Social Networks:
The Real Cost of Hacking and Spam
Tina Ong

A prominent blogger’s social networking account was hacked earlier this year. According to the article, the account was hacked, and the blogger’s username, password, and phone number listed on the website were used to set up another fake account to spam her friends with fake solicitations for branded goods. To top it off, the hackers also managed to cash checks linking to the blogger’s credit cards. Essentially, the hackers successfully took over a legitimate account, turned that account into a vehicle to solicit cash from the victim’s friends and family, and executed identity theft to compromise the other financial accounts.

For End Users

Hacked accounts are a major source of pain for enterprises and websites as well as end users. The inconveniences and monetary losses to end users directly reduce a brand’s trustworthiness and stickiness, resulting in revenue loss and an increase in fraud costs to the website or enterprise.

The average out-of-pocket cost for an identity theft victim, often resulting from hacked accounts, is estimated to be $631. Bank accounts aside, Forbes also estimates the average identity fraud case would cost a consumer 33 hours to resolve.

For Social Networking Sites

For social networking sites, hacked accounts created two sources of “pain”: revenue loss from users leaving the websites, and fraud prevention cost (e.g. call centers to deal with suspected fraudulent accounts/users).

A 2011 ComScore report estimated that social networking websites reach approximately 1.2 billion users every year. According to Javelin Strategy & Research, fraud incidence rates among social media users of major websites range from 2.7% to 10.1%. Assuming a 6% fraud incidence rate among social media users on average, 72 million users are at risk of being fraud victims every year.

Users of accounts suspected of fraud may spend an average of 15 minutes on the phone with a call center representative to verify his/her identity. The fully loaded cost of a call center is estimated to be at $30 per hour, meaning each call would cost the social media website $7.50 per user. For a social networking website of 20 million users, the total fraud cost related to call centers alone could go up to $9 million a year.

Common Measures to Counter Fraud

With the rampant growth of social networks and online commerce, websites are becoming more proactive about putting measures in place to counter fraudulent activities online. It’s been proven that a username and password alone are no longer sufficient to protect the online security of both websites and their end users.

For social networking websites, online security aside, user experience is also a critical factor to consider when deciding which additional security measures to put in place. We are seeing websites adopting a user-friendly approach to secure their user base. For instance, websites have started to deploy two-factor authentication (2FA) as an additional layer of security. The phone becomes the second factor of authentication when the user receives a one-time pin code that they then enter back on to the website to be authenticated.

Two-factor authentication has been deployed in several forms, but we have seen a significant increase in phone authentication versus authenticating with a physical token. An end user can authenticate when they try to register a new account, access an existing account via a different device, reset their password when the password was forgotten and so on, making it much more difficult for a hacker to break into someone’s account. Some websites also regularly verify the end users (e.g. after every 30 day period). Since account compromise has become such an issue, more and more websites are offering their users two-factor authentication.

An even more frictionless approach to secure users would be to conduct a series of analytics in the background based on their online activities. The user’s phone number and the activities associated with that phone number provide important insights. Phone numbers associated with fraudulent activity can be blocked early on instead of letting the fraudster stay on the website.  By analyzing user data more closely, online properties have the opportunity to stop and block fraud faster and more efficiently.

Additional layers of security like these can help protect users as well as the company’s brand.

Tina Ong is an analytics rock star and business operations manager for Los Angeles-based fraud prevention specialists TeleSign. Follow her on Twitter @tinaong and @TeleSign.