued at a total of £31.1 billion in the UK – is a significant drain on scheme resources.

Three Growing Risks for Trustees

1. The Fiduciary "Out of Touch" Trap

A trustee’s duty of care does not end when a member moves overseas. Traditional UK-centric tracing is no longer a "reasonable endeavor" when a significant portion of the membership is international. Without global data, trustees cannot fulfill mandated disclosure requirements or support members in making informed retirement choices.

2. The Mortality Blindspot

The most significant financial risk is overpayment. Without robust international mortality screening, schemes can continue paying benefits for years after a member has passed away overseas. Reclaiming these funds from foreign jurisdictions is legally complex and often impossible.

3. Member Welfare & Social Responsibility

Small pots represent a member's future livelihood. When schemes lose touch, they lose the ability to provide value. For the mobile workforce, being "out of touch" means being "under-saved."

Closing the Gap: Next-Generation Data Restoration

To address these complexities, the industry is moving toward AI-enabled web intelligence that looks beyond standard registry searches. Heka’s approach focuses on three core pillars to restore scheme integrity:

1. Global Web Intelligence: By scanning over 3,000 data sources across the open-source web, schemes can locate members deemed "untraceable" by standard legacy providers. This includes identifying active digital footprints such as verified mobiles, professional profiles, and even local news stories to verify identity and marital status.
2. Dynamic Mortality & Life Status: AI can detect "unreported" life events by identifying signals like online obituaries or funeral recordings globally. This allows for real-time mortality updates even in jurisdictions where official death registries are slow or inaccessible.
3. Next-of-Kin & Relationship Mapping: Modern family structures are complex. Data enrichment can now identify spouses, children, and next-of-kin through relational mapping, ensuring that death benefits reach the correct beneficiaries and helping to re-establish contact with the primary member.

Conclusion

As the UK workforce becomes more international, the risk of "lost" members is no longer a fringe issue – it is a core governance challenge. Trustees who bridge the global data gap today will protect their members’ welfare and their scheme’s long-term financial health.

‍

Fraud is no longer a technical skill. It’s a shopping experience.

What used to require specialized knowledge, custom scripting, and underground connections is now available through polished marketplaces that look indistinguishable from mainstream e-commerce platforms. Scrollable product cards. Star ratings. Tiered subscriptions. “Customers also bought…” recommendations.

Fraud-as-a-Service (FaaS) is not just an ecosystem – it is a parallel economy, built on the same principles as Amazon, Fiverr, and Shopify, but optimized for identity crime.

The result is a dramatic shift in the threat landscape: lower entry barriers, lower operational costs, and attacks that scale instantly. Fraud is no longer limited by human capability – it is limited only by how quickly these marketplaces can generate new products.

This blog exposes how the FaaS ecosystem actually works, what is available inside these marketplaces, and why the industrialization of fraud is reshaping digital risk.

Modern identity fraud now operates like a consumer marketplace

The biggest misconception about digital crime is that it is messy, unstructured, and technically demanding. The truth is the opposite.

Today’s fraud marketplaces offer:

• User accounts with dashboards, order history, customer tickets
• Subscription plans (“Basic,” “Pro,” “Enterprise”)
• Tiered pricing by volume, geography, and document type
• Built-in automation (bots, scripts, testing tools)
• 24/7 support via Telegram or live chat
• Refund guarantees for non-working identities or scripts
• Tutorials & onboarding with step-by-step videos

The experience mirrors legitimate SaaS:

• “Upload your target list here.”
• “Select your document pack.”
• “Choose your delivery format (PNG, PDF, MP4 liveness).”
• “Add to cart → Check out with crypto → Instant delivery.”

And like Fiverr, each vendor specializes. There are providers for:

• Latin American passports
• US tax records
• UK banking profiles
• SIM provisioning
• Credit card dumps segmented by BIN and issuer
• Bots tailored specifically for major IDV vendors

Fraud hasn’t just scaled – it has industrialized.

