BOSTON–A new report suggests that in the age of AI agents and synthetic identities, the biggest risk to corporate security may be complacency, as most firms think their digital identity systems are working, a “misplaced confidence” that is costing them real money.
According to “The Hidden Costs of ‘Good Enough’: Identity Verification in the Age of Bots and Agents,” from PYMNTS, global companies lose an average of 3.1% of annual revenue to verification failures — roughly $95 billion in aggregate across the 350 firms surveyed.
“Yet nearly every company in the study (96%) expressed confidence in its ability to spot harmful bots, even as 9 in 10 reported being harmed by them,” the PYMNTS report states. “The contradiction points to a subtler danger than fraud itself: a false sense of security that blindsides firms to how outdated systems are quietly draining revenue, customers and trust.
The report, part of the October 2025 Digital Identity Framework series, surveyed companies spanning financial services, retail, software, gig and travel platforms, according to PYMNTS.
The Findings
Among the findings:
- 58.6% of businesses report struggling with bot-driven fraud — even as nearly all claim to be “confident” in their defenses.
- 52.9% of firms lose prospective customers to onboarding drop-off, and 44% admit their systems generate false positives that wrongly flag legitimate users.
- Firms using global identity platforms show measurable advantages: 79% cite improved verification quality, and 63% report lower false positive rates year over year.
“Those figures suggest that the “hidden cost” of good-enough identity verification isn’t only measured in fraud losses,” PYMNTS said. “It’s also in the customers who abandon sign-ups after too many digital checks, in the legitimate businesses blocked from onboarding, and in the friction that erodes brand trust. Nearly two-thirds of firms say verification weaknesses keep them from expanding into new markets, a self-inflicted drag on growth in an economy that increasingly runs on instant global connections.”
The ’Overconfidence Gap’
PYMNTS added that the overconfidence gap is especially sharp in financial services, where 60.6% of firms have seen bot traffic rise in the past year.
“Many assume their fraud controls are mature because they’ve passed compliance audits or updated authentication steps,” the report stated, adding many “compliant” solutions are actually “porous.”
For more info, go here.
