State Champ Radio streaming fraud
The Recording Industry Association of America (RIAA) welcomed the latest edition of the United States Trade Representative’s (USTR) Notorious Markets Report on Tuesday (Jan. 30), which provides an annual run-down of various forms of copyright infringement, including digital music piracy.
Digital music piracy is not front-of-mind for many listeners in the age of streaming; even the industry itself has focused more of its recent frustration on streaming fraud and the popularity of rain sounds, at least in public comments made in the last year.
However, global music piracy inched up in 2022, according to a March 2023 report from MUSO, a U.K. technology company, which tracked over 15 billion visits to music piracy sites that year.
The USTR’s new report highlighted a handful of sites — including 1337X, Krakenfiles, Rapidgator and Ssyoutube — where people go to stream or download songs illegally. “Ssyoutube is reportedly the most popular YouTube ripping site globally, with over 343 million visitors just in April 2023,” the USTR noted in one example.
“We appreciate the report’s prioritization of thefts that target the music community such as stream-ripping,” said George York, the RIAA’s senior vp of international policy, in a statement.
Overall, music is less of a concern in this year’s USTR report relative to 2023’s. The document’s primary focus is the “potential health and safety risks posed by counterfeit trademark goods.”
The USTR was heartened by the fact that “this year many e-commerce and social commerce platforms took solid steps toward initiating additional anti-counterfeiting practices and adapting to new circumvention techniques used by counterfeiters.”
“Several platforms filed public submissions outlining their implementation of new anti-counterfeiting tools, including releasing educational campaigns, increasing identity verification requirements, and implementing faster and more transparent notice-and-takedown processes,” the report continued. “Additionally, several platforms have invested in artificial intelligence (AI) and machine learning technologies as a way to scale up and quickly adapt traditional anti-counterfeiting measures such as text and image screening.”
The RIAA had asked the USTR to highlight another aspect of AI, according to comments submitted in October, though it was not ultimately included in the report.
At the time, the RIAA noted that “the year 2023 saw an eruption of unauthorized AI vocal clone services that infringe not only the rights of the artists whose voices are being cloned but also the rights of those that own the sound recordings in each underlying musical track. This has led to an explosion of unauthorized derivative works of our members’ sound recordings which harm sound recording artists and copyright owners.”
In a statement following the USTR’s latest release, York “urge[d] the organization to take “a close look in the future at emerging piracy challenges presented by AI, including the widespread illegal use of copyrighted sound recordings and artist names, images, and likenesses to generate invasive and unlawful voice clones and deepfakes.”
When Morgan Hayduk and Andrew Batey founded Beatdapp — a company which helps streaming services, labels, and distributors detect streaming fraud — at the end of 2018, they faced a major obstacle: The music industry was reluctant to acknowledge that streaming fraud was a problem.
“It used to be verboten to speak publicly about [it],” Hayduk told Billboard last year. “It was all behind closed doors. But I don’t think you can fix a problem until you accept its existence.”
The climate has changed dramatically recently. Last year, Universal Music Group began calling for changes to the streaming model, arguing that fraud and things like white noise and rain sounds were scooping up royalty income that should be going to actual artists. And Beatdapp announced on Friday (Jan. 19) that it’s entering into a strategic collaboration with UMG as well as partnering with SoundExchange (which collects performance royalties from digital radio stations and broadcast companies like SiriusXM) and the streaming service Napster.
“We’re at a point now where there’s a consensus that we have to address the problem” of streaming fraud, says Michael Nash, chief digital officer and executive vice president for Universal Music Group. “Beatdapp have really focused on understanding the problem and working with a number of different platforms to provide a very clear perspective about the scope of the problem. Providing that kind of leadership, driven by data analysis, has been really important.”
Hayduk defines streaming fraud as the leveraging of “bots, stolen accounts or manipulated platform features” to steal streaming income. The practice “hurts everyone who makes a living in the music industry and, left unchecked, creates this promotional race to the bottom where everyone believes they have to cheat to succeed,” he told Billboard last year.
“In an industry where it’s already hard to make something and then promote something and then get paid,” Batey added, “you should at least get paid correctly.”
As Beatdapp widens its network of partners, it gets access to more streaming data — the company was analyzing 2.2 trillion streams in 2023, up from hundreds of billions in 2022 — which in turn allows the company to improve its understanding of how fraudsters manipulate the streaming ecosystem and get better at identifying suspicious listening patterns.
“Napster provides Beatdapp with a daily feed of all usage on Napster’s services, and Beatdapp then uses its detection filters to identify likely stream manipulation activity based on certain (high) confidence levels,” explains Matthew Eccles, the streamer’s svp and general counsel. “Napster will then ensure that the streams identified by Beatdapp are removed from royalty reports for all licensors so that the market share calculations for all labels are not affected.”
Napster’s view is that it is helpful to engage a third party to detect stream manipulation because “it eliminates potential questions of bias when the results come back,” Eccles continues. “Third parties can help achieve consistency across the industry in relation to what is and what is not considered to be streaming fraud.”