What is actually available: A catalog of the modern fraud economy

This is the part most institutions underestimate. The breadth and maturity of offerings is staggering. Here is what is openly sold across FaaS platforms – with the same clarity you’d expect from Amazon.

A. Synthetic Identity Kits

Full synthetic personas sold as complete packages:

• Name, DOB, SSN fragments, address history
• AI-generated headshots with multiple angles
• Pre-built social media history
• “Proof of life” selfies for liveness checks
• Steady digital footprint entropy (posts, likes, connections)
• Companion documents (W-2s, pay stubs, utility bills)

Vendors guarantee the profile will pass KYC at specific institutions.

And the price range? $25–$200 per profile.

B. Document Forgery Packs

These aren’t crude Photoshopped IDs. They include:

• High-resolution PSD templates for global passports and licenses
• Embedded barcodes, holograms, MRZ zones
• Configurable fields auto-filled via AI
• Companion video packs for selfie + document flow (“blink & tilt liveness”)

Some vendors offer automated generation APIs: “Generate 1,000 EU passports → Deliver in 40 seconds.”

C. Phishing Kits

Pre-built phishing engines with:

• Domain spoofing
• Hosting included
• Real-time dashboard showing captured credentials
• Auto-forwarded MFA codes
• Scripted call-center dialogue for social engineering ops
  
  

Price: $10–$50 per campaign, often with free updates.

Many platforms now include "Fraud-GPT” engines – fraud-tuned GenAI models capable of producing tailored scam messages, emotional manipulation scripts, romance-fraud personas, and real-time social-engineering dialog. These systems can hold multi-turn conversations with victims while dynamically adjusting tone, urgency, and narrative to increase conversion rates.

D. Botnets & Automation Engines

Not just credential stuffing – full operational bots:

• Session replay
• Checkout automation
• Device emulation
• Behavioral mimicry (typing cadence, cursor drift, hesitation modeling)
• “IDV bypass bots” trained on top vendors’ workflows

These bots now learn from failure and retry with adjusted parameters.

E. Account Takeover Kits

Just add username and phone number. These bundles include:

• OTP interception
• SIM swap partners
• Credential validation bots
• Reset-flow bypass templates
• Email change scripts

They are marketed explicitly: “ATO at scale. 94% success rate on XYZ bank. Guaranteed replacement if blocked.”

F. Credit Card & PII Marketplaces

Highly organized product categories:

• “Fresh fullz (fraudster lingo for “full information”), US only, 2025–2026”
• “High-limit BINs”
• “Verified employer + income”
• “Vehicle registration data”
• “Adult site password dumps”

Every item has age, source, and validity score.

G. Ransomware-as-a-Service

Turnkey operations:

• Payload builder
• Negotiation scripts
• Hosting
• Payment infrastructure
• Revenue share with the platform (typically 20–30%)

What This Actually Means: Fraud Is No Longer Human

When you step back from the catalog of available tools, one truth becomes impossible to ignore: fraud is no longer defined by human capability. It is defined by the capabilities of the systems that now produce and distribute it.

Every component of the fraud economy – identity creation, verification bypass, account takeover, social engineering, automation – has been modularized, optimized, and packaged for scale. The human actor is no longer the limiting factor. The marketplace provides the expertise, the automation provides the execution, and the criminal business model provides the incentive structure.

The result is a threat landscape that looks less like episodic misconduct and more like a supply chain. Fraud behaves like a coordinated operation, not a series of individual attempts. It adapts quickly, repeats consistently, and expands effortlessly – because the work is performed by tools, not people.

This is why traditional controls struggle. Identity verification was built on the assumption that inconsistencies, friction, and human error would reveal risk. But the industrialization of fraud produces identities that are consistent, documents that are polished, and behavioral patterns that are machine-stable. What used to feel like a red flag – a clean file, a frictionless onboarding journey – is now a symptom of a system-generated identity.

The deeper consequence is strategic: the attacker no longer “thinks” like a human adversary. They probe controls the way software tests an API. They run parallel attempts the way a product team runs A/B tests. They scale operations the way cloud infrastructure scales workloads. And because their tooling is continuously updated, their learning curve is steep – while defenses remain constrained by review cycles, risk committees, and static models.

