How fake users are impacting business through acts of fraud and theft

A new report by The Ponemon Institute highlights the average economic value of a company’s user base ($117M) and the financial and brand reputation damage that can be done if fraudsters are allowed to create fake accounts and wreak havoc within a business and across the Internet.

While 82 percent of companies struggle with fake users, 43 percent still admit allowing them into their ecosystem to avoid friction in the user registration process. Respondents reported user convenience (58 percent), cost efficiency (52 percent) and ease of use (42 percent) as the most important factors to an organization’s authentication strategy with security at a distant fourth (21 percent).

Overwhelmingly, companies value ease of use over security against fraudsters, making them vulnerable to the threat of fake users.

“Fake users are one of the first steps in the chain of crime, impacting consumers and businesses both directly and indirectly through acts of fraud, theft of information and control of data,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Through a variety of illicit acts, these cyber criminals damage the global economy to the tune of billions of dollars a year, but companies that take preventative measures can make a difference.”

Larger companies in this study have spent as much as $14 million to respond to spam or fraud committed by fake users, with an average cost of $4 million per company. A vast majority (60 percent) of those costs are being put to repair brand damage and reputational costs.


Additional findings include:

• In the past 12 months, fake users victimized 21 percent of legitimate users, resulting in organizations losing an average of nine percent of their legitimate user base.
• On average, companies estimate 10 percent of their respective user bases to be fake users, yet 65 percent of respondents also report that knowing their user base is legitimate is of great value to their leadership.
• Only 25 percent of respondents believe the traditional username and password(s) is a reasonably secure authentication method – yet 59 percent say that the use of two-factor authentication is not an option on their service.
• Sixty-nine percent of respondents believe their organization’s authentication process is difficult to manage, which directly contributes to allowing fake users to infiltrate the user base.
• The majority (54 percent) of respondents agree that a phone number is enough to stop fraudulent registrations.

The study surveyed 584 U.S. and 414 U.K. respondents who are involved in the registration, use or management of user accounts and hold such positions as product manager, IT security practitioner and app developer. The median revenue of companies represented in this study is $650 million.