Want to better understand music streaming fraud and how the industry plans to combat it in 2024? You’re in the right place.
Streaming fraud is a huge problem—MusicAlly reports that fraudulent streams could have totaled between $41 and 410 billion in 2023 alone.
In 2017, a Bulgarian playlist maker siphoned as much as $1 million out of the Spotify royalty pool by creating playlists with tracks by seemingly unknown artists, most of which were just over 30 seconds long (the minimum amount of time required to trigger a monetized play on Spotify). They used around 1,200 Spotify accounts to play the tracks on a loop, at random, in a scam that ran for months before it was discovered by a major label executive.
Just this March, a Danish man was sentenced to prison after making at least 2 million Danish kroner (about 300,000 USD) from artificially generated streams of music tracks, 37 of which were edited versions of other musicians’ work he was found guilty of breaching copyright on.
These examples offer just a brief glimpse into the complex world of music streaming fraud, a problem that the music industry at large is looking to tackle in 2024.
In this article we explore the landscape of music streaming fraud, delving into different kinds of stream fraud, what the industry is doing about it, and strategies you can use to combat it to ensure your artists receive their due compensation.
What we cover
Music streaming fraud: Where did it all begin?
The most recent IFPI Global Music Report shows substantial growth in the recorded music market, best conveyed by the 10.2% increase in revenues from 2022 to 2023.
Even industry outsiders wouldn’t be surprised to hear that subscription streaming is leading the charge, growing by 11.2% year over year, comprising almost half of the global market (and well over half of the market when accounting for ad-supported streams).
Streaming is the industry’s here, now, and future—something that’s perhaps been inevitable since the days of Napster, Limewire, and Kazaa.
Napster, Limewire, and Kazaa are, of course, relevant to our discussion of fraudulent streaming. We all know the controversy those piracy sites sparked, which Forbes credits with almost ruining the music industry.
Interestingly enough, rather than destroy the industry, those piracy sites may have shaped the structure of today’s music business. Big-picture industry thinkers saw the turning tide and discovered how to use the technologies chewing away at their profits to their advantage.
So, in place of “piracy,” we have legal streaming services like Spotify, Apple Music, and SoundCloud, making your artist’s songs more available than ever to bolster careers instead of hindering them.
While the streaming industry continues to thrive and is expected to grow to $116.07 billion by 2031, its battle against fraudsters is ongoing. In the past year or so, we’ve seen streaming services introduce some big changes in attempts to divert money from fraudulent streams back into the pockets of rights holders—but more on that later.
So, what is music streaming fraud? Why is it so damaging?
Music streaming fraud, also known as abnormal music streaming, store-end fraud, and music streaming manipulation, aims to generate fake streams by repeatedly playing a single track, thereby exploiting weaknesses in streaming platforms.
Bad actors often employ bots to play songs on repeat to increase their profits at scale, making the track seem more popular. Bots can also inflate followers, downloads, and a song’s place on lucrative playlists. Often, bots will “listen” to a stream for just over 30 seconds, the length at which most streaming platforms count a play as a monetized stream.
How do they earn money from this, though?
Most streaming platforms employ a pro-rata model to calculate royalty payouts. Under this model, all of the net revenue generated from subscriptions and ads is pooled together and distributed in proportion to the number of streams each artist received across the platform, within a specific period and territory. More streams equals more market share, which means bigger payouts.
The impact on the music industry is significant. Fraudulent streams dilute royalty commissions and streaming data, leading to significant revenue losses for artists and skewed analytics.
A 2023 article from Bloomberg cites 10% of music streaming activity as fraudulent, leading to $2 billion worth of misallocated annual revenues. Mid-sized digital service providers (DSPs) are particularly affected, with an estimated 30% of activity on their platforms being fraudulent. These numbers come from Beatdapp, a company that develops fraud detection technology for the music industry.
Andrew Batey, co-founder and co-CEO of Beatdapp, told Bloomberg that 80% of the fraud the company detects is motivated by financial gains, rather than attempts to boost an artist’s popularity or game the chart. These fraudsters are people who aren’t even in the music industry but are simply exploiting streaming services to make a profit.
Sometimes, well-meaning artists get caught up in fraud by accident. Christine Barnum, Chief Operating Officer at CD Baby, told Variety that there are instances of artists signing up for “marketing services” that are actually committing fraud.
What tactics do fraudsters use?
