Okta has warned of the “staggering” scale of signup fraud, claiming that bots were responsible for 46% of customer registration attempts in 2024.
The authentication specialist revealed the figures in its Customer Identity Trends Report 2025, which was written based on a global survey of 6750 consumers and operational telemetry from its Auth0 platform.
Okta said that the surge in registration fraud attempts reverses a recent downward trend and is potentially the result of AI-enabled attack workflows.
“This year’s results highlight how AI is challenging our ability to trust the authenticity of digital interactions,” said Okta EMEA CSO, Stephen McDermid.
“We’re entering an era where we must ask not just who, but what we can truly trust. This new attack surface requires us to build a secure foundation for the AI era, shifting from a static to dynamic strategy that puts identity at the heart.”
There were significant fluctuations throughout the year, with fraud attempts spiking to nearly 93% on April 6, and falling as low as 14% on February 29, although on no other day did the figure fall below 30%, the report noted.
Read more on fraud: A Quarter of New Online Accounts Are Fake – Report
Retail and e-commerce companies were the hardest hit, accounting for 69% of signup fraud attempts in 2024, followed by financial services (64%), energy/utilities (56%) and manufacturing (54%).
Okta said retailer and finserv signup incentives and member-only exclusives may be attracting the scrutiny of fraudsters.
However, registration fraud doesn’t just consume signup rewards like this. It may also enable cybercriminals to discover existing user accounts, use aged accounts later on to bypass security controls and even execute denial of service (DoS) attacks by consuming resources, Okta warned.
The challenge for organizations is enhancing authentication security without adding too much friction to the signup process.
The report also revealed that although 64% of users say they’re concerned about identity fraud and 72% evaluate a company’s security measures before signing up, nearly a quarter “always” or “often” abandon online purchases due to issues with signup or login processes. Filling out long login/signup forms was cited most frequently (62%) as a source of signup or login frustration for users.
Tackling Brute-Force Attacks
Okta urged organizations to hit back at bot-driven fraud attempts of this kind by:
- Investing in DDoS mitigation services
- Deploying some kind of bot filtering technology based on behavioral analysis, threat intelligence and feedback loops
- Putting rate-limiting controls in place
- Increasing CAPTCHA requirements when a risk threshold has been reached
- Tightening suspicious IP thresholds and implementing access control lists to block abusive IPs
- Blocking malicious activity using web application firewall (WAF) rules at the edge
- Encouraging customers to signup using a passkey
No tags.