Conclusion: Digital Identity Must Now Be Proven Through Context

For financial institutions, the rise of Fraud-as-a-Service has exposed the limits of a decades-old assumption: that identity can be validated by inspecting individual attributes. In an industrialized fraud economy, every discrete signal – documents, device profiles, PII, behavioral cues – can be purchased, replicated, or simulated on demand. A synthetic identity can now satisfy every checkbox a traditional onboarding flow requires.

What it cannot reliably produce is contextual coherence.

Real customers exhibit history, relationships, communication patterns, platform interactions, and digital residue that accumulate organically. Their identities make sense across time, across channels, and across environments. Their behavior reflects inconsistency, natural drift, and the kinds of imperfections that automated systems struggle to fabricate.

Synthetic identities, even sophisticated ones, tend to be:

• too uniform,
• too compressed in time,
• too symmetrical,
• too detached from broader signals in the digital ecosystem.

This is the gap FIs must now address. Identity is no longer something you confirm once. It is something you understand – continuously – by examining whether its story holds together.

The operational shift is simple to articulate, harder to execute:

Verification must move from checking attributes to validating coherence.
Does the identity align with long-term behavioral patterns?
Does the footprint exist beyond the onboarding moment?
Does it behave like a human navigating life, or a system navigating workflows?
Does it fit the context in which it appears?

Fraud has become industrial. Identity fabrication has become automated. What separates real from synthetic is no longer the presence of data, but whether that data forms a believable whole.

Financial institutions that recalibrate their controls toward coherence – contextual, cross-signal intelligence – will be positioned to detect what Fraud-as-a-Service still struggles to imitate: the complexity of genuine human identity.

At Heka Global, our platform delivers real-time, explainable intelligence from thousands of global data sources to help fraud teams spot non-human patterns, identity inconsistencies, and early lifecycle divergence long before losses occur.

In an AI-versus-AI world, timing is everything. The earlier your system understands an identity, the sooner you can stop the threat.

‍

2025 marked a turning point in digital identity risk. Fraud didn’t simply become more sophisticated – it became industrialized. What emerged across financial institutions was not a new fraud “type,” but a new production model: fraud operations shifted from human-led tactics to system-led pipelines capable of assembling identities, navigating onboarding flows, and adapting to defenses at machine speed.

Synthetic identities, account takeover attempts, and document fraud didn’t just rise in volume; they became more operationally consistent, more repeatable, and more automated. Fraud rings began functioning less like informal criminal networks and more like tech companies: deploying AI agents, modular tooling, continuous integration pipelines, and automated QA-style probing of institutional controls.

This is why so many identity controls failed in 2025. They were calibrated for adversaries who behave like people. 

Automation Became the Default Operating Mode

The most consequential development of 2025 was the normalization of autonomous or semi-autonomous fraud workflows. AI agents began executing tasks traditionally requiring human coordination: assembling identity components, navigating onboarding flows, probing rule thresholds, and iterating on failures in real time. Anthropic’s September findings – documenting agentic AI gaining access to confirmed high-value targets – validated what fraud teams were already observing: the attacker is no longer just an individual actor but a persistent, adaptive system.

According to Visa, activity across their ecosystem shows clear evidence of an AI shift. Mentions of “AI Agent” in underground forums have surged 477%, reflecting how quickly fraudsters are adopting autonomous systems for social engineering, data harvesting, and payment workflows.

Operational consequences were immediate:

• Attempt volumes exceeded human-constrained detection models
• Timing patterns became too consistent for human-based anomaly rules
• Retries and adjustments became systematic rather than opportunistic
• Session structures behaved more like software than people
• Attacks ran continuously, unaffected by time zones, fatigue, or manual bottlenecks

Controls calibrated for human irregularity struggled against machine-level consistency. The threat model had shifted, but the control model had not.