Below, we’ll delve into the primary types of music streaming fraud, as outlined in SoundCloud’s Rockonomics report: Click farming (artificial streaming), carbon copying (ghosting tracks), and account hacking (unauthorized account access).
Click farming (artificial streaming)
Click farmers use smartphones, computers, and tablets to form a network of devices that play given songs on repeat to artificially boost streaming numbers. The techniques employed make these listens appear human-generated, creating the illusion of a large number of genuine listeners.
While some might see this approach as clever, it is not fair. It removes merit and skill from the equation, granting an unfair advantage to those willing to bend the rules. These fraudsters exploit streaming platforms for profit, negatively impacting legitimate artists who rely on authentic streaming numbers.
Furthermore, click farming reduces the likelihood of music fans discovering talented, lesser-known artists. On a larger scale, these tactics disrupt algorithms, degrading the experience for paying customers by offering them music less relevant to their tastes.
Carbon copying (ghosting tracks)
Many terms apply to this streaming fraud technique, which we call carbon copying or ghost tracking. Regardless of the terminology, the idea is relatively simple—a fraudster takes an artist’s original work, manipulates it enough to fool the algorithm (e.g., speeding it up or slowing it down), and uploads it as their own recording. These manipulated tracks are altered just enough to appear different but are essentially carbon copies.
The ethical dilemma of this tactic is obvious—it is a direct copyright infringement, and the offenders are stealing royalties from the original artists.
Examples include a manipulated version of Halsey’s song “Without Me,” which has over six million streams on Spotify, and a modified version of Coldplay and The Chainsmokers’ “Something Just Like This,” which has over 12 million plays.
In another case, musician Paula Toledo uploaded her long-lost song “How Long,” never released commercially, to DSPs after fans of the track (who had discovered it through bootleg Russian DVDs or online tribute videos containing images of teddy bears) traced it back to her. Soon after she uploaded it, though, Reddit users notified her that a duplicate version of the track had appeared on streaming services, with teddy bear artwork.
This alternate version—an exact copy of the original—created confusion, and Toledo’s original version was removed from streaming services. A fraudster had successfully capitalized on the relative obscurity of the track, and the royalties earned weren’t going to the rightful rights holder (or, in this case, the charity that Toledo was directing all proceeds to).
These examples only scratch the surface, and the situation becomes even more concerning when lesser-known artists have their tracks stolen. While Halsey and Coldplay—who’ve been undoubtedly wronged by these methods—have the financial means to deal with such fraud, independent artists trying to make their way cannot afford to lose the royalties that should be rightfully theirs.
Additionally, anyone using carbon copies to siphon another artist’s royalties is likely using other shady tactics to promote and artificially boost their ghost tracks.
Account hacking (unauthorized account access)
The modus operandi of a streaming account hacker is much like that of any other account hacker: exploiting weak and reused passwords. In a world where consumers have a plethora of hard-to-track accounts across an array of digital platforms, malicious actors have a wealth of opportunities to exploit.
These hackers leverage weak passwords, access stolen credentials (typically obtained through web scraping and data breaches), and discover valid username-password combos via password spraying, brute forcing, credential stuffing, and other methods. A simple foray into the dark web can also provide these bad actors with valid credential combinations.
Once account hackers have their seemingly legitimate credentials, they can use both paid and free subscriptions to artificially increase targeted music streams.
How are streaming services combating fraud in 2024?
2023 and 2024 have seen action on the fraud-fighting front on the part of DSPs and other industry leaders like never before.
Music Fights Fraud Alliance
This is no more evident than in the founding of the Music Fights Fraud Alliance (MFFA), a global task force aimed at eradicating streaming fraud, founded in the summer of 2023. The group includes giants like Downtown, CD Baby, United Masters, FUGA, TuneCore, Spotify, Amazon Music, and others. MFFA members provide cross-platform collaboration and data-sharing in coordination with a third party, the National Cyber-Forensics and Training Alliance (NCFTA), in an effort to detect, prevent, mitigate, and enforce anti-fraud measures.
The MFFA, while groundbreaking in its cross-platform collaboration, only comprises one facet of the industry’s fight against fraudulent streaming. Individual DSPs have been taking matters into their own hands, as well.
