With the popularity of streaming services skyrocketing for the past few years, millennials have now devised a new way to enjoy premium VoD services at no cost- through password or credential sharing.
Credentials sharing, which is happening unbeknown to the IP streaming service provider, is expected to cost nearly $10 billion to the US pay-TV industry according to Parks Associates. In fact, as per research, 14 % of Netflix users and 11% Hulu users in North America use the VoD services without paying for it.
Streaming services are losing out millions of dollars due to this malpractice of casual password sharing. So, as a video streaming service provider, how can you close this gap between the number of viewers consuming your content and the subscribers actually paying for it? Read on to find out.
What is Credential Sharing?
Credential sharing is the practice of sharing your username and password of a subscription or streaming service with your friends, colleagues or family. While this practice is completely legal, this seemingly innocent trend can lead to password leaks leading your password to be sold on hacking sites.
There are basically two types of account sharing:
Casual sharing - This refers to the practice of sharing login details with friends, family or colleagues. It’s legal and widely socially accepted.
Fraudulent sharing - This is the dangerous malpractice of stealing account details from legit subscribers and selling them on hacker sites where millions of viewers can get access to content illegally.
What’s wrong with Credential Sharing?
Well, the answer may not be that simple. While sharing passwords with friends and family is a common practice and widely accepted, when it comes to pirates getting their dirty hands on your account- it becomes dangerous. The internet is filled with instances of hackers selling legit account credentials on certain sites giving access to free content to thousands of viewers. In fact, in 2016 there occurred a string of account breaching instances. This leads to basic safety compromises of customer data leading to potentially dangerous consequences. Not only does this practice breach customer privacy but it also takes a financial toll on the service providing companies.
Risks of Streaming Service Providers
Along with the rise of video piracy, credential sharing is causing several unwanted risks for streaming service providers. According to Forbes, 2019 witnessed more than 3 billion combinations of username and password breaches including several social media sites and streaming services. Consequently, details of more than millions of users were leaked on various hacking forums.
1. Account privacy breach - This is perhaps one of the biggest problems in the media industry. When users share their login credentials with others, they are basically exposing their personal information. Details like payment plans, address of the user and calling histories can be easily accessed using the credentials which ultimately leads to customer data compromisations.
2. Loss of customers- Stolen accounts often leads to a common problem- the users’ viewing profile changes and recommendations go haywire. This irritates a paying customer as it destroys the QoE which he or she could have enjoyed otherwise. If this problem persists then customers are left with no other choice than to cancel their subscriptions.
3. Brand reputation- Constant churn in subscriber rate and leaking customer data will ultimately affect your brand image. Customers who are victims of inconvenience as a result of credential sharing can vent out their frustrations on social media that can seriously dampen your brand reputation.
4. Financial losses- Estimates suggests a loss of around a whopping $500 million for content providers in 2015 as a result of password sharing. When users share their credentials with others, (unpaid subscribers) they get access to enjoy premium content at zero payment. Such losses when estimated can amount to a huge sum.
How to Tackle Instances of Password Sharing
1. Track your users’ IP geological data
IP geological data links a particular user’s IP address with his or her geographic location information like where the user is logging in, how he or she is connecting to the internet, etc.
IP geolocation decisioning data helps you to determine suspicious behavior—for example, you will be able to identify whether the IP address is originating from a residential location or is it associated with anonymous proxy activity.
By using a robust IP geological data system, you can accurately track your users’ originating locations or spot instances of different logins from alternative locations that may indicate cases of password compromise.
2. Track and manage proxy users
Sometimes hackers use proxy servers or a VPN to consume content for the sole purpose of masking their actual location. This makes it difficult for content owners to locate fraudulent logins and access to content from alternative locations.
By using IP decisioning data, content providers or streaming channels can either geo-authenticate paid users or block hackers who frequently login via proxy servers to consume content.
You can also deploy secondary authentication techniques like SMS or KBA for any user who logs in from VPNs and proxy servers to ensure that you connect with a paid subscriber.
3. Keep track of typical behavior of your end-users through machine learning
To prevent fraudulent credential sharing, you have to closely monitor and constantly scan the ‘typical’ or unusual activity of your end-user. This is possible through AI and intelligent machine learning algorithms that help detect deviations in users’ sharing patterns. This includes the device from which the user is logging in, when and where they are logging in and for how long. For example, if a user based in New Jersey suddenly logs in from Hong Kong, you can assume that the person is traveling. But, if you detect hundreds of login sessions from different locations, there are chances that something’s not right.
4. Engage with your users before you start blocking them
It's a known fact that retaining existing customers is a lot easier than acquiring new ones. So, before you start flagging every instance of credential sharing, there are a few things to consider as the last thing you want to do is block a paid customer from streaming.
- Deploy soft enforcement through messages in case of suspicious behavior. Engage with your users using dialogues such as “Hi! We noticed that you logged in from a different location.”
- Request user verification “Please re-login using your username and password.”
- Try to use questions, the answers to which are unique and confidential that can confirm a legit user’s identity. For example: “We saw that you logged in from a different location. Please confirm your identity by selecting the correct answers to the questions below.” Questions can range from anything like mentioning the user’s pet name or their favorite holiday destination.
Its high time streaming services start taking action on this increasingly risky trend of password/account sharing. Instead of shouldering the costs of millions of unpaid streams, make sure you track down hackers using AI and IP intelligence data. You can even introduce the concept of family bundles or roommate bundles so that friends and family members who were previously enjoying a free service could stream at a lower rate.
If you need any professional help to tackle credential-sharing issues, you can always communicate with our OTT experts by clicking here.
Sign up for our 14-day Free trial, now!