Want to better understand the evolving landscape of music streaming fraud and how the industry is working to combat it and protect artists in 2025? You’re in the right place.
Streaming fraud is a huge problem—one that costs the global music industry $2 billion a year.
In March 2024, a Danish man made history as the first person to be convicted of streaming fraud. He was sentenced to prison after making at least 2 million Danish kroner (about 300,000 USD) from artificially generated streams of music tracks, 37 of which were edited versions of other musicians’ work for which he was found guilty of breaching copyright.
Just six months later, an American man was charged with wire fraud conspiracy, wire fraud, and money laundering conspiracy after using artificial intelligence to create fake songs and employing automated bots to generate billions of fake streams. This manipulation led to over $10 million in fraudulent royalty payouts.
These examples offer just a brief glimpse into the complex world of music streaming fraud, a problem that the music industry at large is looking to tackle in 2025.
In this article we explore the landscape of music streaming fraud, delving into different kinds of fraud tactics, what the industry is doing about it, and strategies you can use to combat it to ensure your artists receive their due compensation.
What we cover
Music streaming fraud: Where did it all begin?
The most recent IFPI Global Music Report shows substantial growth in the recorded music market, best conveyed by the 10.2% increase in revenues from 2022 to 2023.
Even industry outsiders wouldn’t be surprised to hear that subscription streaming is leading the charge, growing by 11.2% year over year, comprising almost half of the global market (and well over half of the market when accounting for ad-supported streams).
Streaming is the industry’s here, now, and future—something that’s perhaps been inevitable since the days of Napster, Limewire, and Kazaa.
These piracy sites are, of course, relevant to our discussion of fraudulent streaming. We all know the controversy they sparked, which Forbes credits with almost ruining the music industry.
Interestingly enough, rather than destroy the industry, those piracy sites shaped the structure of today’s music business. Big-picture industry thinkers saw the turning tide and discovered how to use the technologies chewing away at their profits to their advantage.
So, in place of “piracy,” we have legal streaming services like Spotify, Apple Music, and SoundCloud, making your artist’s songs more available than ever to bolster careers instead of hindering them.
While the streaming industry continues to thrive and is expected to grow to $132.59 billion by 2032, its battle against fraudsters is ongoing. In the past couple of years, we’ve seen streaming services introduce some big changes in attempts to divert money from fraudulent streams back into the pockets of rights holders—but more on that later.
So, what is music streaming fraud? Why is it so damaging?
Music streaming fraud—also known as abnormal streaming, store-end fraud, or music streaming manipulation—involves artificially inflating play counts to game the system. By exploiting weaknesses in streaming platforms, fraudsters generate streams that don’t reflect genuine listener engagement.
Bad actors often employ bots to play songs on repeat to increase their profits at scale, making the track seem more popular. Bots can also inflate followers, downloads, and a song’s place on lucrative playlists. Often, bots will “listen” to a stream for just over 30 seconds, the length at which most streaming platforms count a play as a monetized stream.
How do they earn money from this, though?
Most streaming platforms employ a pro-rata model to calculate royalty payouts. Under this model, the net revenue generated from all subscriptions and ads is pooled together and distributed in proportion to the number of streams each artist received across the platform, within a specific period and territory. More streams equals more market share, which means bigger payouts.
The impact on the music industry is significant. Fraudulent streams dilute royalty commissions and streaming data, leading to significant revenue losses for artists and skewed analytics.
Beatdapp, an audit and fraud detection software for music labels and streaming services, estimates that at least 10% of global music streaming activity is fraudulent, leading to $2 billion worth of misallocated annual revenues. Mid-sized digital service providers (DSPs) may see even higher rates of fraudulent streams, with Beatdapp’s estimates suggesting that up to 30% of activity on their platforms is fraudulent.
Andrew Batey, co-founder and co-CEO of Beatdapp, told Bloomberg that 80% of the fraud the company detects is motivated by financial gains, rather than attempts to boost an artist’s popularity or game the charts.
Sometimes, well-meaning artists get caught up in fraud by accident. Christine Barnum, former Chief Operating Officer at CD Baby, told Variety in 2018 that there are instances of artists signing up for “marketing services” that are actually committing fraud.
What tactics do fraudsters use?
Now, we’ll delve into the primary tactics bad actors use to commit music streaming fraud, as outlined in SoundCloud’s Rockonomics report: Click farming (artificial streaming), carbon copying (ghosting tracks), and account hacking (unauthorized account access).
Click farming (artificial streaming)
Click farmers use smartphones, computers, and tablets to form a network of devices that play given songs on repeat to artificially boost streaming numbers. The techniques employed make these listens appear human-generated, creating the illusion of a large number of genuine listeners.
