After months of speculation, 2023 was the year Netflix took action to prevent people sharing their passwords with individuals who don't reside in the same household. It’s not a move that’s been greeted with enthusiasm by consumers, but it’s understandable following a year where streaming and other subscription companies are struggling to grow and retain customers.
And Netflix is not alone. Other streaming services are considering similar actions, and with good reason. It poses a risk not only to an organization, but also to its customers.
A customer benefit but a business challenge
When it comes to account sharing, we have either done it ourselves, or know someone who has. Which would explain the sheer scale of the activity – according to Netflix, shared accounts are being used by more than 100 million households across the globe.
On that basis alone, it’s clear to see a strong incentive for taking action against password sharing – the damage to income and the risk to revenue expansion is significant and growing. To consumers it may seem like an innocent perk, but it’s far from being a victimless crime.
The criminal element of account sharing
In a growing number of territories it actually is a crime; namely, fraud. In the USA, sharing passwords is illegal under the Computer Fraud and Abuse Act, which prohibits people from intentionally accessing a computer without (or in excess of) authorization.
The Intellectual Property Office (IPO) in the UK published new guidance in December 2022 which stated that password sharing was a criminal and civil offence, with those doing it theoretically facing prosecution.
Data breaches and ATO
There’s another important factor that needs to be considered: password sharing poses significant security risks. Those risks increase the more often a password is shared, as well as where it’s shared.
That increases the risk of account takeover fraud (ATO) – not only on the account in question, but any other accounts that use the same password. Password reuse is highly common, and bad actors are highly adept at scraping information from any account to stage attacks on more desirable targets such as bank accounts.
And of course, password sharing can open the door to business-critical systems or systems holding sensitive data. Data breaches are highly damaging – not only in terms of the costs associated with investigation and recovery, but they also carry the potential for massive reputational damage and regulatory fines.
New tools for an old challenge
If there’s a common thread to all of these challenges, it’s the most obvious one of all: the password itself. Passwords are ubiquitous but are the route cause for all of the problems outlined above. From an end user perspective, the attraction is understandable – they’re usable by anyone, regardless of their degree of technological literacy.
But that ease of use comes at a price and as we’ve seen, that price can be high. Password resets have, for many become the new login, but for businesses they incur huge administrative overheads. Likewise, the SMS OTPs commonly used as second factor authentication carries a significant and ongoing cost pressure.
Turning a negative into a positive
New technologies such as orchestration layers help us look past the authentication paradox and unlock the potential to deliver value to what might be seen as a negative to many customers.
This, combined with AI and ML technologies are allowing streaming and subscription companies to leverage data insights such as last login, device type and behavioral insights to detect account sharing activities, then using orchestration to relay the appropriate action for their business.
This means that customers can be offered tailored messages that might offer an upsell to a premium account, provide them with a credit, simply flag a warning or block the user. All without adding friction for genuine users who want to get into their account as quickly as possible.
When it comes to password sharing, organizations can now look beyond the idea of authentication being allow / deny access. The advent of digital solutions is allowing for unique and bespoke journeys to be offered.
How Callsign can help with account sharing
It's why many businesses are turning to solutions such as Callsign, which offers not only greater levels of security, but also eases the friction that password-based approaches can bring.
Using data insights such as last login, device type and behavioral insights to detect account sharing activities, you can then control the onward journey. If our intelligence signals detect an account being used simultaneously on several devices, you can opt to push a tailored message to the primary device, alerting them of activity that they may not have authorized. This could be offering them an upgrade to their subscription that allows sharing, simply giving them warning for an early infringement or blocking access altogether. As well as ensuring consent is driven by the account owner, you can offer flexible interactions to your customers, turning lost revenue into genuine opportunities and even new revenue potential.
Whatever approach you take, Callsign can make it possible, protecting you and your customers from the financial, reputational and legal problems that account sharing can bring.