Synthetic Identity Production Reached Industrial Scale

2025 also saw the industrialization of synthetic identity creation – driven by both generative AI and the rapid expansion of fraud-as-a-service (FaaS) marketplaces. What previously required technical skill or bespoke manual work is now fully productized. Criminal marketplaces provide identity components, pre-validated templates, and automated tooling that mirror legitimate SaaS workflows.

These marketplaces supply:

• AI-generated facial images and liveness-passing videos
• Country-specific forged document packs
• Pre-scraped digital footprints from public and commercial sources
• Bulk synthetic identity templates with coherent PII
• Automated onboarding scripts designed to work across popular IDV vendors
• APIs capable of generating thousands of synthetic profiles at once
• And more…

This ecosystem eliminated traditional constraints on identity fabrication. In North America, synthetic document fraud rose 311% year-on-year. Globally, deepfake incidents surged 700%. And with access to consumer data platforms like BeenVerified, fraud actors needed little more than a name to construct a plausible identity footprint.

The critical challenge was not just volume, but coherence: synthetic identities were often too clean, too consistent, and too well-structured. Legacy controls interpret clean data as low risk. But today, the absence of noise is often the strongest indicator of machine-assembled identity.

Because FaaS marketplaces standardized production, institutions began seeing near-identical identity patterns across geographies, platforms, and product types – a hallmark of industrialized fraud. Controls validated what “existed,” not whether it reflected a real human identity. That gap widened every quarter in 2025.

Where Identity Controls Reached Their Limits

As fraud operations industrialized, several foundational identity controls reached structural limits. These were not tactical failures; they reflected the fact that the underlying assumptions behind these controls no longer matched the behavior of modern adversaries.

Device intelligence weakened as attackers shifted to hardware

For years, device fingerprinting was a strong differentiator between legitimate users and automated or high-risk actors. This vulnerability was exposed by Europol’s Operation SIMCARTEL in October 2025, one of many recent cases where criminals used genuine hardware and SIM box technology, specifically 40,000 physical SIM cards, to generate real, high-entropy device signals that bypassed checks. Fraud rings moved from spoofing devices to operating them at scale, eroding the effectiveness of fingerprinting models designed to catch software-based manipulation.

Knowledge-based authentication effectively collapsed

With PII volume at unprecedented levels and AI retrieval tools able to surface answers instantly, knowledge-based authentication no longer correlated with human identity ownership. Breaches like the TransUnion incident in late August 2025, which exposed 4.4 million sensitive records, flood the dark web with PII. These events provide bad actors with the exact answers needed to bypass security questions, and when paired with AI retrieval tools, render KBA controls defenseless. What was once a fallback escalated into a near-zero-value signal.

Rules were systematically reverse-engineered

High-volume, automated adversarial probing enabled fraud actors to map rule thresholds with precision. UK Finance and Cifas jointly reported 26,000 ATO attempts engineered to stay just under the £500 review limit. Rules didn’t fail because they were poorly designed. They failed because automation made them predictable.

Lifecycle gaps remained unprotected

Most controls still anchor identity validation to isolated events – onboarding, large transactions, or high-friction workflows. Fraud operations exploited the unmonitored spaces in between:

• contact detail changes
• dormant account reactivation
• incremental credential resets
• low-value testing

Legacy controls were built for linear journeys. Fraud in 2025 moved laterally.

What 2026 Fraud Strategy Now Requires

The institutions that performed best in 2025 were not the ones with the most tools – they were the ones that recalibrated how identity is evaluated and how fraud is expected to behave. The shift was operational, not philosophical: identity is no longer an event to verify, but a system to monitor continuously.

Three strategic adjustments separated resilient teams from those that saw the highest loss spikes.

1. Treat identity as a longitudinal signal, not a point-in-time check

Onboarding signals are now the weakest indicators of identity integrity. Fraud prevention improved when teams shifted focus to:

• behavioral drift over time
• sequence patterns across user journeys
• changes in device, channel, or footprint lineage
• reactivation profiles on dormant accounts
  ‍

Continuous identity monitoring is replacing traditional KYC cadence. The strongest institutions treated identity as something that must prove itself repeatedly, not once.