Spotify
In November 2023, Spotify announced a couple of big royalty payment policy changes that took effect earlier this year. First, songs will only generate royalties once they reach 1,000 streams in the previous 12 months, affecting about 0.5% of its library. The idea is that any track reaching 1,000 plays is earning real engagement and is far less likely to prove fraudulent under scrutiny, and the revenue from these streams will be rerouted to “emerging and professional artists.”
While this policy has received some pushback, the reality is that rights holders weren’t accessing royalties for tracks with fewer than 1,000 streams anyway, as the money they generate is below the minimum that many distributors require before making payouts.
The other big change is that “functional noise” or non-music tracks only generate royalties if played for two minutes (as opposed to music content’s 30-second minimum), and they earn a royalty rate at a fraction of the value of music streams, though the company has not stated what that rate is. This push is part of a larger effort to fight fraud on the platform, as they have also introduced per-track fines for labels and distributors when “flagrant artificial streaming” is detected on their content.
Unfortunately, this last policy has resulted in some legitimate artists’ music being removed from Spotify (and other DSPs) for fraud they didn’t commit. Because DIY distributors like TuneCore and Distrokid allow virtually anyone to distribute audio files to DSPs for a low price, the volume of tracks they distribute on a daily basis is so high that it is extremely difficult to police effectively.
This has led them to be very aggressive in their approach to addressing fraudulent activity flagged by Spotify, removing artists’ tracks or even entire libraries from the platform erroneously.
Deezer
On September 6, 2023, Deezer and UMG announced that they were launching the “first comprehensive artist-centric streaming model” together, which launched in France in October 2023. Warner signed on as well, and Merlin joined earlier this year.
Deezer lists four pillars of its Artist-Centric Payment System (ACPS), two of which are relevant to our discussion of fraud.
- Distinguishing between music and noise
Like Spotify, Deezer has taken a stand against functional audio content—or in their words, “declared war against irrelevant sounds.” Deezer’s language is more intense, and so is their approach to this type of audio content, as it has removed white noise from the royalty pool entirely, and is directing funds “toward genuine artist content.”
- User cap and fraud detection
Deezer has placed a 1,000-stream cap on every user to prevent system abuse—in other words, people who stream more than 1,000 tracks a month will be down-weighted in the payouts calculations—and implemented a “robust fraud detection system.”
SoundCloud
SoundCloud launched its Fan-Powered Royalties (FPR) model in 2021. Artists can opt in to FPR or remain in the traditional pro-rata model, as discussed in the Rockonomics report released earlier this year.
In the Rockonomics report, author Will Page (former Chief Economist of Spotify) analyzes how streaming fraud impacts artists in FPR versus the pro-rata model. He writes, “Calculating FPR and the equivalent pro-rata shares in parallel means SoundCloud can detect possible fraudulent activity when the royalties’ calculations are completed. It’s this hybrid model which gives SoundCloud a comparative advantage in the fight against fraud.”
They found that pro-rata models are more exposed to click farms and carbon copies, while user-centric models (like FPR) are more vulnerable to account hacks. Page points out that while FPR may be more exposed to account hacking, these fraudsters have a higher barrier to entry than perpetrators of click farms or carbon copying.
The most important thing isn’t the payout model, but time: “What really matters is the time to detect fraud. Why? Because if the horse has already bolted before you lock the stable—or you detect fraud after paying out the criminals—then any further action is in vain.”
Fight music streaming fraud with Trolley
Trolley handles the heavy lifting of paying artists via payout automation purpose-built for modern music companies, with built-in fraud mitigation and watchlist screening on every payment.
By leveraging Trolley’s powerful payout API, DSPs can access a massive global banking and payments network to smoothly facilitate print royalty distributions to eligible rights holders—all while upholding tax compliance through integrated reporting capabilities.
Detect fraud before paying out fraudsters with Trolley’s ID verification and fraud monitoring tools.
Let Trolley deliver your royalty distributions worldwide so you stay focused on bigger goals. Keep your data centralized and connected with Trolley’s end-to-end platform plus ERP sync. Onboard your artists, verify their identities, pay globally, stay tax compliant, and mitigate your fraud risk, all in one place.
Our real-time dashboard gives your artists the visibility and transparency they deserve, with your brand at the front and center. Plus, recipients can choose the payment methods that work best for them, so you can strengthen your relationships while making tax-compliant, risk-free payouts to over 210 countries and territories.
Learn why companies like SoundCloud, United Masters, Soundrop, CD Baby, and more trust Trolley to pay over 1.5 million musicians worldwide by getting in touch today.
