At that level, "percentage" is an insufficient measure. You want "permillionage", or maybe more colloquially "DPM" for "Defects Per Million" or even "DPB".
You'll still get false positives though, so you provide an appeal process. But what's to prevent the bad actors from abusing the appeal process while leaving your more clueless legitimate users lost in the dust?
(As the joke goes: "There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists" [1])
Can you build any vetting process, and associated appeal process, that successfully keeps all the bad actors out, and doesn't exclude your good users? What about those on the edge? Or those that switch? Or those who are busy, or wary?
There's a lot of money riding on that.
[1] https://www.schneier.com/blog/archives/2006/08/security_is_a...
Why banks have heavy compliance costs? Doing proper AML and KYC costs money and society decided that it was critical enough to bear that cost even in light regulation countries.
A lot of the financial success of those companies is in part the result of not fully taking responsibility for the consequences of their business activity. Eventually they will, under social pressure that this post success represent, or by laws.