Beatdapp also announced on Friday that it had raised an additional $17 million, money that will go towards hiring new data scientists and senior leadership and expanding into Europe and Asia.
“With the volume [of music on streaming services] jumping the shark over value — more than 150 million tracks and more than 100,000 uploaded every day — this has created a lot of issues,” Nash notes. “That level of volume has created a context for a lot of bad actor activity.”
Tackling these issues is complicated, but cracking down on fraud is “the least controversial item on the agenda,” Nash adds. “There aren’t a lot of advocates for fraud.”
While Spotify is planning to start penalizing labels and distributors for egregious instances of streaming fraud, Apple Music quietly rolled out its own strengthened fraud protections — including hitting repeat offenders with “financial adjustments” — more than a year ago, according to an email obtained by Billboard that the platform sent to music industry partners in March. Apple Music’s internal metrics indicate that the policy has already led to a 30% drop in streaming manipulation.
In the March email, the streamer defines manipulation as “the deliberate, artificial creation of plays for royalty, chart, and popularity purposes” as well as “the delivery of deceptive or manipulative content, like an album of 31-second songs.” “In October [2022], we launched new tools and policies designed to prevent stream manipulation on Apple Music,” the email explains. “Since we launched the new tools, manipulated streams have accounted for only 0.3 percent of all streams.”
That 0.3 percent figure is lower than the stats cited by some of Apple Music’s rivals. A Spotify spokesperson told a Swedish newspaper earlier this year that “less than one percent of all streams on Spotify have been determined to be tampered with,” while Deezer has said that it finds 7% of plays to be fraudulent. (This comparison only goes so far, though, because each service might define fraud differently, and not all of them have ad-supported tiers.)
In a statement, an Apple Music spokesperson said the platform “takes stream manipulation very seriously. Apple Music has a team of people dedicated to tracking and investigating any instances where manipulation is suspected. Penalties include cancellation of user accounts, removal of content, termination of distributor agreements, and financial adjustments.”
When Apple Music emailed industry partners in March, the streaming service noted that “despite the low percentage [of fraud], manipulation remains a widespread and persistent problem: That 0.3% of streams came from more than 85,000 albums across hundreds of record labels.”
As a result, the email indicates the company outlined a sharper anti-fraud policy in October 2022, promising to take “remedial actions against content providers with repeated and significant stream manipulation.” This means of incentivizing reform has worked for some — half the distributors that were flagged for fake streaming have reduced manipulation on their content by over 45%, the company said.
To help labels and distributors figure out where fraud is occurring, Apple Music’s email says the platform started sending daily reports detailing “a content provider’s albums with streams held in review.” “After each review,” the email goes on, “we remove manipulated streams and release legitimate plays. At the end of each month, content providers also receive a report with all excluded streams.” (Spotify has now also ramped up the reporting it provides to labels and distributors, according to one executive at a distribution company, “adding a new dimension of seeing repeat offenders.”)
“This all happens before Apple Music pays royalties and tabulates charts,” the email noted. “We block wrongdoers from the primary advantages of stream manipulation and redirect royalties to valid plays of content.”
The last six months have seen a flurry of companies committing publicly to fraud mitigation. More than half a dozen distributors formed “a global task force aimed at eradicating streaming fraud” in June. And when Deezer announced a new partnership with Universal Music Group in September, Michael Nash, UMG’s executive vp and chief digital officer, promised that “fraud and gaming, which serves only to deprive artists their due compensation, will be aggressively addressed.”
Under Spotify’s new royalties model, the platform will financially penalize labels or distributors when it finds that more than 90% of streams on a song are fraudulent, charging 10 euros per offending track, according to several music distribution executives.
The service’s current remedies will also remain in effect — removing fake streams from the system so they don’t impact payouts or charts, pulling the track off editorial playlists, and possibly striking them from the platform altogether. The fees racked up by labels or distributors will be charged against future royalties.
Like the rest of Spotify’s new model, which also affects how the lowest-streaming acts and non-music noise tracks earn royalties, the new fraud rule will impact music’s steadily growing “long tail” of tracks that don’t get played much. In this case, it’s simple math: Big artists trying to boost their numbers are unlikely to hit that 90% threshold for fraudulent streams since they already have an established audience that will listen to them. Any act with a fair number of legitimate streams would need a huge amount of fraud to trigger a penalty.
This means companies that have built hands-off, high-volume distribution businesses with small margins, charging a small fee per upload — the three biggest are DistroKid, TuneCore and CD Baby — likely have the most to lose under the new rules. They have huge batches of new music uploading daily, and that means it’s hard to know who is doing the uploading.
Even so, Tunecore welcomed news of Spotify’s change. “In order to effectively prevent bad actors from diluting the royalty pool for real artists with real fans, all companies need to be a part of the solution,” says Andreea Gleeson, the company’s CEO. “We also have been engaged in a deep dialogue with all our DSP partners, including Spotify, to actively deploy anti-fraud measures that encourage content providers to make the proper investments to actually fight fraud. We are fully aligned with the measures that Spotify is implementing.” (Tunecore’s parent company, Believe, has a history of publicly supporting Spotify initiatives, including Discovery Mode, which is unanimously opposed by the major labels.)
