Fraud often becomes visible to financial institutions when a suspicious transaction is attempted, a counterfeit check is deposited or an online account takeover is underway.
For fraudsters, however, the process often begins much earlier — on the dark web. Hidden from traditional search engines and offering greater anonymity than the publicly accessible internet, the dark web has evolved into a thriving underground marketplace. Across forums, fraud shops and encrypted messaging channels, financial data, fraud services and illicit tools are bought, sold and exchanged at scale.
For financial institutions, understanding how this ecosystem operates is becoming increasingly important. Effective fraud prevention is no longer limited to identifying suspicious activity once it reaches an account. Increasingly, success depends on cyber threat intelligence, where threat insights are collected and analyzed from the dark web, then applied to warn of potential fraud long before a transaction is ever attempted.
The Dark Web Economy Driving Fraud
At the center of today’s fraud landscape is data.
Whether criminals are targeting online banking credentials, payment cards, personal information or checks, the underlying model is consistent. Stolen information becomes inventory. That inventory is advertised, sold, exchanged and reused across criminal communities. Once compromised, a single piece of data may support multiple fraud attempts by multiple actors across multiple institutions.
This underground economy is highly specialized. Some actors steal data. Others broker its sale. Counterfeiters create fraudulent instruments. Mule recruiters source accounts to move illicit funds, while others facilitate deposits, cash outs and money movement. Together, these participants form a lucrative supply chain that turns compromised information into fraud; a single marketplace has been estimated to generate $17.3 million in revenue alone.
Check Fraud Offers a Clear Example
The impact of check fraud remains significant. According to Nasdaq Verafin’s 2026 Global Financial Crime Report, losses reached an estimated $38.5 billion globally in 2025, with $33.6 billion attributed to the United States alone. While these losses stem from a range of factors, the emergence of dark web marketplaces is an exacerbating factor.
According to Q6 Cyber, a leading provider of dark web monitoring to financial institutions, stolen checks may be advertised in underground markets as either uncashed or previously cashed items, with buyers acquiring the physical check or a check image. From there, fraudsters may assess account information, alter or recreate the check then prepare it for deposit through ATM, mobile or in-person channels. The process can also involve mule actors, underscoring that modern check fraud is now an organized workflow supported by specialized roles.
Industry stakeholders, law enforcement agencies and postal authorities have invested significant effort to fight mail theft and other sources of stolen checks. Yet despite these efforts, gaps remain and compromised checks continue to appear across dark web marketplaces. If the industry cannot completely stop stolen checks from being stolen, the next best opportunity is to identify them once they appear where criminals buy, sell and operationalize stolen financial data. This is where cyber threat intelligence becomes increasingly valuable.
Cyber Threat Intelligence: Moving Fraud Detection Upstream
Effective check fraud prevention requires a layered approach that combines consortium intelligence, behavioral and image analysis and investigative expertise. Cyber threat intelligence complements these capabilities by providing visibility into emerging threats on the dark web, helping institutions add valuable context to investigations, better understand risk and make more informed decisions before fraud occurs.
Check fraud detection provides a compelling use case for cyber threat intelligence but its power is much broader. As financial crime continues to evolve, criminals are increasingly using digital channels to exchange stolen data, coordinate activity and scale fraud operations. For financial institutions, understanding these environments may become an increasingly important part of staying ahead of emerging threats that also involve the exchange of stolen information. This will prove valuable for helping our industry benefit from a more complete view of risk as the lines between financial crime and cybercrime continue to blur.
About the Author:
AVP, Fraud Product Management
As an Associate Vice President Fraud Product Management at Nasdaq Verafin, Nick Pearson leads the advancement of fraud detection capabilities with a focus on check and account fraud. Working closely with financial institutions, he brings frontline insight to emerging fraud trends and translates those challenges into product innovation that strengthens prevention efforts across the industry.
Since joining Nasdaq Verafin in 2018, Nick has become a trusted bridge between the customer community and product development, combining deep customer engagement with a strategic product lens. He plays a key role in shaping fraud product direction and is an active voice in the industry, regularly sharing perspectives on the evolution of fraud and the importance of collaborative, data-driven approaches to staying ahead.

