Bot accounts, fake users, scammers, and trolls have long been a problem for companies operating online.
One major area of concern is a severe lack of vigilance: 43 percent of companies surveyed didn’t worry about bad actors on their service, because they wished to keep the registration process simple.
When it comes to security infrastructure, 94 percent of companies require users to provide a password or PIN to create an account, and 79 percent require an email address, which is promising. However, far fewer companies require challenge questions, mobile phone numbers, or other reliable methods of verification, such as social logins.
This leads to a reactive strategy when it comes to fake user accounts. Additionally, 58 percent of companies don’t have a formal process for dealing with fake accounts. The report found that 58 percent use assessments and audits, 50 percent use manual control systems, and 50 percent use database monitoring. However, a shocking 32 percent of respondents said they don’t identify fake users or accounts at all.
These lax policies are hurting companies, and hurting the genuine user base. According to Telesign, 30 percent of respondents said that bad actors joined their networks or services with the intent of spamming real users, and 27 percent joined to steal confidential user information. These attacks cost companies an average of nine percent of their user base, and four percent of their business partners or other key stakeholders.
Allowing bad actors can also result in real hits to your business bottom line, as well as dents to your reputation. The report shows 60 percent of respondents said that bad actors had cost them their reputation, and among the companies surveyed total costs for containment, detection, recovery, and investigation averaged almost $4 million in the last 12 months.
Detection, and verification are key strategies in fighting bad users. It’s no longer enough to hope asking for an email address, or a password, on user signup with catch all the fake users.