“It’s a positive incremental step to take, but it’s incremental — you could see a service doing something much more drastic,” adds another senior executive. “It sends a good signal to the marketplace about intentions.”
On the other hand, DistroKid founder Philip Kaplan voiced his objection to the penalty system on a recent call with the Music Fraud Alliance, according to two sources who were also on the line. (Both DistroKid and Tunecore are members of the coalition.)
One of those executives described the gist of Kaplan’s comments: “We can’t determine if a new client is going to hire a marketing service that’s going to bot streams until they’ve done it. It’s like you can’t determine if your neighbor is going to commit a crime.” And the entity best able to monitor for fraudulent activity is Spotify itself. In this line of thinking, then, Spotify would be penalizing distributors for something that they didn’t do, can’t predict, and can’t spot as quickly as the streamer itself.
Kaplan declined to comment. Spotify also declined to comment.
There is little public data on the prevalence of fraud and where it tends to occur. The most comprehensive study that’s widely available was carried out recently by the Centre national de la musique (CNM), a French government organization, which found that “more than 80% of the fraud” detected by Deezer and Spotify in France in 2021 was “at the long tail level.”
These acts are unlikely to be associated with a major record company, as the big labels focus primarily on the top releases: Odds are that many of the tracks involved in the fraud are there purely for that purpose — a bad actor uploads white noise or junk audio expressly to pump up plays with bots and attempt to extract royalties from the streaming ecosystem.
Assuming that the 80% rule — or some semblance of it — holds more broadly across countries and streaming services, Spotify’s new penalty system functions as “a direct shot at distributors that are just way overpopulating platforms with a lot of nonsense,” says another music executive with experience fighting fraud. In this view, Spotify is pushing distributors to look more closely at what it is they are distributing.
“Being penalized should create an environment where the distributors will invest more to make sure that their business is cleaner,” says Ty Baisden, who manages Brent Faiyaz, among others.
It remains notoriously hard to determine where streaming manipulation actually comes from.
“Distributors might say it’s the [fault of the] labels,” Ludovic Pouilly, senior vp of institutional and music industry relations at Deezer, told Billboard earlier this year. “The labels might say it’s the management. And artists themselves might tell you it’s the competition who’s trying to negatively impact their reputation.”
On top of that, there are also plenty of third-party marketing companies that artists hire thinking they’re implementing legitimate streaming campaigns, but are actually just paying bot-farms to generate plays instead. This makes any attempt to assign responsibility for streaming fraud on a large scale fraught. “How are you going to hold a label or distributor responsible for something that they can’t control at all?” asks an independent label founder.
To that end, several distribution executives said they would try to shift any fraud-related penalties they incur on to whoever uploaded the music that was tied to fake streams. “Our plan is to pass on the fee to the accounts and the releases where it occurred to the best of our ability,” says one distribution executive.
This offers its own challenges. If a fraudster already has money running through the distributors’ system due to previous streaming activity, or a legitimate bank account on file, the distributor might be able to claw back the penalty money it now owes Spotify when it learns of fraud. But if the fraudster recently signed up to the distributor, that might not be so easy.
The biggest takeaway from Spotify’s new policy may be that it demonstrates how much the conversation around fraud has shifted in less than a year. In 2022, no one would talk about it; in 2023, everyone is suddenly eager to tackle the problem — and to broadcast their efforts in a public manner.
“Nobody’s immune” to streaming fraud, Christine Barnum, chief revenue officer at the distributor CD Baby, told Billboard in April. “So people are finally having the realization, ‘Yeah, this is a problem.’”
During his tenure at Google in the early 2000s, Shuman Ghosemajumder‘s official title was global head of product, trust and safety. But he also acquired a snazzier moniker, “click fraud czar,” thanks to his efforts to combat bad actors who try to fake online activity to inflate advertising payouts.
“It was very surprising to us, almost 20 years ago, when we saw organized crime getting involved with online fraud,” Ghosemajumder says. “Ever since then, I’m never surprised: The idea of cybercrime or online fraud coming from an individual hacker sitting in their bedroom hasn’t been the case for basically 30 years.”
Criminal interest in a different type of click fraud drew the attention of the music industry this week, when the Swedish paper Svenska Dagbladet published a piece alleging that the country’s gangs use streaming manipulation as a way to launder money earned via illicit activities. “Spotify has become an ATM for them,” an anonymous police investigator told the paper.
“That article appears to point to a really kind of ingenious way of laundering money,” says James Trusty, a former federal prosecutor who worked on cases involving both computer fraud and money laundering. “It seems to me to be a fairly invisible process right now, and that poses serious challenges to law enforcement.”
“It’s the usual chase,” he adds. “The robbers come up with something new, and the cops eventually catch up.”
