GPTZero investigation reveals fabricated citations and hallucinations in Ernst & Young loyalty fraud report
An audit of Ernst & Young Canada’s 2025 report on loyalty system fraud has uncovered widespread AI-generated errors, fake sources, and internal inconsistencies, raising concerns about data integrity in financial research.
An investigation by AI detection firm GPTZero has identified numerous hallucinations, fabricated citations, and broken references in Ernst & Young Canada’s 2025 cybersecurity report, titled Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems. The report, authored by three EY Canada employees, claims to analyse cyber threats in loyalty schemes but contains inaccurate statistics, misattributed sources, and text described as lacking human fingerprints.
GPTZero’s automated pipeline and manual verification found that more than half of the source titles in the report’s reference table do not correspond to real sources, and most URLs are broken or non-existent. The document, which references sources directly in the text rather than using footnotes, is alleged to feature AI-generated content riddled with common large language model errors, including fake statistics and internal contradictions.
Key claims in the report are internally contradictory. The executive summary states the global loyalty points market is valued at $200 billion, with 30–50% of points going unused. However, on page 10, the report attributes the $200 billion figure specifically to unredeemed points. Given the earlier claim that up to half of points are unused, this would imply a total global market value of at least $400 billion. The report cites a fabricated McKinsey & Company report, Loyalty Economics Report (2022), to support this claim, a citation that appears to have been laundered from a blog post on the UK fintech magazine Financial IT.
Further inconsistencies involve statistics on fraud prevalence. The report claims 72% of customer loyalty programs have reported theft or fraud, attributing this to both Paystone and Forter, neither of which appear in the reference table. The original source appears to be a 2017 Ipsos survey. Additionally, a claim that fraud attacks increased 89% since 2019 is later limited to the 2018–2019 period and attributed to the Forter Fraud Attack Index, a source that is substantially out of date.
The report has been syndicated to over 60 Australian newspapers, including the Canberra Times, and is reportedly being surfaced by AI search tools such as Claude, ChatGPT, and Perplexity. GPTZero warns that such publications can poison data for AI research tools, misleading future researchers and investors who rely on accurate market intelligence from major consulting firms.
