Majority of Companies Allow Fake Registrations

A majority of companies (82%) allow fraudsters to create fake accounts, because they don’t have safeguards in place to prevent registration fraud.

According to research from TeleSign and research firm Ponemon Institute, signing up online with false identities is a common practice among cyber-criminals, who use these identities to commit fraud and infiltrate networks with false credentials. But companies let them do it.

A full 43% of end user-facing businesses that require registration for their services still admit allowing fake credentials into their ecosystem to avoid friction in the user registration process.

Respondents reported user convenience (58%), cost efficiency (52%) and ease of use (42%) as the most important factors to an organization’s authentication strategy, with security at a distant fourth (21%).

A full 69% of respondents believe their organization’s authentication process is difficult to manage, which directly contributes to allowing fake users to infiltrate the user base.

“Fake accounts are notorious vehicles for cyber-criminals to commit abuses, from basic activities such as spam, to devastating events like identity theft and account takeover,” said Steve Jillings, CEO TeleSign. “Battling these types of problems has brought a number of well-known brands to their knees, and is continuing to cost businesses significant time, money and reputational capital.”

The survey also found that larger companies have spent as much as $14 million to respond to spam or fraud committed by fake users, with an average cost of $4 million per company.  A vast majority (60%) of those costs are being put to repair brand damage and reputational costs. In the past 12 months, fake users victimized 21% of legitimate users, resulting in organizations losing an average of 9% of their legitimate user base.

On average, companies estimate 10% of their respective user bases to be fake users, yet 65% of respondents also report that knowing their user base is legitimate is of great value to their leadership.

All of that said, companies have the opportunity to stop the problem before it starts. Only 25% of respondents believe the traditional username and password(s) is a reasonably secure authentication method—yet 59% say that the use of two-factor authentication is not an option on their service. However, the majority (54%) of respondents agree that a phone number is enough to stop fraudulent registrations.

 “Importantly, the data also revealed that catching bad actors at the time of account registration provides a powerful advantage to mitigating the problem, because once they’re running loose in your ecosystem they’re very difficult to catch,” continued Jillings. “72% of survey respondents said it’s difficult to suspend an account that has been identified as spam after the fact. This underscores the importance of having proper practices in place to prevent registration fraud, and suggests an optimal insertion point for companies to focus their efforts against fake users is the point of registration or enrollment.”

Photo ©aastock

What’s Hot on Infosecurity Magazine?