Account Fraud is Disrupting Online Streaming Services: What Providers Can Do? Before most of the population began spending so much time at home, the use of video entertainment services was already burgeoning. The current boom in demand for streaming services for video and music is a cause for industry celebration, but it has a dark side.
Account fraud, sharing and takeover is emerging as a serious business challenge to over-the-top (OTT) and pay-TV businesses, allowed by login sharing and identity theft.
In 2019 alone, $9.1 billion was lost in sales due to account sharing and data piracy, according to Parks Associates, with a projection of approximately $12.5 billion to be lost by 2024. For curtailing both, that makes quite a case.
IBM Security fraud analysis reveals that, with passwords, credit card numbers and proprietary content commonly sold on the darknet, few, if any, of the major streaming platforms are spared. Compromised accounts not only harm income, they also placed service providers at risk of not agreeing with the conditions of their arrangement with the owners of content.
What if streaming platforms could, by building real-time risk profiles for user accounts and associated devices, protect against account sharing and account takeover fraud? What if you could also apply those capabilities through highly secure and frictionless viewing to distinguish and change your customer experience, create trust, loyalty and growth?
Check out these related posts.
- 9 Best WiFi Penetration Testing Tools Hackers Use in 2021
- Security Strategy Planning Guide to Prevent DNS Attacks
- 2021 Top Rated Unified Security Management Software
- Beware: E-Commerce Skimming is the New POS Malware
Let’s first take a closer look at three problems that need to be overcome.
1. Account Fraud is Part of the Culture
There is significant cognitive dissonance among users, and even streaming service providers themselves, over how much password sharing is even a problem. Approximately 39% of millennials share their password and don’t think of it as fraud or robbery, Park Associates states.
Hub Entertainment Research found that 80% of 13-24-year-olds say they have given someone who does not live with them an online TV service password, even though most streaming platforms restrict sharing to a household.
The same study states that it’s not any easier for the older crowd: 29 percent of consumers aged 35-74 admitted exchanging passwords. Until now, tolerance in the industry has been strong since it is generally understood that the simplicity of today’s account sharing helps maintain current accounts and build customers for tomorrow.
The major video streaming services seem to take a reasonably casual approach to exchanging passwords, according to Wired, “unofficially, although they limit how many streams you can run on multiple devices simultaneously.” It might get you into trouble by using these logins at a multitude of addresses.
Password sharing is due to almost 10% of Netflix customers not paying the monthly bill, resulting in lost revenue of over $135 million.
But the issue is far bigger than overusing and underpaying legal users for accounts. The simple fact is that control over account access is lost once passwords or credentials are exchanged, opening a Pandora’s box for malicious use and piracy of content.
2. Account Fraud is Criminal
Money is made, but not legally, by account sharing. Nearly every service, even right at launch, is a target. Thousands of passwords were already sold or provided for free on the dark web only a week after Disney+ launched in November 2019.
Subscribers of one major service complained of having strangers without knowing when the illegal usage had started or how long it had been going on in their premium accounts.
3. Account Fraud is Everywhere
The existence of this theft was confirmed by IBM fraud researchers. For over a decade, they have been researching the digital fraud environment and questioning fraudulent conduct in the financial sector. In the streaming services industry, IBM teams see the same refined approaches and strategies they have seen in the banking sector.
Wherever there is a hot market, and video and music streaming are red hot, there is fraud,” notes IBM Security Trustee Senior Threat Researcher Tomer Agayev.”
Agayev mentioned abundant instances of illegally sold, heavily subsidised, legitimate streaming account subscriptions on popular, anonymous telegram channels for as long as five years.
He noticed that darknet vendors sell premium streaming accounts shamelessly in the same post alongside credit cards and bank accounts, an indication that the streaming market is seen as enticing and lucrative.
IBM fraud scientists are seeing actions familiar with digital banking fraud in the streaming arena. Mobile overlays, such as the recently resurfaced Ginp Trojan overlay, as well as phishing and stuffing of bot-based credentials, are included.
Even using ‘domain squatting’ to make a false URL appear like the real one, phishing is high tech. It is quite an investment to adapt attack strategies to fresh objectives.
IBM streaming services clients have shared their own sightings, reinforcing these findings:
- Fraud is getting more refined; it’s difficult to keep up.
- It’s hard to know which users and devices are trustworthy.
- Fraud protection solutions are piecemeal.
- Going soft on account sharing helps the service provider compete.
But, change is upon us.
Industry Targets Account Fraud
A change is underway, driven by lower tolerance for the loss of sales and possible material misuse among industry stakeholders. “Executives of the cable industry warn that a crackdown on password sharing is imminent, as “streaming services that welcome additional viewers today will regret the lost income that subscribers may not carry to the table tomorrow.
Thomas Rutledge, Charter CEO, told Wall Street analysts, “Pricing and lack of protection continue to be the key problems contributing to the challenges of paid video development.”
The International Broadcasting Convention also encourages the industry to secure the delivery of material: “With more media companies turning to OTT and IP-led networks… it is more necessary than ever to protect content from unauthorised usage and prevent loss of revenue… on its path into the homes of legitimate consumers without degrading service standards.”
In short, a streaming company is responsible for defending and stopping account theft and taking over by identifying unauthorised users and thieves. Merging fraud detection with digital identity confidence mechanisms empowers the streaming service not only to stop account fraud, but also to boost service levels, a win-win for both the customer and the service provider.
How to Use a Comprehensive Trust Service
What’s to be done, then? By developing a specific consumer experience with a digital identity confidence solution, streaming sites will raise the pressure on end users. A solution such as this should feature end-to-end tools to detect real-time account fraud.
Trusted users would never see account security used in this way. This involves multiple trusted users on a given account profile, cutting down or eliminating requests for passwords, spanning multiple households (if necessary) and accepting updated devices without registration or de-registration.
Furthermore, informing policy by risk and confidence scoring helps the organisation to minimise overuse of measures such as improvements or other deals. Finally, with regard to content use and security, it also helps maintain compliance with studios.
Removing Account Fraud Can Benefit Customers
For streaming services, achieving a frictionless client experience means going well beyond basic geolocation and monitoring of IP addresses. While such tools/capabilities could function for simple monitoring, a solution that incorporates much more advanced capabilities needs the complexities arising from having multiple users and devices on a given account.
Through the lens of activity identified for that account profile, system, environment and behaviour must all be inspected, fraud patterns calculated from deep research into identity compromise modus operandi across the internet, darknet and consortium data from known fraud events worldwide.
An efficient approach needs to test several types of parameters in concert, including system configuration and biometrics of actions, such as how the mouse is carried or pushed around the screen by the user.
Building a risk profile of known and unknown users enables the authentication process to range from frictionless and passwordless to multi-factor authentication challenges for high-risk connection attempts for low-risk sessions.
An end-to-end, context-based approach gives leverage over account sharing to the streaming business. An organisation can tailor a digital identity confidence solution to its palate to access, upsell or the next step it wants to take by incorporating heuristics, logic and personalised policy description.
Imagine authorized customers from any device, location or household accessing their streaming services account, even without a password, and finding a custom, friendly experience, all while darknet users are kept out.
- Working Safely from Home – Online Security Measures in this Pandemic
- Importance of Web App Security over the Increasing Web Application Attacks
- Hybrid Cloud Security Puzzle: Integrated Solutions for Cloud Computing
- Make Sure Your Security Policies Survive the Transition to the Cloud
- Best Methods to Improve Information Security in Companies
- Healthy Ways to Guarantee Public Cloud Security: Best Practices & Guidelines