At that level, "percentage" is an insufficient measure. You want "permillionage", or maybe more colloquially "DPM" for "Defects Per Million" or even "DPB".
You'll still get false positives though, so you provide an appeal process. But what's to prevent the bad actors from abusing the appeal process while leaving your more clueless legitimate users lost in the dust?
(As the joke goes: "There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists" [1])
Can you build any vetting process, and associated appeal process, that successfully keeps all the bad actors out, and doesn't exclude your good users? What about those on the edge? Or those that switch? Or those who are busy, or wary?
There's a lot of money riding on that.
[1] https://www.schneier.com/blog/archives/2006/08/security_is_a...
I've had a problem with my Amazon account for years now, after Amazon billed me (on my seller account) for something they shouldn't have.
After I complained, they agreed to refund it. Except the refund never arrived.
Asked many times over the years "WTF?", and someone always promises to look into it after agreeing they can see the problem.
Never to be heard from again. Same pattern has happened every single time (many times). Obviously, something about it puts it in the "too hard" basket... :/
Needless to say, I don't use Amazon's services much at all any more unless required for job purposes. And I steer people away from AWS for the same reason too.