In a statement to Svenska Dagbladet, a rep for Spotify told the paper that “manipulated streams are a challenge for the entire industry,” one that the platform “is working hard to combat” via “market leading” technology. On top of that, the rep said Spotify has discovered no evidence that it is being used as a money laundering tool.
If additional criminal activity is discovered on streaming platforms, could that bring new pressure to the music industry to address streaming fraud — something many believe is long overdue?
The article arrives at a time when executives from around the music industry are calling for better monitoring of the streaming ecosystem. “As an industry, we need to do more to harden the defenses of platforms and deter bad actors from using music streaming for criminal purposes,” Beatdapp co-CEOs Morgan Hayduk and Andrew Batey said in a statement. (Beatdapp makes fraud detection technology.)
Svenska Dagbladet‘s report is hardly the first time connections have been drawn between criminals and the music business. Industry history books are sprinkled with gangsters, especially in the earlier decades before it consolidated and became increasingly corporate. In one of the most infamous episodes, the longstanding practice of paying for airplay drew government scrutiny after a 1986 NBC report linked prominent radio promoters with members of the mafia.
But the resulting investigation ended up having little impact and ultimately fizzled out. In the book Hit Men, which catalogs this period, Fredric Dannen wrote that the lesson for the record business was that “the government is incapable of sending any major music industry figure to jail.” Paying for airplay continued unchecked for more than a decade.
The practice of paying for artificial streams has only recently drawn public criticism in the U.S. music industry. Streaming manipulation has the potential to distort market share calculations and steer money away from the hardworking artists who are not gaming the system. Both Universal Music Group CEO Lucian Grainge and Sony Music CEO Rob Stringer have expressed concern about fraud in calls with financial analysts this year.
“Once someone like Lucian Grainge makes a statement about it, it’s necessarily going to get more prominence,” says one streaming service executive who agreed to speak about manipulation on the condition of anonymity. “That’s not to say we weren’t dealing with it behind the scenes before Lucian was making statements. But now there is broader recognition of the scope of the problem and the impact that it has on revenues and royalties that should be, but have not been, paid through to legitimate artists.”
Potential connections between streaming manipulation and criminal elements were raised last year at a pair of music industry panels, first at South by Southwest and then at the Music Biz conference. Michael Pelczynski, who was then SoundCloud’s vp of strategy, participated in both discussions. “We were able to see signs of such activity” by collaborating with Pandora/SiriusXM and the cybersecurity company HUMAN, he says. “The benefit of creating a coalition with a third party was they could puzzle together certain patterns that we as individual platforms could not.”
Streamers try to work backwards from anomalies in the data, trawling for “potential bad actor networks,” as Pelczynski puts it, and trying to prevent them from “migrat[ing] from platform to platform.” Svenska Dagbladet took a different approach, speaking to several criminals who claimed to have direct knowledge of the laundering scheme.
The paper reported that Swedish gangs take criminal profits, convert them into cryptocurrency, use that to buy fake streams for artists they’re connected to, and then collect the royalties. They lose some money in the process by paying for fake streams, but the royalties they extract from the music industry are now “clean” — they can’t lead back to anything gang-related.
“There is always a cost in money laundering,” Trusty explains. But even if it’s a really high transaction cost, it still puts you in a position where you have untraceable, usable profit. And so the key for any real money laundering operation is volume. The article seems to be pointing out that this is something that’s kind of an institutional mechanism for these gangs.”
Trusty was not surprised to hear about the results of Svenska Dagbladet‘s reporting. “Anytime you have technological developments, somebody’s going to figure out a way to take advantage of those in a bad way,” he continues. “It’s eventually in the industry’s interest to lean forward and figure out how to work with law enforcement to close this gap that’s being exploited.”
Sony Music Group chairman Rob Stringer said on Tuesday (May 23) that the company is focused on the fight against low-quality content — which he called ”the lowest common denominator” — flooding top streaming platforms. “We have to look after the premium quality artists at the top of our business,” Stringer said during a company-wide […]
Last year, Pandora started to get suspicious about the streaming activity of a prominent act. “This is a top artist by every measure,” George White, senior vp of music licensing at SiriusXM and Pandora, said during a panel at the Music Biz conference in Nashville on Wednesday (May 17). Some of the interest from Pandora users was clearly genuine. But at the same time, the platform picked up “abnormalities” — “lots of quick skips,” White noted, and “very unusual ratios of radio listening to premium listening” — along with “social media sites actively posting tutorials for how to game the Pandora system and teaching potential users how to drive those streams even higher.”
“This is challenging and more difficult to detect because it’s under a background of legitimate activity,” White continued. And he said that Pandora is seeing more of this type of behavior around “established artists.”
White was one of 11 different speakers across a two-hour, three-panel fraud extravaganza — which covered a lot of ground, jumping from bot farms all the way to thieves falsely claiming publishing ownership on songs to collect money that belongs to someone else — at Music Biz. The tone stayed upbeat, though the message was glum and occasionally paranoia-inducing, with lots of talk about cybercriminals hacking into the accounts of innocent unsuspecting users for nefarious purposes.
