It’s a common practice for users of subscription streaming services to share their login credentials. Unfortunately, streaming businesses lose billions of dollars a year to this practice.
With an estimated 100 million households globally sharing passwords, Netflix has started cracking down on password sharing. The streaming service plans to charge primary account holders an extra fee for every password sharer to compensate for lost revenue.
But digital streaming businesses don’t just lose revenue to password sharing. Fraudsters also take advantage of subscribers’ lax password-sharing habits to turn a profit. And this practice can put service providers at risk of non-compliance with content owners.
Additionally, these account takeover (ATO) attacks disrupt the user experience, erode customer trust and loyalty, and damage the platform’s reputation. Although most customers re-use passwords across online accounts, streaming services should provide account protection to avoid the costly effects of ATO attacks.
Digital streaming businesses that operate under subscription business models can prevent streaming fraud and drive subscriber growth by protecting subscriber accounts and expanding into new international markets.
What is streaming fraud?
Streaming fraud, or subscription billing fraud, is any unusual or fraudulent activity related to streaming subscriptions and accounts. This activity can be divided into five types: account takeover fraud, new account fraud, policy abuse, friendly fraud, and click fraud.
1. Account takeover fraud erodes subscriber trust
Fraudsters typically commit account takeover through data breaches. They steal user credentials and sell them to other customers at a lower price than the streaming service charges for a subscription.
Worse, fraudsters can access and sell more accounts if customers use the same login credentials across multiple accounts. And customers will usually hold the business responsible when their accounts are breached.
According to a ZDNet report, fraudsters put subscriber accounts up for sale hours after the launch of a new streaming service. As a result, they accessed accounts with login credentials leaked from other sites. And subscribers flocked to social media platforms to talk about their hacked accounts, placing responsibility for account security on the streaming services.
2. New account fraud leads to disputes and poor user retention
Fraudsters often create hundreds of new accounts to sell false accounts or take advantage of new-user promotions. They may use stolen credit cards to pay for a subscription and then sell the new accounts to customers at a discounted price. This practice often results in disputes from current or prospective subscribers whose cards are used fraudulently.
Additionally, fraudsters who take advantage of new-user promotions commit promo abuse and waste marketing spend. For example, say a streaming service offers a sign-up bonus for new customers and gets hundreds of new accounts. While it may look like the campaign was a success, the fake accounts result in zero return on customer retention.
3. Policy abuse costs businesses revenue
Customers who share their credentials with many users commit policy abuse fraud. Many streaming services have allowed password sharing amongst members of the same household. But many subscribers share their passwords with many people outside of their homes, thus abusing password-sharing policies.
Password sharing also increases the likelihood of those credentials falling into the hands of a fraudster who may resell those credentials online. As a result, streaming services miss out on revenue and new subscriber growth.
4. Gifted subscriptions could lead to friendly fraud disputes
44.95% of respondents In a recent Kount survey on holiday shopping trends said they would be likely to purchase a retail or streaming subscription as a gift during the holiday season. While subscriptions as gifts may be a great way to boost subscription growth, these new subscribers could put your business at risk of friendly fraud.
Once the gifted subscription runs out, these new subscribers may forget they signed up for services and initiate disputes when they get the bill for re-upping the service. Your rebill policies should be clear and cancellation processes easy to follow to avoid these kinds of disputes.
5. Music streaming fraud takes money from real artists
Music streaming fraud is when an artist or fraudster artificially inflates streams of their tracks. Most music streaming platforms pay artists per stream, so streaming manipulation can be enticing and lucrative for fraudsters. But it hurts real artists trying to share their work and make money from music streaming platforms.
For example, fraudsters will set up an artist account with some fake tracks and then run a bot to stream those tracks on repeat. The more streams an artist gets, the more the artist gets paid, so it can bring in a regular profit for the fraudster. But that profit takes opportunities away from real artists who get fewer streams on their music. In turn, it can reflect poorly on the streaming platform.
