Synamedia logo
Credentials Sharing

Credentials sharing: what it is and how you can tackle it

Close the gap between the number of people watching your content and the number of people paying for it.

Home > Video Solutions > Video Security > Credentials Sharing

Is credentials sharing really a problem?

More people are watching your content than paying for it. But early on, credentials sharing didn’t seem like an issue. Viewers are viewers, even if they’re using their boyfriend’s cousin’s login. This was just customer acquisition.

But when pirates are selling compromised credentials online, and giving access to your content to hundreds of thousands of people, credentials sharing becomes exponentially more serious – and frustrating.

It’s money left on the table. It compromises the safety of your customers’ data. It increases your infrastructure costs.

So what can you do about it?

Credentials sharing animation

What is credentials sharing?

Credentials sharing is just that – when somebody’s login details are shared amongst several people. This can be completely innocent, like sharing a login with your family, or more nefarious – when passwords get stolen or sold, for example.

There are usually two types of credentials sharing.

‘Casual’ sharing

  • Friends and family sharing their passwords
  • Often, but not exclusively across households
  • Widely socially accepted
  • Not for profit
Casual sharing animation

‘Fraudulent’ sharing

  • Passwords shared across thousands of people
  • Hacked or compromised credentials sold off for profit
  • Deliberate misuse of service terms, like pooling
  • Generally malicious
Fraudulent sharing animation

The hard thing about tackling credentials sharing is that you need to be able to tell the difference between these two groups – because you’ll want to handle them differently.

How do you spot credentials sharing?

The good news is that you can actually identify the accounts that are sharing credentials – and which type of sharing they’re doing.

All you need is machine-learning algorithms, behavioural analytics, and human intelligence. Together, we call it collective intelligence.

Here’s how it works.

Step 1

Understand how they share.

The algorithms can detect anomalies in people’s sharing behaviours – whether it’s the device you’re using, when, where and for how long – in a privacy-safe way.

So if you’re suddenly watching the same content in a different time zone, you’re probably travelling. But if you’ve got hundreds of sessions in different locations, all at the same time – chances are something’s not right.

Credentials sharing step 1

Step 2

Set up benchmarks

The algorithms assign confidence scores to each result, which can then be evaluated in-house with proprietary benchmarks.

They adapt to changes in the viewing habits of the population too – people will obviously watch more football when the World Cup is on, for example.

As with all algorithms, these get better with time and data. We work closely with our customers to improve their accuracy by modeling the right features for their platforms.

Credentials sharing step 2

Step 3

Use real-world experience

Our Operational Security team also bring their in-field expertise to make sure the models stay one step ahead of the pirates.

That might be by cross-referencing databases of stolen credentials with the accounts that have been flagged as fraudulent. Or by using the latest threat intelligence to understand the patterns they follow.

They know their territories, and use their knowledge of local regulations and viewing habits to validate specific use cases.

Credentials sharing step 3

By combining all this data from multiple sources, you get collective intelligence.

And once you’ve got this information, you can finally start to act on it. Here’s how.

How do you tackle credentials sharing?

There are two kinds of response when you’ve identified sharing accounts: you can trigger some security measures, or target them with some personalized marketing. (Or both.)

These responses are a good way to test whether the accounts you’re dealing with are legitimate or not, and turn them into an additional source of revenue – without harming the user experience of your paying customers to do it.

A security response

A security response could be resetting a user’s password if you suspect them of fraudulent credentials sharing – forcing log outs on all their user sessions.

You’ll quickly be able to see whether they’re able to get back into their account or not – and how many devices they actually have.

Credentials security

A marketing response

A marketing response is encouraging users to upgrade to a family account, so family members who don’t live in the same household can continue to watch, for example.

In that case, some providers put a time limit, or block the user from watching until the account has been upgraded. Others prefer to offer different, less abrasive incentives – like more customised packages based on each user’s individual viewing patterns.

Credentials marketing

Marketing and security responses are not mutually exclusive, either – sometimes you need a bit of both. With the right incentives, a user who bought stolen credentials might switch to a discounted but legitimate package and become a paying subscriber.

It’s up to you to decide on the best approach according to your policies.

Could credentials sharing actually be a source of revenue?

When you tackle credentials sharing, there are two big opportunities you unlock.

The first opportunity…

…comes from cracking down on the piracy that’s happening across your service right now.

Currently, you’re shouldering the costs of these unpaid streams. And people are less likely to sign up to your service because they’ve just watched your flagship show for free.

By making sure people can’t watch your content for free, you increase the value of that content, and therefore the revenue it can generate.

Woman exasperated at laptop

The second opportunity…

…is potentially even bigger. You could offer family bundles and roommate rates that successfully turn previously free users into paying ones.

In fact, providers can add ‘sharing intention’ as a new dimension to their targeting. And by combining that knowledge with people’s viewing behaviours, you can build more personalised experiences – the kind your customers expect.

Friends sat with each other

Credentials sharing footer animation

Either way, the important thing is that you close the gap between the number of people watching your content – and the number of people paying for it.

Credentials sharing is too big a problem to ignore. And these opportunities may well be too big to miss.

If you would like to learn more about video account credentials sharing and password fraud, their differences and their impact on your business, read our ‘Guide to Addressing Streaming Video Credentials Sharing the Smart Way’.

Talk to us about how we can help you make the most of your video assets.

Get in touch

Synamedia and AWS:
Protecting over-the-top streaming with
watermarking and disruption

Part II: VOD