Credential Sharing Mitigation Strategies
By Radhika Shivaprasad, Samuel Kornstein, Rishi Modha, and Heather Sabel
Based on a recent Cartesian survey, 22% of Americans aged 18-60 admit to using login credentials borrowed, purchased, or stolen from someone outside their household. This behavior is so prevalent on popular streaming platforms that Netflix recently began cracking down on the practice through two-factor authentication.
This isn’t just a problem for Netflix: Our survey found that 19% of Americans use shared credentials to access ESPN Plus, 17% to access Hulu, 15% to access CBS All Access, and 15% to access Disney Plus, among multiple other services examined.
Credential sharing negatively impacts providers, but conventional restrictive solutions are at odds with subscriber expectations.
Credential sharing represents a significant missed revenue opportunity for streaming video providers, costing an estimated $6.2 billion each year. It also puts additional pressure on platform infrastructure, resulting in higher operational costs. If left unchecked, sharing in degrees increasingly removed from the original subscriber also places consumer data at risk.
Many content providers wish to mitigate credential sharing, but many of the most common strategies to do so reflect a trade-off between building a secure platform and meeting subscriber expectations for a great product experience without friction.
Let’s explore a few of the most common approaches and their drawbacks.
- Device limits clash with the subscriber expectation of having the flexibility to use an account on any household device.
- Geographic restrictions pose problems since subscribers expect to be able to access content anywhere — this is particularly problematic for subscribers who travel often.
- Concurrency limits can be frustrating for subscribers who have multiple household members who often stream simultaneously.
Given that these approaches harm the consumer experience, content providers need better solutions.
We help providers thoughtfully mitigate credential sharing in three ways:
We work with providers to design, implement, and monitor tactics well established in other fields. One example is sending email notifications to accounts with suspicious usage patterns when a new device signs into the account. This improves account security, as subscribers who are unaware that a new device signed into their account can proactively reset their passwords. Subscribers who are intentionally sharing credentials are subtly reminded that their devices are being monitored, which may encourage them to reduce sharing.
Targeted and escalating friction
For more severe cases where notifications have little effect, we help deploy incremental responses with escalating user friction (e.g., signing out users, or requiring them to reset their password). This approach can target a select group of accounts with a long history of credential sharing patterns while also preserving a great user experience for customers who abide by the terms of service.
Incentives to sign-up
We help providers target non-paying users with high propensity to sign-up and provide them incentives (e.g. referral discount / free trial) to subscribe. This approach can help convert highly engaged users into paying subscribers in a cost-effective way, without affecting the experience for the main account holder.<>
Credential sharing is a delicate issue to manage given the trade-offs involved — an in-depth account of the extent of the challenge can be found in this report. At Cartesian, we help content providers develop robust programs to combat credential sharing, from identification all the way through to action. Our proven approach helps reduce unwanted behavior while minimizing negative impacts on consumer experience. Contact us to see how we can help you combat credential sharing and convert sharers to subscribers.