Businesses struggle with fake users but are failing to take action, according to a Telesign survey of 584 U.S. and 414 U.K. respondents.
The respondents, who are involved in the registration, use or management of user accounts and hold such positions as product manager, IT security practitioner and app developer, admit allowing fake users to avoid friction during registration.
While 82 percent of companies struggle with fake users, 43 percent still admit allowing them into their ecosystem.
"Our survey spanned a wide variety of industries, including financial services, e-commerce, IT services, retail, communications, entertainment, education and more, and what we found is that fake users don’t discriminate," TeleSign CEO Steve Jillings told eWEEK. "If a platform and its users are left vulnerable, fake users will find a way to exploit those vulnerabilities and victimize real users while eroding the value of businesses around the world."
Respondents reported user convenience (58 percent), cost efficiency (52 percent), and ease of use (42 percent) as the most important factors to an organization’s authentication strategy. Security is a distant fourth at 21 percent.
In the past 12 months, fake users victimized 21 percent of legitimate users, resulting in organizations losing an average of 9 percent of their legitimate user base.
On average, companies estimate that fake users comprise 10 percent of their user base, yet 65 percent also report that knowing their user base is legitimate is of great value to their leadership.
"Unfortunately, businesses are continuing to prioritize convenience over security when it comes to signing up new users, even amidst so much high-profile cyber-crime today," Jillings said. "In fact, security came in a distant fourth when ranking business priorities, coming behind ease of use, cost and convenience."
Only 25 percent of respondents believe the traditional username and password(s) method is a reasonably secure authentication method – yet 59 percent say that the use of two-factor authentication is not an option on their service.
Nearly 70 percent of respondents said they believe their organization’s authentication process is difficult to manage, which directly contributes to allowing fake users to infiltrate the user base.
In addition, the majority (54 percent) of respondents agree that a phone number is enough to stop fraudulent registrations.
"The best way to deal with this issue is to stop fake users from ever entering in the first place," Jillings said. "At TeleSign, we believe the best way to do this is to associate each new account with a valid phone number, then authenticate users using their mobile phone numbers going forward. Simply put, the right authentication strategy doesn’t force businesses to choose convenience over security; it provides both."