“We’ve been seeing lately that as technology advances, the fraud is supercharged,” said Mona Simonian, a partner at the entertainment law firm Pryor Cashman. It’s important that “people start really recognizing how much money is at stake here,” she added. And as Shuman Ghosemajumder, Google’s former “click fraud czar” (real title: head of global product for trust and safety), put it: “It’s always a little bit scary before you get your arms around the problem.”
While some panels stay general, these three sessions (an interview with Ghosemajumder about the ubiquity of fraud, “52 Flavors of Fraud,” and “Fraud Use Cases: What Can We Do?”) brought some hard numbers to a fraud conversation that often remains frustratingly diffuse, because the behavior is difficult to quantify. White had his Pandora case study. And Andrew Batey, co-founder and co-CEO of the fraud detection company Beatdapp, came armed with numerous examples and a boatload of graphs.
There was the account that recorded 33,500 plays in one week. (“The average user has a few hundred to a thousand plays a week,” Batey said.) There was the user with 96 devices “playing from 47 cities in 17 countries in the same week,” a geographical impossibility for even the most devoted jet-setter. There was the group of thousands of accounts all targeting the same songs with 155-ish plays a week, and the batch of 53,000 accounts playing around a dozen acts to camouflage the one artist whose numbers they’re actually trying to inflate.
If this behavior continues undetected, it represents “billions [of dollars] that are being sucked out of this industry,” Batey said. This sentiment was echoed by Christine Barnum, chief revenue officer of CD Baby: Fraudsters are “diluting the pool for everyone.” (She spoke about ways for companies to improve their fraud detection capabilities on a budget, including using ChatGPT to help write programs that can detect anomalous activity.)
Why the upbeat mood, despite the grim news? For years, many music executives, especially in the United States, were unwilling to publicly acknowledge that fraud was a problem. The fact that there was a 120-minute block — enough time to watch two episodes of Succession, quipped Beatdapp co-founder and co-CEO Morgan Hayduk — devoted to the topic at a major music business conference is indicative of an attitude shift. “I’m so happy there’s a room full of people talking about fraud,” Barnum said.
White was similarly optimistic. While recent studies have concluded that around 80% of fraud is financially motivated — grifters running bot networks to white noise recordings, for example, rather than the work of actual artists — White said, “We’ve seen enormous strides in identifying that [activity] really early.”
“I won’t say that’s in control; it’s an issue that requires ongoing investment,” he added. “But it’s at least something we feel like we have a handle on.”
Beatdapp co-founders and co-CEOs Morgan Hayduk and Andrew Batey were not initially focused on fighting streaming manipulation. Batey spent years in digital marketing, while Hayduk formerly worked as a lobbyist for the Canadian music industry in the area of copyright protection. At first, they teamed to build an auditing tool that would enable labels to evaluate inconsistencies between their sales reports and streaming services’ server logs. Conversations with label executives indicated that “there were pretty often material discrepancies,” Hayduk says.
As he and Batey tried to understand those inconsistencies, it became clear that streaming manipulation was causing some of them, and Beatdapp embarked on developing a tool to detect fraudulent streams — which Hayduk defines as the leveraging of “bots, stolen accounts or manipulated platform features” to steal streaming income — and prevent them from impacting payouts.
According to a recent report from the Centre National de la Musique (CNM), a government-backed organization that supports France’s music industry, in 2021, over 1 billion music streams — between 1% and 3% of all streams generated in the country that year — were fraudulent. “The methods used by fraudsters are constantly evolving and improving,” the report noted, “and fraud seems to be getting easier and easier to commit.” If that percentage was applied to IFPI’s estimate that global streaming revenue totaled $17.5 billion in 2022, fraudulent streams would amount to $350 million in potential lost income for legitimate rights holders.
Beatdapp’s software sifts through massive amounts of data from partners — including labels, distributors and streaming services — to identify and investigate suspicious patterns. In one case, it identified 10,000 accounts all playing the same 63 tracks. The pair say the company now analyzes hundreds of billions of streams, and while they declined to identify partners, they recently started working with SoundCloud and Napster, according to two sources.
“If we can make this industry less attractive for financial fraudsters, that will make a positive difference for everybody who’s working on music,” Hayduk says. “That’s what animates us.”
Why is streaming fraud an important issue?
MORGAN HAYDUK: It hurts everyone who makes a living in the music industry and, left unchecked, creates this promotional race to the bottom where everyone believes they have to cheat to succeed. In cybersecurity terms, it’s important to shrink the attack surface of the industry.
ANDREW BATEY: In an industry where it’s already hard to make something and then promote something and then get paid, you should at least get paid correctly.
How much data is Beatdapp analyzing at this point?
HAYDUK: We’re looking at about 320 billion streams now. That’s about 13 trillion individualized streaming data points when you account for all of the metadata associated with each of those streams. We expect to add data in the neighborhood of another 50 billion streams in [the second quarter] and about another 2 trillion data points on that.
