How to Prevent Revenue Loss Due to Credential Sharing
Current scenario
With the advancement in technology and on set of pandemic more and more broadcasters and content vendors turned to streaming. Initially to grab the user base the credential sharing was allowed and it was not considered as a major problem. But as the user base increases but the revenues are not as expected, there is a need to tackle this problem.
It is one of the worrying factors in the OTT industry as the losses due to it are mounting. According to Citi analyst Jason Bazinet illegal sharing of subscription streaming services is a $25 billion-a-year problem for U.S. operators
A recent Cartesian survey of streaming video service users found that 22% of US residents admit to using credentials obtained from someone outside their household to access video content without paying for it.
What Exactly is Credential Sharing?
Each streaming OTT platform charges a certain amount as subscription fee and provides user ID and password for viewing the content. The legitimate subscriber, sharing this info with his friends and families, it is termed as credential sharing. Sometimes it is shared even with 3rd party resellers for making some quick bucks. As a result, one user pays and “N’ number of users view it for free. This causes losses in terms of millions of dollars every year to the streaming/OTT vendor.
Ways to Prevent Credential Sharing?
-
- Mac Binding with device registration: Once a subscription amount is paid, usually only two/three devices, in particular IP networks, are registered for playback. The unique ID created using MAC and IP address are allowed to play contents.Now if credentials are shared and any other device requests for playback it would be prevented as the device is not registered.
The drawbacks of this technique:- This comes with a restriction such as users cannot view contents on the go or while travelling.
- If content needs to be watched on a new phone/device then the earlier device needs to be de-registered which is cumbersome.
- Application Level Restriction:Concurrent Stream Limiting (CSL) can be implemented by checking the playback start and end times of content via a communication between the service application and backend server.This method is also applied to many services along with the limit on the number of devices, but it has the following problems.
- Possibility of bypassing through hacking: It is possible to bypass the concurrent stream count logic through hacking the client application.
- Possibility of mismatched count: When a situation such as an abnormal termination of the client application occurs, the ‘play end’ signal to the server can be lost. So the server’s ‘concurrent stream count’ may not decrease, then the count won’t match with the actual concurrent streams
- PallyCon Concurrent Stream Limiting (CSL) :At PallyCon we have used a unique technique to solve this credential sharing mechanism based on the licence issuance. The operator would set a “Max Stream per User” on the console, only that many streams can be played in parallel. Even if credentials are compromised only limited streams available for viewing, thereby saving revenue loss.As the limit is applied at the server end, this method is more robust .
- Mac Binding with device registration: Once a subscription amount is paid, usually only two/three devices, in particular IP networks, are registered for playback. The unique ID created using MAC and IP address are allowed to play contents.Now if credentials are shared and any other device requests for playback it would be prevented as the device is not registered.
How does it work:
Alice subscribes to one of the OTT streaming services, she shares her credentials with Bob and Eve . But she does not know that her operator is using PallyCon CSL with the maximum number of concurrent streams to ‘two’
- Alice starts playing DRM content on her mobile device. On the DRM server, the number of concurrent streams of the Alice user ID is counted as one.
- Bob using Alice credentials starts DRM content playback on his TV set. The concurrent stream count on the server increases to two.
- Now Eve, who also has Alice credentials, tries to login on her laptop to watch DRM content but the DRM licence issuance fails due to a limit on the number of concurrent streams. A message such as ‘Cannot start a new playback due to the limit of the maximum number of simultaneous playbacks’ is displayed on the device. (implemented by DRM error handling in the customer’s service application)
- The only option now for Eve is to watch the content with Bob or Alice or wait till one of them stops the playback. If the content is live and Eve needs to watch at that moment she will have to buy a subscription.
Ref:
- https://www.cartesian.com/the-threat-of-credential-sharing-and-theft/
- https://www.fiercevideo.com/video/netflix-loses-6b-a-year-revenue-due-to-password-sharing-analyst
- https://www.cartesian.com/the-threat-of-credential-sharing-and-theft/
- https://www.leichtmanresearch.com/33-with-netflix-share-the-service/
Harish Bhat is a Forensic watermark Product Manager at PallyCon and has been associated with media and broadcasting industry for over 13 years. Apart from technical writing, an avid reader of latest trends in the streaming world and content protection.