More people are watching your content than paying for it. But early on, credentials sharing didn’t seem like an issue. Viewers are viewers, even if they’re using their boyfriend’s cousin’s login. This was just customer acquisition.
But when pirates are selling compromised credentials online, and giving access to your content to hundreds of thousands of people, credentials sharing becomes exponentially more serious – and frustrating.
It’s money left on the table. It compromises the safety of your customers’ data. It increases your infrastructure costs.
So what can you do about it?
Credentials sharing is just that – when somebody’s login details are shared amongst several people. This can be completely innocent, like sharing a login with your family, or more nefarious – when passwords get stolen or sold, for example.
There are usually two types of credentials sharing.
The hard thing about tackling credentials sharing is that you need to be able to tell the difference between these two groups – because you’ll want to handle them differently.
The algorithms can detect anomalies in people’s sharing behaviours – whether it’s the device you’re using, when, where and for how long – in a privacy-safe way.
So if you’re suddenly watching the same content in a different time zone, you’re probably travelling. But if you’ve got hundreds of sessions in different locations, all at the same time – chances are something’s not right.
The algorithms assign confidence scores to each result, which can then be evaluated in-house with proprietary benchmarks.
They adapt to changes in the viewing habits of the population too – people will obviously watch more football when the World Cup is on, for example.
As with all algorithms, these get better with time and data. We work closely with our customers to improve their accuracy by modeling the right features for their platforms.
Our Operational Security team also bring their in-field expertise to make sure the models stay one step ahead of the pirates.
That might be by cross-referencing databases of stolen credentials with the accounts that have been flagged as fraudulent. Or by using the latest threat intelligence to understand the patterns they follow.
They know their territories, and use their knowledge of local regulations and viewing habits to validate specific use cases.
By combining all this data from multiple sources, you get collective intelligence.
And once you’ve got this information, you can finally start to act on it. Here’s how.
There are two kinds of response when you’ve identified sharing accounts: you can trigger some security measures, or target them with some personalized marketing. (Or both.)
These responses are a good way to test whether the accounts you’re dealing with are legitimate or not, and turn them into an additional source of revenue – without harming the user experience of your paying customers to do it.
A security response could be resetting a user’s password if you suspect them of fraudulent credentials sharing – forcing log outs on all their user sessions.
You’ll quickly be able to see whether they’re able to get back into their account or not – and how many devices they actually have.
A marketing response is encouraging users to upgrade to a family account, so family members who don’t live in the same household can continue to watch, for example.
In that case, some providers put a time limit, or block the user from watching until the account has been upgraded. Others prefer to offer different, less abrasive incentives – like more customised packages based on each user’s individual viewing patterns.
Marketing and security responses are not mutually exclusive, either – sometimes you need a bit of both. With the right incentives, a user who bought stolen credentials might switch to a discounted but legitimate package and become a paying subscriber.
It’s up to you to decide on the best approach according to your policies.
When you tackle credentials sharing, there are two big opportunities you unlock.
…comes from cracking down on the piracy that’s happening across your service right now.
Currently, you’re shouldering the costs of these unpaid streams. And people are less likely to sign up to your service because they’ve just watched your flagship show for free.
By making sure people can’t watch your content for free, you increase the value of that content, and therefore the revenue it can generate.
…is potentially even bigger. You could offer family bundles and roommate rates that successfully turn previously free users into paying ones.
In fact, providers can add ‘sharing intention’ as a new dimension to their targeting. And by combining that knowledge with people’s viewing behaviours, you can build more personalised experiences – the kind your customers expect.
Either way, the important thing is that you close the gap between the number of people watching your content – and the number of people paying for it.
Credentials sharing is too big a problem to ignore. And these opportunities may well be too big to miss.