BATEY: It’s not just the individual stream. You might make 12 decisions in an app, such as how you search — if you clicked on the artist first and then you looked at their song list. We’re capturing all of that, anonymized across users. All of that context helps us because if somebody consistently hits, let’s say, the exact 11 things for every song they play, that’s a pretty obvious case of fraud if they’ve done that 3,000 times in a week.
How has the industry’s perception of streaming fraud changed since you started Beatdapp?
HAYDUK: Just hearing people acknowledge the issue is probably the biggest shift. It used to be verboten to speak publicly about streaming fraud. It was all behind closed doors. But I don’t think you can fix a problem until you accept its existence. We’re starting to get there now and [are] seeing a more widespread willingness to put in place solutions.
How has your perception of the problem changed as your data set has expanded?
HAYDUK: The biggest revelation to us has to be that this is way closer to death by a thousand paper cuts than it is a top-of-the-market problem. If you asked us where most of the fraud came from 18 months ago, we probably would have pointed the finger at bigger artists because we would have thought they had the most to gain. But we were missing the point of most of this activity. It’s not about changing perception; it’s about making money. This isn’t a phenomenon that’s driven by major labels and major independent label artists or their top artists. The overwhelming majority, like upwards of 80% of what we see is fraud, is coming from — call it non-music content. It’s not being released for popular consumption or because these are artists who are trying to get noticed. These are releases that have no commercial purpose except as [instruments of] fraud.
BATEY: When we first started, we genuinely thought fraud would be 1% to 3%. Now we think it’s closer to 10% [though some of this is caught]. Also we would have guessed that most of the fraud would occur on the platforms where people were — Spotify, Apple, YouTube. But because it’s a lot of financially motivated fraud, what we actually see is that it’s easier for the fraudsters to attack all the mid- and long-tail [digital service providers] as well, where they’re less likely to get caught and they’ll get a similar or better per-stream payout. Why not target all of these smaller DSPs with zero protections in place and get paid across all of them?
France’s CNM recently came to the conclusion that fraud is getting easier to commit.
BATEY: I 100% agree with that. There are so many ways to exploit platforms. If your job is to deliver the best user experience possible, it often means making it easy for them to access that content and creating really cool ways for them to experience or engage with that content. [When that happens,] there are more ways to manipulate that content for the purpose of exploiting it for a payout.
HAYDUK: And the tools that you need to commit fraud effectively and at scale are easier to access now than ever before. The tools that facilitate fraud in e-commerce or ticketing or financial services are also repackaged and repurposed to commit streaming fraud. You can generate fully automated online bot farms using cloud computing in a way you couldn’t 10 years ago.
How do you avoid generating false positives when you’re hunting for fraud?
HAYDUK: We know that a false positive is worth considerably more in the loss column than a false negative, so we adjust our models to account for the fact that they need to be conservative in the right ways.
BATEY: You can’t get it wrong. If you miss a fraudster, it’s OK. We hope we catch them later. If we call something fraud that’s not, that’s way worse.
Some have suggested that a user-centric payout system might mitigate fraud.
HAYDUK: Our view is that it’s not going to make that big a difference. It’ll change the tactics, but it won’t change the motivation. It’s a big pot of money on the internet, and generally speaking, the DSPs are still fairly soft targets. A different payout structure will just change the tactics that fraudsters use to aggregate money and divert it their way. Obviously, there’s a whole different case for the merits of payout systems if you’re an artist or you’re a label.
There’s a lot of industry concern about artificial intelligence right now. To what extent does AI make it even easier to commit these types of fraudulent activities?
HAYDUK: It’s a tool. We work for some good AI companies that care about not being a tool for fraudsters. That said, the new models are incredibly powerful, and you can create content at scale. There’s no putting the genie back in the bottle when some of these tools emerge. The tougher we make it to get away with fraud, the less valuable the tool becomes in the hands of someone who’s wielding it for a bad purpose.
How incentivized are DSPs to care about fraud?
HAYDUK: Their biggest partners care, especially in light of what we said earlier: Market share shifts matter to the partners and, therefore, it matters to the DSPs. I think consumers also care because bad recommendations on the DSP side make for bad user experience. And given that every platform is offering roughly the same catalog to the consumer, if your recommendations are substandard, that makes consumers more inclined to choose your competitor.
Some music industry executives worry that public discussions of fraud undermine user confidence.
HAYDUK: How many times a week does your bank email you about the extra efforts they’re taking to protect you from fraud in the financial sector? It doesn’t make me want to boycott my bank when they tell me that. Fans probably want to hear that, as an industry, we’re taking steps so that the artists they care about are paid correctly.
BATEY: If you’re the consumer, your account was hijacked, and now you’re getting a bunch of recommended songs that don’t make any sense, you’re not blaming the fraudster — you’re blaming the platform.
What is your dream scenario for fraud mitigation in the industry?
HAYDUK: Our view is there are some things you can’t do in a vacuum. DSP A can’t look at the data from DSP B to help inform its own detection models. It’s way too competitive between the platforms to give up the level of data required to do fraud detection at the highest levels. Having a platform in the middle acting as Switzerland, working for the collective benefit of everyone without minimizing the level of competitiveness between the platforms, is the right approach. And it’s also an approach that we’ve seen play out in other verticals with similar dynamics.
