In a stark warning to organizations worldwide, identity and access management provider Okta has revealed that nearly half of all customer registrations in 2024 were fraudulent—with bots accounting for 46% of signup attempts.

This insight comes from Okta’s latest Customer Identity Trends Report 2025, based on data from over 6,750 consumers and telemetry gathered from its Auth0 platform.

AI-Powered Threats on the Rise

According to the report, the rise in fraudulent signups marks a reversal from previous downward trends and is likely driven by AI-powered attack automation. Commenting on the findings, Stephen McDermid, CSO at Okta EMEA, warned:

“We’re entering an era where we must ask not just who we can trust, but what. AI is reshaping the threat landscape, forcing us to adopt dynamic, identity-first security strategies.”

Daily fluctuations were extreme—reaching a peak of 93% fraudulent signups on April 6, and a low of 14% on February 29. Still, on most days, fraudulent activity didn’t drop below 30%.

Retail & Finance Among the Hardest Hit

The report notes that retail and e-commerce platforms bore the brunt of signup fraud, with 69% of fraudulent attempts targeting this sector. Other affected industries included:

• Financial Services: 64%
• Energy & Utilities: 56%
• Manufacturing: 54%

Okta suggests that incentives like signup bonuses and member-only promotions may be motivating fraudsters to exploit these platforms.

More Than Just Freebies

Fraudulent signups go far beyond abusing welcome offers. Attackers can also:

• Probe systems for existing user accounts
• Use “aged” fake accounts to bypass future security controls
• Launch DoS attacks by overwhelming systems with fake registrations

This creates a serious dilemma for businesses: how to enhance identity security without making signup processes too cumbersome for real users.

The UX vs. Security Balance

Despite rising concern about identity fraud (64% of users express worry), user experience still reigns. Around 72% of consumers say they evaluate a company’s security practices before registering—yet nearly 25% often abandon purchases due to frustrating signup or login steps. The top complaint? Long or complex forms, cited by 62% of respondents.

Okta’s Recommended Defense Tactics

To counteract bot-driven fraud, Okta recommends a layered approach:

• Implement DDoS mitigation solutions
• Deploy behavior-based bot detection
• Use rate-limiting and CAPTCHA mechanisms
• Block known malicious IPs with access control lists
• Use Web Application Firewalls (WAFs) to filter threats at the edge
• Encourage the use of passkeys for more secure signups

Bottom line: As AI fuels more sophisticated attack methods, organizations must rethink their identity and fraud prevention strategies. It’s not just about blocking threats—it’s about doing so without alienating real users.

Source: https://www.infosecurity-magazine.com/news/half-customer-signups-now/