Password sharing costs billions in revenue
While many streaming services allow password sharing among household members, many subscribers share their login credentials with members outside their households. As a result, these subscribers commit policy abuse fraud by oversharing their login credentials and abusing password-sharing policies set by the streaming business.
However, many subscribers don’t intend to commit policy abuse fraud. For example, say a subscriber’s friend wants to watch one show on a streaming platform but doesn’t want to pay for a whole subscription. So the subscriber shares their login credentials, thinking their friend will only watch the one show.
But once that friend finishes the show, they find other shows on the streaming platform to watch and continue to use the subscriber’s login credentials. This practice might not seem like a big deal to the subscriber and their friend.
However, password sharing can cost businesses billions of dollars in lost revenue. Based on consumer data, Parks Associates predicts that by 2024, streaming services will lose an estimated $12.5 billion in revenue to piracy and account sharing.
Lack of account security poses the greatest risk to streaming businesses
Fraudsters are always on the hunt for data breaches so that they can steal account credentials and sell out profiles under active users. What’s more, they can steal stored payment information and open new account subscriptions using those stolen credit cards.
For example, say a fraudster gets hold of a list of user login credentials. Once they find a few combinations that match, they break into accounts, steal payment information, and change passwords to lock out account owners.
From there, the fraudster may sell the existing accounts online for a lower price than the streaming service charges. They may also open new accounts on other streaming platforms using the stolen credit card information.
In turn, the original account owners who were locked out of their accounts will become frustrated and may blame the streaming platform for not securing their accounts. And consumers whose credit card information was stolen may file disputes, resulting in costly chargebacks.
Eventually, customers will lose trust in the streaming platform and may cancel their subscriptions altogether. And at a time when customers have an abundance of streaming services to choose from, it’s vital that service providers ensure customers aren’t leaving because of an easily preventable issue.
How to protect user accounts, reduce streaming fraud, and grow revenue
Streaming fraud prevention starts with a solution that combines machine learning, device intelligence, and customizable business policies to identify risky behavior in real-time.
1. Invest in an account takeover solution to stop fraudsters
When fraudsters gain access to customer accounts, they frustrate customers and cost you revenue by selling those accounts online at a discounted price. But you can prevent those issues with an account takeover solution.
The solution starts by identifying suspicious login behavior. Once the solution detects abnormal behavior, the business can choose to block it entirely or challenge it, depending on its rules and policies.
For example, suppose a fraudster attempts to log in to an account via credential stuffing from an unknown mobile device. In that case, the solution can recognize that the user is trying to breach the customer account and stop the activity.
2. Implement passive authentication and MFA to verify account holders
One way to tackle password-sharing issues is to implement a solution with device intelligence so that you can manage trusted devices. Additionally, by implementing passive authentication and multi-factor authentication (MFA), you can ensure that actual account holders are the ones using their accounts.
For example, if the account holder logs in to their account with a known device, the solution will match the user with the device and bypass the need for MFA. On the other hand, if a fraudster or user from another household tries to log in to the same account with an unknown device, the solution can trigger MFA protocols to challenge the login attempt.
3. Drive revenue and grow your business with payments fraud protection
Implementing a payments fraud solution doesn’t just protect you from fraud. It also opens opportunities to drive revenue growth, convert the right subscribers, and gain visibility into account activity.
A payments fraud solution can help drive revenue by reducing risks associated with new account openings. Additionally, it can help reduce false positives so that you don’t turn away good customers.
Furthermore, you can gain access to data from a global network to help expand your business into new international markets. The data can also provide access to richer customer data and insights so you can offer better customer experiences and improve subscriber conversions.
When a popular music streaming service implemented Kount, they reduced their chargebacks and expanded their business in over 40 new countries. Unfortunately, some target countries were located in regions with significant fraud risks. But, thanks to the right solution, the music streaming platform could offer services to subscribers in those countries without increasing their fraud risks.