2. Incorporate external and open-web intelligence into identity decisions

Industrialized fraud exploits the gaps left by internal-only models. High-performing institutions widened their aperture and integrated signals from:

• digital footprint depth and entropy
• cross-platform identity reuse
• domain/phone/email lineage
• web presence maturity
• global device networks and associations

These signals exposed synthetics that passed internal checks flawlessly but could not replicate authentic, long-term human activity on the open web.

Identity integrity is now a multi-environment assessment, not an internal verification process.

3. Detect automation explicitly

Most fraud in 2025 exhibited machine-level regularity – predictable timing, optimized retries, stable sequences. Teams that succeeded treated automation as a primary signal, incorporating:

• micro-timing analysis
• session-structure profiling
• velocity and retry pattern detection
• non-human cadence modeling

Fraud no longer “looks suspicious”; it behaves systematically. Detection must reflect that.

4. Shift from tool stacks to orchestration

Fragmented fraud stacks produced fragmented intelligence. Institutions saw the strongest improvements when they unified:

• IDV
• behavioral analytics
• device and network intelligence
• OSINT and digital footprint context
• transaction and account-change data

into a single, coherent decision layer. Data orchestration provided two outcomes legacy stacks could not:

1. Contextual scoring – identities evaluated across signals, not in isolation
2. Consistent policy application – reducing false positives and operational drag

The shift isn’t toward more controls; it is toward coordination.

Closing Perspective

Identity controls didn’t fail in 2025 because institutions lacked capability. They failed because the models underpinning those controls were anchored to a world where identity was stable, fraud was manual, and behavioral irregularity differentiated good actors from bad.

In 2025, identity became dynamic and distributed. Fraud became industrialized and system-led.

Institutions that recalibrate their approach now – treating identity as a living system, integrating external context, and unifying decisioning layers – will be best positioned to defend against the operational realities of 2026.

At Heka Global, our platform delivers real-time, explainable intelligence from thousands of global data sources to help fraud teams spot non-human patterns, identity inconsistencies, and early lifecycle divergence long before losses occur.

‍

Heka has joined Winmark’s PensionChair Network as a Technical Partner.

Winmark convenes senior leaders across sectors through curated executive networks. The PensionChair Network brings together trustee boards and senior pensions professionals across the UK to share insight, address governance challenges, and strengthen scheme oversight.

As Technical Partner, Heka will provide member tracing, data enrichment, and identity verification capabilities to PensionChair members. This includes supporting schemes in resolving incomplete records, tracing overseas members, and addressing complex data quality challenges where traditional UK data sources may be limited.

Heka’s approach combines global open-source intelligence and structured digital footprint analysis to deliver verifiable, explainable outputs that trustees can rely on in fulfilling their governance responsibilities.

The partnership formalises Heka’s engagement with the PensionChair community and expands its collaboration with UK pension leaders.

Further information about upcoming sessions and member engagement will be shared through PensionChair communications and Heka's Linkedin.

‍

FOR IMMEDIATE RELEASE

‍

Heka Raises $14M to bring Real-Time Identity Intelligence to Financial Institutions

Windare Ventures, Barclays and other institutional investors back Heka’s AI engine as financial institutions seek stronger defenses against synthetic fraud and identity manipulation.

New York, 15 July 2025

‍

Consumer fraud is at an all-time high. Last year, losses hit $12.5 billion – a 38% jump year-over-year. The rise is fueled by burner behavior, synthetic profiles, and AI-generated content. But the tools meant to stop it – from credit bureau data to velocity models – miss what’s happening online. Heka was built to close that gap.

Inspired by the tradecraft of the intelligence community, Heka analyzes how a person actually behaves and appears across the open web. Its proprietary AI engine assembles digital profiles that surface alias use, reputational exposure, and behavioral anomalies. This helps financial institutions detect synthetic activity, connect with real customers, and act faster with confidence.

