Typically, this happens because companies prioritize the size of the user base - typically at the behest of marketing - over security. In terms of sheer numbers, whether the user is fake or not doesn't matter.
"They want to put a stake in the ground and claim a huge amount of users," says Disraeli. "At the same time, they're letting everyone in, and that has an economic impact."
Researchers found that impact came to about $4 million per company that responded to the survey. That's the average amount they spent responding to spam or fraud committed by fake users. They also lost an average of four percent of business partners and nine percent of legitimate users - which happened with Faughnan.
"I removed all of my credit card information from their site because I don't consider it safe," she says of Groupon. "I don't plan to buy anything from them again."
Balancing the numbers
Schorr of Bomgar says that stopping fake users from getting into a company's system isn't necessarily that difficult. It's just a matter of priorities.
"I don't think hackers are that good," he says. They're looking to jump over the lowest hurdle, and making them take one more step to creating an account can push them towards another company that who bother to set up the hurdle on the track.
"They bump up against something and they pull back," he says. "They keep going until they find something or someone or somewhere they can get in." That could be through your low-security barriers, or through a third-party vendor who's in your space and doesn't pay as much attention to security as you do. Securing your fences andtheirs, he says, is crucial.
Disraeli stresses the importance of the CIO going to bat against marketing if they're the ones pushing for a lower barrier of entry to become a user. "The purpose of the study is to arm CIOs and decision makers with the value of a clean user base," he says.
Sign up for Computerworld eNewsletters.