In May 2022, the German Music Industry Association (BVMI) set its sights on “curbing streaming manipulation and streaming fraud.” These issues are “a central concern” for the music business, the organization wrote in a confidential document reviewed by Billboard, due to their “distortion of the chart ranking and/or influencing of royalty payments.” As a result, BVMI issued a call for proposals to “establish a ‘Fraud Detection System.’ ”
Related discussions have been taking place around the music industry recently. In January, the French government published what appears to be the first-ever national analysis of streaming fraud. In the United States, the outline of a fraud-mitigation proposal is circulating among several distributors, publishers and streaming platforms, while the annual Music Biz conference in Nashville in May will feature not one but three panels on the topic.
Why all the sudden attention on this issue? The Centre National de la Musique (CNM), an organization that operates under France’s Ministry of Culture, found that 1% to 3% of streams in the country were fraudulent in 2021. If those numbers were to hold true for the worldwide music market — which IFPI valued at $17.5 billion in 2022 — that would mean approximately $175 million to $525 million of streaming royalties are being hijacked globally.
Some think that’s on the low end. The streaming service Deezer has said that 7% of streams on the platform are fraudulent — and that’s just what it identifies. BeatDapp, a Vancouver-based company that builds fraud detection software for labels, distributors and streaming services all over the world, estimates that around 10% of global streams are fraudulent; while some of this activity is caught, that could mean that over $1 billion in royalties ends up in the wrong pockets.
“Nobody’s immune” to streaming fraud, says Christine Barnum, chief revenue officer at the distributor CD Baby. “So people are finally having the realization, ‘Yeah, this is a problem.’ ”
“It’s just very common,” adds one indie-label head who has “definitely bought” streams. “People are really worried about optics — ‘I need to have at least a million streams on a song,’ whatever the bar is that they’re trying to hit to make it look a certain way. There’s so much pressure.”
“Streaming fraud” is a rangy term that can encompass a variety of behaviors. These include uploading an unauthorized remix of a viral single, boosting play counts by streaming music through a hacked Spotify account or creating a bot network to drive streams to a pop hit (for chart purposes) or a white noise recording (for royalties). (CNM’s study found that 80% of fraud was detected in streaming’s “long tail,” meaning it had little to do with the charts.)
The unifying thread across these activities: They can siphon money from the royalty pool. For most streaming services, dollars from ads and subscriptions are lumped together and then distributed to rights holders according to their share of total plays. “If the demand for certain titles is increased due to streaming manipulation,” BVMI’s document explains, “other rights holders automatically receive lower royalty payments.”
Or, as Barnum puts it, fraud is “ruining it for the genuine artists who deserve to be accurately compensated for their listens. That’s being diluted.”
Some fraud is similar to old-fashioned music piracy, like uploading an unsanctioned version of an artist’s work to Spotify — or even just a duplicate under an alternate name — and claiming royalties from the resulting streams. With both piracy and fraud, “artists and anyone that makes their living from music have the potential to suffer real economic loss,” says Morgan Hayduk, co-founder/CEO of BeatDapp.
But while piracy in the file-trading and CD-burning era of the 2000s stemmed from “consumer demand for lower costs and more choice,” streaming fraud is “primarily driven by the profit motivations of nonconsumer enterprises seeking to extract revenue from the digital music industry,” Hayduk continues. “They leverage the same tools used for other types of online fraud, like stolen account credentials and bots. This isn’t a consumer-led phenomenon — it’s a reflection of the ease with which digital platforms can be manipulated for specific commercial gain.”
Sure enough, CNM’s report lamented that “fraud seems to be getting easier and easier to commit.” “In the beginning, fraud came mostly from unknown artists trying to get visibility, increased promotion or maybe a record or distribution contract,” says Ludovic Pouilly, senior vp of institutional and music industry relations at Deezer. “Right now, streaming fraud is more sophisticated and increasingly harder to detect, and we can see activity for the music of artists on all levels.” Meaning both that bad actors are diverting streams from major artists and it’s no longer simply unknown artists using bots to get visibility.
Currently, most efforts to combat fraud take place within individual organizations — whether that’s a streaming service or a distributor — which try to detect suspicious activity before it can affect payouts. In addition, IFPI has had some success taking legal action against streaming fraud sites in Germany and Brazil.
But fraud persists, which might be why there’s a growing realization that if the music industry really wants to prevent hundreds of millions of dollars from slipping out a side door, it may need a more comprehensive, cooperative approach. That said, there’s no consensus yet on what that might look like. In a statement to Billboard, BVMI said, “We are currently working on a tool to find artificial streams,” calling it a “work in progress.”
Louis Posen, founder of Hopeless Records, is an advocate for third-party oversight. “Currently, security is on a [digital service provider] by DSP level,” he says. “I think we need a monitoring, prevention, detection, mitigation and enforcement system at the level of the financial industry — both a third-party company that can monitor all the services as well as a department at each service with full resources.”
