Facebook's Fraud Problem: Worse Than It Appears in Disclosures

Before I get to the fast growing fraud -- defined as a user who is not what the user pretends to be, which may or may not have legal ramifications -- let me recap some things about Facebook. A tech blogger wrote me: "I didn't realize that FB's last quarter was a net loss on a GAAP basis. I should be paying more attention I guess." Facebook clearly disclosed the loss. But many financial "reporters" omitted the loss from recent articles that hyped the stock. For the third quarter of 2012, on a GAAP basis (the accounting standard for U.S. corporations), Facebook lost 2 cents a share versus making 10 cents a share the prior year. It lost money in the second quarter, too. In other words, Facebook lost money every quarter since its IPO on a GAAP accounting basis. Its margins were squeezed as decelerating revenues didn't keep up with growing costs -- "user growth" isn't always a good thing -- and it lost important gaming revenues. It also annoyed users, alienated advertisers and had an exodus of top talent. Facebook's initial public offering (IPO) came to market at a price of $38 on May 17, 2012, and it rose as high as $45. It closed on November 23 at $24, a 37% decline from its IPO price and down 47% from its high.

Many financial reporters didn't mention Facebook lost money last quarter, and as far as I know, none of them reported the enormous percentage increase in fraud. Perhaps that's because you have to crunch some numbers to see it.

In its S-1 filed May 16, 2012, Facebook reported it had 483 million daily active users (DAUs) and 845 million monthly average users (MAUs) as of December 31, 2011. It said it made "reasonable estimates" that 5-6% of the MAUs were fakes and repeated this in its Prospectus filed May 18, 2012. But in its 10-Q filing for the period ending June 30, 2012, Facebook reported 552 million DAUs and 955 million MAUs, and fakes were estimated at 8.7% of MAUs. The reported percentage of fakes had climbed, and the percentage was reported on a higher "user" base.

Now here's the tricky part. One would hope that Facebook netted out its estimated fakes when it reported its MAUs. If so, that wasn't clear to reporters, and it isn't specifically stated (that I could find) in the S-1, Prospectus, or the 10-K for the period ending June 30, 2012. If you don't net out the estimated fakes before reporting, then 8.7% of 955 million, or 83 million are estimated fakes as of June 30, and that number was widely reported. If you assume Facebook netted out the fakes before reporting numbers, then the fakes are 91 million for June 30. Why is that important? It determines the base upon which growth is calculated. If Facebook doesn't net out the fakes, it makes MAU growth look higher (because if Facebook didn't underreport at its IPO, then fakes are growing much faster) and it makes the growth of fakes look lower. For purposes of showing the fast rate of fake growth, I'll show numbers assuming first that Facebook didn't net out fakes -- as many financial reporters assumed -- and I'll show growth rates in parentheses as if Facebook did net out the fakes. The MAU growths shown in the next paragraph are calculated based on Facebook's reported MAUs:

During the six month period from December 31, 2011, to June 30, 2012, daily average users (DAUs) grew 14.3% or around 30.6% annualized. Monthly average users (MAUs) grew 13% or around 28% annualized. Relative to the December 31, 2011 base of 845 million with 5-6% fake users, Facebook reported a 64-97% increase in fake users (69-104% increase in fakes if Facebook netted before reporting the 845 million MAUs), or an increase of around 168-287% in fake users on an annualized basis (185-319% increase in fake users on an annualized basis if Facebook netted before reporting the 845 million MAUs).

No matter how you look at it, at the time of its IPO, Facebook either underreported the fraud problem, or the fraud growth soared. When was Facebook first invaded by this "new" herd of the walking dead? If Facebook didn't underreport, then why is fraud soaring?

Laughable Disclosure Claim: "Meaningfully Lower" Fake Profile Percentage in Developed World

Facebook's 10-Q for the period ending 9/30/12 claimed: "We believe that the percentage of accounts that are duplicate or false is meaningfully lower in developed markets such as the United States or Australia and higher in developing markets such as Indonesia and Turkey." Facebook goes on to explain why its claim isn't trustworthy. It's great comedy.

Based on my unscientific poll of 50 Facebook U.S.-based users (I'm not a user), many have multiple accounts. Reasons given included 1) one account for gaming and another for job applications, 2) a false persona account to be friended by an old girlfriend to spy on her (I gave that guy a wide berth) and 3) fantasy persona accounts to interact as a kind of "second life." Even when a user profile was "genuine," many users gave alternate email addresses and fake phone numbers, because they don't trust Facebook to protect their privacy. Facebook itself lists more reasons, including -- but not limited to -- profiles of pets and spammers. (See Appendix III.)

In its disclosures, Facebook never specifically mentions the word "impersonator" i.e., identity thief. I found that personally interesting, because as I wrote in July 2011, someone put up a fake profile of me. Thanks to Google Alerts, I discovered the problem. In order to get it removed, I had to prove my identity to Facebook with a government-issued I.D., yet the identity thief didn't have to prove anything at all to create the fake. I didn't want to fork over personal information to Facebook, but the alternative was that a fraudster might use the fake profile maliciously. Facebook reminded me of a punk holding a screwdriver over your parked car's paint job demanding payment to "protect" it as you run errands. To be clear, I'm not accusing Facebook of creating the fraudulent profile. Anyone -- including Facebook -- could have done it, but Facebook made it easy for fraudsters. (See Appendix IV.)

Facebook doesn't know how many profiles are impersonators, imposters or other types of frauds. Yet to prove identity to purge an identity theft, Facebook demands a government-issued I.D. So why shouldn't you demand the same proof before accepting any of Facebook's user profiles as genuine? Using its own standards, the quality of Facebook's user data stinks.

Disclosure: I've bought and monetized puts on Facebook since they became exchange-traded shortly after the IPO. ("Investors Bet on Facebook Fall," Kaitlyn Kiernan and Jonathan Cheng, Wall Street Journal, May 19, 2012.) I'm currently long other puts on Facebook.

This post is excerpted from a longer report: "Facebook: Soaring Fraud and Decelerating User Growth," TSF, November 26, 2012.

Endnote added December 3, 2012: Facebook's Controls are Still Lax

On November 27, 2012, Bianca Bosker, Executive Tech Editor for the Huffington Post, wrote that the previous week she discovered an account set up by someone impersonating her: "After being 'friended'" by myself on Facebook, I set out to learn as much as I could about who had created the bizarre--and unsettling--Bianca Bosker impostor account, a profile created under my name, with my profile photo, my cover picture, my personal information and even my most recent status update." (See: "Hunting My Facebook Impostor," November 27, 2012.)

Since she was already on Facebook, she was able to get Facebook to pull down the fake profile. But when she asked Facebook for the information it collected about the fraudster, she had to scan her driver's license and provide a notarized statement verifying her identity. Her independent investigation with Alex Horan of Core Security revealed IP addresses appeared to be in Ahmedabad, India, and he said it seems to be the source of lot of fraudulent Facebook accounts. But there are ways to make it only appear that way, so the source could be anywhere.

Also by Janet Tavakoli on Facebook's problems:

"Facebook's Plummeting Stock Price" -- October 16, 2012