THE ISSUE – SUBSCRIPTION ACCOUNT SHARING
A paid online subscription web portal operates by providing online login accounts to its paying subscribers. However, quite commonly, the actual number of people accessing a particular paid subscription website is more than the number of its paying subscribers. This phenomenon is obviously due to the unauthorized sharing of a single subscriber account among multiple users with the intention of lowering the average subscription cost by sharing.
THE IMPACT – LOSS OF POTENTIAL REVENUE
Since paid online subscription businesses rely on income from subscription payments, the practice of subscription account sharing might have a significant negative impact on the growth in subscriber base and potential revenue. A paid site could potentially generate higher revenue if it could deter the mal-practice of account sharing and encourage everyone who accesses the paid service to sign up as a paying subscriber.
How To Assess Abuse Severity and Estimate Potential Revenue Loss?
Firstly, it is difficult to assess the extent of the account sharing practice. There should be a reliable way to quantify the level of such abuse among the account holders. Vital statistics on the number of users sharing the same account would provide management insight into the severity of this issue, so that the loss of potential revenue can subsequently be estimated.
How To Implement Effective Countermeasures?
Implementing an effective countermeasure is easier said than done. One common countermeasure is to implement restriction on simultaneous login per user account. This is typically implemented at the web application layer to check and limit the total number of active login sessions per user account at anyone time. This countermeasure is effective to a certain extent by making unauthorized account sharing more inconvenient, which now prevents these users from sharing the account at any time they wish. However, account sharing is still possible with cooperative arrangements among these sharers by agreeing on the time to access the paid site for each person.
THEGRID – STOP SUBSCRIPTION SHARING
TheGRID is a user-end device identification and authentication solution commonly used for the following purposes:
- Two-factor authentication for additional validation for logins or transactions
- User device identification and restriction to deter unauthorized account sharing