While some might see this approach as clever, it is not fair. It removes merit and skill from the equation, granting an unfair advantage to those willing to bend the rules. These fraudsters exploit streaming platforms for profit, negatively impacting legitimate artists who rely on authentic streaming numbers.
Furthermore, click farming reduces the likelihood of music fans discovering talented, lesser-known artists. On a larger scale, these tactics disrupt algorithms, degrading the experience for paying customers by offering them music less relevant to their tastes.
Carbon copying (ghosting tracks)
Many terms apply to this streaming fraud technique, which we call carbon copying or ghost tracking. Regardless of the terminology, the idea is relatively simple—a fraudster takes an artist’s original work, manipulates it enough to fool the algorithm (e.g., speeding it up or slowing it down), and uploads it as their own recording. These manipulated tracks are altered just enough to appear different but are essentially carbon copies.
The ethical dilemma of this tactic is obvious—it is a direct copyright infringement, and the offenders are stealing royalties from the original artists.
Examples include a manipulated version of Halsey’s song “Without Me,” which has over six million streams on Spotify, and a modified version of Coldplay and The Chainsmokers’ “Something Just Like This,” which has over 12 million plays.
In another case, Vancouver musician Paula Toledo uploaded her long-lost song “How Long,” never released commercially, to DSPs after fans of the track (who had discovered it through bootleg Russian DVDs or online tribute videos containing images of teddy bears) traced it back to her. Soon after she uploaded it, though, Reddit users notified her that a duplicate version of the track (identifiable by teddy bear album art) had appeared on streaming services.
This alternate version—an exact copy of the original—created confusion, and Toledo’s original version was removed from streaming services. A fraudster had successfully capitalized on the relative obscurity of the track, and the royalties earned weren’t going to the rightful rights holder (or, in this case, the charity that Toledo was directing all proceeds to).
These examples only scratch the surface, and the situation becomes even more concerning when lesser-known artists have their tracks stolen. While Halsey and Coldplay—who’ve been undoubtedly wronged by these methods—have the financial means to deal with such fraud, independent artists trying to make their way cannot afford to lose the royalties that should be rightfully theirs.
Additionally, anyone using carbon copies to siphon another artist’s royalties is likely using other shady tactics to promote and artificially boost their ghost tracks.
Account hacking (unauthorized account access)
The modus operandi of a streaming account hacker is much like that of any other account hacker: exploiting weak and reused passwords. In a world where consumers have a plethora of hard-to-track accounts across an array of digital platforms, malicious actors have a wealth of opportunities to exploit.
These hackers leverage weak passwords, access stolen credentials (typically obtained through web scraping and data breaches), and discover valid username-password combos via password spraying, brute forcing, credential stuffing, and other methods. A simple foray into the dark web can also provide these bad actors with valid credential combinations.
Once account hackers have their seemingly legitimate credentials, they can use both paid and free subscriptions to artificially increase targeted music streams.
How is the music industry combating fraud in 2025?
From 2023 onwards, we’ve seen action on the fraud-fighting front on the part of DSPs and other industry leaders like never before.
Music Fights Fraud Alliance
This is no more evident than in the founding of the Music Fights Fraud Alliance (MFFA), a global task force aimed at eradicating streaming fraud, founded in the summer of 2023. The group includes giants like Downtown, CD Baby, United Masters, FUGA, TuneCore, Spotify, Amazon Music, SoundCloud, and others. MFFA members provide cross-platform collaboration and data-sharing in coordination with a third party, the National Cyber-Forensics and Training Alliance (NCFTA), in an effort to detect, prevent, mitigate, and enforce anti-fraud measures.
The MFFA, while groundbreaking in its cross-platform collaboration, only comprises one facet of the industry’s fight against fraudulent streaming. Individual DSPs have been taking matters into their own hands, as well.
Spotify
In November 2023, Spotify announced a couple of big royalty payment policy changes that took effect in 2024. First, tracks only generate royalties once they reach 1,000 streams in the previous 12 months, affecting about 0.5% of its library.
The idea is that any track reaching 1,000 plays is earning real engagement and is far less likely to prove fraudulent under scrutiny, and the revenue from these streams will be rerouted to “emerging and professional artists.” As Spotify paid our $10 billion in royalties in 2024, this represents a redistribution of $50 million in royalties.
While this policy has received some pushback, the reality is that royalties from tracks with fewer than 1,000 streams were often not reaching rights holders anyway, as the amounts generated were typically too small to meet many distributors’ payout thresholds.
However, the change also makes it harder for emerging artists to earn from their early releases. Spotify’s former chief economist, Will Page, estimates that 99% of the 99,000 new tracks uploaded in 2024 earned their recording artists less than $100 in royalties that year. While this policy does work to curb manipulation and redirect funds to more active artists, critics argue that its negative effects disproportionately impact smaller, independent musicians.