A senior executive at a major label doesn’t agree. “I’d really like to believe it’s not necessary, because it adds cost to the ecosystem,” the executive says. “Between the DSPs, the labels and the distribution side of our business, there are ways to solve this: having strong technology and technology controls, having strong rules and policies [around fraud] and adding consequences when you violate those.”
While the major labels either declined to speak about this issue on the record or did not respond to requests for comment, the senior executive notes that “we have concern over any level of fraud that happens in any of the platforms.” In 2019, the majors were among those that signed a code of conduct condemning streaming fraud, though the document was not legally binding, so it’s hard to tell the extent of its impact.
The disagreement about the best ways to combat fraud were evident in the CNM report. The study was hamstrung by several streaming services — Apple Music, YouTube and Amazon — declining to share information about fraud on their platforms, seemingly content to handle the issue internally. Those three platforms are estimated to account for a little over 35% of global streaming subscriptions; CNM was forced to perform its analysis without a complete view of the French streaming market.
Barnum maintains that “a global problem is going to take a global solution.” For now, she’s at least heartened by the fact that more people are willing to acknowledge streaming fraud’s existence: “I’m no longer a weirdo on the corner saying, ‘I think there’s a problem.’ ”
As the music industry becomes increasingly conscious of — and vocal about — the challenges of the streaming model, fraudulent streams have become a source of growing frustration. “Every penny that goes to a fraudulent stream is a penny that doesn’t go to a legitimate stream,” says Richard Burgess, president and CEO of the American Association of Independent Music. “Fraudulently increased stream counts can affect recording budgets, licensing deals, catalog valuations and can result in the misallocation of marketing budgets.”
The French government, which recently published the results of a months-long, country-wide investigation into streaming fraud, portrayed understanding the impacts of this activity as an imperative. “The stakes are high in our country as well as in the rest of the world: the development of music services, which can be free and financed by advertising, or paid through subscriptions, as individual or family plans, constitutes a tremendous opportunity for the music sector, after years of a long crisis,” the report asserted. “…Such growth whets the appetites and stimulates the creativity of those who seek to abuse the system.”
“The multiplication of fake streams, that is to say the processes allowing [bad actors] to artificially boost play counts or views to generate an income, is nothing short of theft,” the report continued.
The French study, conducted without data from YouTube, Apple Music, or Amazon Music, found that 1% to 3% of plays were fraudulent, while also noting somberly that “the reality of fake streams goes beyond what is detected.” BeatDapp, a Vancouver-based company that creates fraud detection software for labels, publishers, distributors and streaming services, believes the global level of fraud is higher. “In 2020, estimates were 3 to 10% of all streaming activity was fraud,” the company wrote in 2022. “Today, we confidently say it’s at least 10%, and more in some regions. That equals ~$2B in potentially misallocated streaming revenues this year, and will be ~$7.5B by 2030 if left unchecked.”
So what forms does streaming fraud take? According to Burgess, the practice “covers a multitude of techniques used to increase stream counts or impressions by other than legitimate means.”
Here are three of the most common:
Bots
Discussion of streaming fraud often turns quickly to bots, which Burgess defines as “automated software that can be used to generate views, streams or interactions.” To detect bot activity and prevent it from affecting royalty payouts, companies build models that trawl streaming data and look for listening patterns that appear anomalous: BeatDapp likes to discuss an example of finding tens of thousands of accounts all streaming the same 63 songs.
“If I’m trying to push numbers up, I’m going to do it across streaming services in a subtle fashion this way,” BeatDapp co-CEO Andrew Batey says. “Spread it across a lot of accounts and multiple platforms, and you can drive a significant number of plays with no one looking.”
Click Farms
Streaming services are looking for suspicious play patterns that don’t reflect human behavior. Fraudsters are aware of this, so they try to camouflage their activity in ways that appear human. One method is to get actual humans to press Play through what are known as “click farms.”
Eric Drott, a professor at the University of Texas in Austin who has written about streaming fraud, describes these as “enterprises concentrating low-paid, precarious workers who are engaged to perform the sort of rote, repetitive tasks that keep the flows of digital capitalism moving: creating social media accounts, moderating content for platforms, clicking online ads, liking or rating items and, of course, generating plays on streaming services.” Accounts that stream music 24 hours a day or stem from a smartphone that never moves or dips below 100% power could be evidence of click-farm activity.
Imposters
A third prominent form of fraud identified by Burgess involves impersonating creators by uploading a version of their song to streaming services and illegally collecting creators’ legitimate royalties. This is a common problem faced by artists who are having a moment on TikTok, for example: Imposters post a version of the TikTok hit on streaming services under a slightly different name, aiming to divert some streams (and hopefully royalties) their way.
“It happens to every single viral artist,” says one manager who shepherded a viral act to a major-label deal last year. There are many distribution companies out there, and managers say that some of them have lax oversight of what’s being uploaded to the DSPs through their platforms. This means artists and their teams have to keep close watch on streaming platforms and issue takedowns when they find imposter versions.