At the core of Heka’s web intelligence engine is an analyst-grade AI agent. Unlike legacy tools that rely on static files, scores, or blacklists, Heka’s AI processes large volumes of web data to produce structured outputs like fraud indicators, updated contact details, and contextual risk signals. In one recent deployment with a global payment processor, Heka’s AI engine caught 65% of account takeover losses without disrupting healthy user activity.

Heka is already generating millions in revenue through partnerships with banks, payment processors, and pension funds. Clients use Heka’s intelligence to support critical decisions from fraud mitigation to account management and recovery. The $14 million Series A round, led by Windare Ventures with participation by Barclays, Cornèr Banca, and other institutional investors, will accelerate Heka’s U.S. expansion and deepen its footprint across the UK and Europe.

“Heka’s offering stood out for its ability to address a critical need in financial services – helping institutions make faster, smarter decisions using trustworthy external data. We’re proud to support their continued growth as they scale in the U.S.” said Kester Keating, Head of US Principal Investments at Barclays.

Ori Ashkenazi, Managing Partner at Windare Ventures, added: “Identity isn’t a fixed file anymore. It’s a stream of behavior. Heka does what most AI can’t: it actually works in the wild, delivering signals banks can use seamlessly in workflows.”

Heka was founded by Rafael Berber, former Global Head of Equity Trading at Merrill Lynch; Ishay Horowitz, a senior officer in the Israeli intelligence community; and Idan Bar-Dov, a fintech and high-tech lawyer. The broader team includes intel analysts, data scientists, and domain experts in fraud, credit, and compliance.

“The credit bureaus were built for another era. Today, both consumers and risk live online. Heka’s mission is to be the default source of truth for this new digital reality – always-on, accurate, and explainable.” said Idan Bar-Dov, the Co-founder and CEO of Heka.

‍

About Heka
Heka delivers web intelligence to financial services. Its AI engine is used by banks, payment processors, and pension funds to fill critical blind spots in fraud mitigation, credit-decision, and account recovery. The company was founded in 2021 and is headquartered in New York and Tel Aviv. 

Press contact
Joy Phua Katsovich, VP Marketing | joy@hekaglobal.com

We’re proud to announce our partnership with ZEDRA Governance to help pension schemes tackle one of the sector’s biggest challenges: tracing missing members.

Following a successful pilot where Heka’s AI-powered tracing identified 50% of previously unreachable members, ZEDRA will now offer our technology to clients via a dedicated architecture, bringing scale and speed to both small and large schemes.

“Reuniting members with their full retirement benefits is a core fiduciary duty,” said Mark Stopard, Head of Proposition Development at ZEDRA Governance. “We’re excited to see the results of this initiative as part of our commitment to helping clients solve the issue of lost pensions.”

Heka's technology helps schemes locate current contact details, life status, and digital signals even when records are outdated or fragmented. By partnering with ZEDRA, we’re enabling better member engagement, reduced risk, and readiness for future reforms.

“Many of the toughest challenges in the pensions sector start with missing data,” said Max Lack, Business Development Manager at Heka. “Solving that unlocks everything else- from dashboard readiness to retirement adequacy.”

Read the full announcement on ZEDRA’s website.

‍

We’re excited to announce that Heka is now live on NayaOne, the leading fintech and data marketplace for financial institutions.

Through the NayaOne platform, banks and insurers can now securely trial Heka’s external customer intelligence engine- accessing real-time, explainable insights for credit, fraud, onboarding, and more, all within a sandboxed environment.

This marks a major step in making Heka more accessible to innovation teams looking to accelerate decision-making with trustworthy, real-time web intelligence.

We’re proud to support Dalriada Trustees in tracing victims of pension fraud using our AI-driven identity and contact resolution tools. The collaboration has already reunited members with their rightful benefits where traditional tracing methods failed. Read the full article published by Professional Pensions to learn more about how our partnership is helping deliver real outcomes in complex fraud scenarios.

‍

👉 As featured in Professional Pensions

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5

Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

1. Item 1
2. Item 2
3. Item 3

Unordered list

• Item A
• Item B
• Item C

Text link

Bold text

Emphasis

^Superscript

_Subscript