The other big change is that “functional noise” or non-music tracks only generate royalties if played for two minutes (as opposed to music content’s 30-second minimum), and they earn a royalty rate at a fraction of the value of music streams, though the company has not stated what that rate is. This push is part of a larger effort to fight fraud on the platform, as they have also introduced per-track fines for labels and distributors when “flagrant artificial streaming” is detected on their content.
Unfortunately, this last policy has resulted in some legitimate artists’ music being removed from Spotify (and other DSPs) for fraud they didn’t commit. Because DIY distributors like TuneCore, DistroKid, and CD Baby allow virtually anyone to distribute audio files to DSPs for a low price, the volume of tracks they distribute on a daily basis is so high that it is extremely difficult to police effectively.
This has led distributors to take an aggressive approach in addressing fraudulent activity flagged by Spotify, sometimes resulting in legitimate artists being impacted.
While the process isn’t perfect, these policies signal a broader industry shift toward tackling streaming fraud at scale. As DSPs, distributors, and rights holders continue refining fraud detection methods, the goal remains clear: to ensure that royalties reach the right artists while keeping fraudulent actors out of the system.
Deezer
On September 6, 2023, Deezer and UMG announced that they were launching the “first comprehensive artist-centric streaming model” together, which launched in France in October 2023. Warner signed on as well, and Merlin joined in 2024.
In January 2025, Deezer teamed up with French PRO SACEM to bring artist-centric royalties to publishing.
Deezer lists four pillars of its Artist-Centric Payment System (ACPS), two of which are relevant to our discussion of fraud.
- More support for real artists
Like Spotify, Deezer has taken a stand against functional audio content—or in their words, “irrelevant content,” (e.g., rain, white noise, etc.), removing it from the royalty pool entirely. It’s replaced these audios with its own non-royalty-generating content, and is directing funds “towards real artists.”
- Reducing fraud on Deezer
Deezer has placed a 1,000-stream cap on every user to prevent system abuse—in other words, each user will contribute a maximum of 1,000 streams to the monthly royalty pool, thus discouraging streaming fraud.
SoundCloud
SoundCloud launched its Fan-Powered Royalties (FPR) model in 2021. Artists can opt into FPR or remain in the traditional pro-rata model, as discussed in the Rockonomics report released in 2024.
In the Rockonomics report, author Will Page analyzes how streaming fraud impacts artists in FPR versus the pro-rata model. He writes, “Calculating FPR and the equivalent pro-rata shares in parallel means SoundCloud can detect possible fraudulent activity when the royalties’ calculations are completed. It’s this hybrid model which gives SoundCloud a comparative advantage in the fight against fraud.”
They found that pro-rata models are more exposed to click farms and carbon copies, while user-centric models (like FPR) are more vulnerable to account hacks. Page points out that while FPR may be more exposed to account hacking, these fraudsters have a higher barrier to entry than perpetrators of click farms or carbon copying.
The most important thing isn’t the payout model, but time: “What really matters is the time to detect fraud. Why? Because if the horse has already bolted before you lock the stable—or you detect fraud after paying out the criminals—then any further action is in vain.”
Amazon Music
In December 2024, UMG announced an expansion of its existing relationship with Amazon Music that includes, among other things, an “advancement of artist-centric principles including increased fraud protection.” The two companies will be working collaboratively to address unlawful AI-generated content and protect against fraud and misattribution.
Fight music streaming fraud with Trolley
Fraudsters are getting more sophisticated, but Know Your Artist (KYA) verification is one key to stopping fraudulent payouts before they happen. Trolley Trust helps music businesses protect their royalty distributions with secure ID verification, watchlist screening, and risk-based workflows—ensuring funds are paid only to the verified rights holders.
With Trolley’s end-to-end platform, you can:
✅ Verify artist identities using government-issued ID verification and live photo validation.
✅ Screen every payee against watchlists to prevent payouts to bad actors.
✅ Reduce risk with customized workflows based on Trolley-assigned risk scores for every recipient.
✅ Streamline global payouts to 210+ countries while ensuring that real artists get their due, and bad actors never see a payout.
The result? Secure, seamless royalty payments that protect your business, artists, and reputation from fraudulent activity.
Want to reinforce your royalty payout process with the industry’s strongest KYA toolset?
Leading music companies like SoundCloud, United Masters, CD Baby, Soundrop, and more trust Trolley to pay over 1.5 million musicians worldwide. Learn how Trolley can help you transform your royalty payouts and stay ahead of fraud—get in touch today.
![[IRS Update] 1099-K Reporting Thresholds for 2024 and Beyond: What You Need to Know](https://b2734729.smushcdn.com/2734729/wp-content/uploads/2024/11/1099-K-OG-Image-300x300.webp?lossy=2&strip=1&webp=1)
