Up-Front Trust: Stop Fake Profiles at the Point of Signup

New accounts are the lifeblood of businesses. For legitimate companies, they represent revenue and brand value. For bad actors, they represent opportunity. This is why it's important for organizations to know if their new accounts are real or fake as quickly as possible.

Just how important? Look no further than the high-profile imbroglio sparked by Elon Musk when he balked on a $44 billion deal to buy Twitter over what he claims are misleading account numbers. The long-term impacts to Twitter's brand and Musk's reputation are yet to be determined but will no doubt be significant.

When the account signup process is an organization’s first encounter with a new user, getting it right goes a long way to building a strong relationship and brand loyalty. But … "getting it right" at account signup can be a challenge. Customers have grown accustomed to frictionless online experiences, especially signing up for accounts. So, it makes sense for organizations to make it easy for customers to sign up so they don’t get frustrated and take their business elsewhere. However, when signing up is easy for everyone, it's also easy for scammers, malicious actors and organized cybercrime rings to create accounts. As a result, fake account signups have become a business-disrupting problem.

There are a variety of reasons for users to create fake profiles:

• To request information without being spammed by the online company, frequently contacted or having their email address sold to dozens of other organizations. This isn’t an ideal business outcome, but it’s understandable, as anyone with an inbox has experienced.
• Disgruntled customers or competitors could be trying to influence buying behavior or brand preferences. Fake product reviews are rampant—the World Economic Forum estimates that they drove $152 billion in global spending on products and services in 2020.
• To anonymously “spy” on friends, neighbors and coworkers or, the more sinister scenario stalkers or pedophiles—looking for revenge or new targets.
• To lay the groundwork for abuse, fraud and other digital misbehavior using synthetic identities. In the financial services market, fake account creation averages $81,000-$97,000 in financial losses per incident when successful. They might also be searching for customers' emails or site vulnerabilities to exploit.
• Sometimes fake profiles aren’t created by humans. Bots have become a significant business problem, affecting everything from cybersecurity and infrastructure costs to fraud prevention, the customer experience, brand perception and metrics used for sales and marketing.

The Business Impact of Fake Accounts

Fake accounts take up valuable time and resources. Security and fraud teams have to focus on separating and dealing with fake profiles and accounts to assess the risk they pose. Meanwhile, a potentially dangerous agent has been given a free pass inside your online ecosystem with the power to influence other customers, harm your brand or worse. The question becomes, is this just someone who has improper yet benign motives or a member of a global cybercrime syndicate?

Bots are common perpetrators of fake account signups, and bot traffic drains system and network resources. There are also fraud farms around the world employing real humans to create fake profiles and accounts at scale. A medium or larger influx of maliciously created fake accounts can trigger manual reviews, slowing down everything, affecting the customer experience as well as employee productivity. Ensuring users are delighted by an authentic customer experience and not one being subverted by influential fake accounts is more valuable than some organizations may realize. The impact on revenue is huge—Forrester reports every one-point improvement in a retailer’s customer experience score drives a $523 million increase in incremental revenue.

Fake accounts result in misleading metrics. They inflate a company’s number of genuine signups, skewing open and click rates and other measures. Which in turn, might cause an organization to rethink and change tactics in order to improve its success. Things can get crazy fast. Do you change pricing? Swap out different products? Change your messaging? Pay for more advertising? Significant changes made based on inaccurate metrics can send you chasing after ghosts—losing customers who no longer receive the same experience they loved in the first place.

What's to Be Done?

There are solutions that can identify bots. Existing online security tools can verify signups and protect your site. Double opt-in techniques send a follow-up email to confirm that the user is real—bots can't answer emails. "Honeypot captcha" techniques insert a small, hidden CSS field in sign-up forms that spambots detect and fill in but human users cannot see. Signups received with the field completed can be blocked.

Yet, attackers continue to evolve. They can subvert account registration APIs directly, use automated identity security solvers and bypass traditional defense mechanisms. Whether using automated tools or human farms, they continue to find new ways of creating fake accounts. And although bot detection capabilities are essential, you still need to identify human scammers, which bot detection cannot do.

It Comes Back to Trust

Organizations need to rethink their strategy of throwing their doors open wide to any and all visitors and waiting to weed out the fake profiles after the damage has been done and the scammers and bad actors have infiltrated the platform. Instead, make the account signup process the beginning of a trusted relationship with a customer that can extend throughout their entire journey.

A digital trust solution powered by comprehensive identity intelligence and deep connections among online identifiers can keep out the bots and bad actors, establishing whether the identity behind the new account or profile can be trusted. Based on the user's provided information, an organization should be able to immediately score the data and decide—is it trustworthy. With Pipl Trust, organizations can quickly add an invisible, frictionless trust evaluation to every web page or app screen, including at signup. Consumers with trusted identities get safe, easy online experiences anywhere along their journey, and fakes and phonies get quickly exposed and shut out.

Learn more about Pipl Trust or contact us for a proof of concept. And look for our upcoming white paper "The Trust Paradigm for Online Business" to learn more about how your organization can enhance its digital trust and safety initiatives.