Credential sharing is becoming a major problem hurting operators’ growth. In the US, it is estimated that 34% of 18 to 34-year-olds are sharing their credentials to watch streaming content.

Limiting devices is severely limiting

Until recently some companies offering OTT services have ”controlled” credential sharing by limiting subscribers to a set of registered devices. But today a household of four can have 10 or more media devices. Setting a device limit is not only annoying to consumers but also impractical for controlling credential sharing.

Someone must police what devices have been activated for an account. If the device limit is reached, consumers must figure out who is using what device, deregister an unused device, add a new device… A messy business leading to customer support calls.

Limiting devices is also costly to implement and hard to enforce because it depends on each device maintaining a unique identifier. MAC addresses – when available to management applications – are often used as the device identifier, but they can be cloned. Using something else as the identifier is fraught with issues, such as:

  • Web browsers: new HTTP sessions are assigned new IDs, independent of devices.
  • Android: different limitations based on versions, e.g. MAC addresses not available via third-party APIs, ANDROID_ID subject to changes after an app install or factory reset.
  • iOS: only access to VendorID which is not persistent.

Limiting concurrent streams is practical and simple

A better way to control credential sharing is limiting the number of concurrent streams, like Netflix – two simultaneous streams per account for $X or four for $Y. Not only is it feasible, it is also well understood by consumers.

Once the number of active streams is reached, the next person attempting to watch content will get a notification which will trigger him or her to find out who is actively using the account. In a household it’s easy to know who is watching and decide who should stop – or upgrade to a plan allowing more streams. But if the consumer’s credentials are shared with a broader group – knowingly or unknowingly – the account holder could change his or her password and stop sharing credentials with friends.

This is all good news for operators! They can reduce revenue loss caused by credential sharing and upsell premium services to subscribers.

Mind the security and scalability

But not all concurrency management solutions are created equal. Concurrency management relies on a heartbeat communication between a streaming device and the service provider where the heartbeat indicates a stream is ‘alive’. If the solution is not secure, hackers can disrupt heartbeat communication and circumvent concurrency enforcement.

And if the solution cannot scale up to support a high volume of viewers, such as during live events or title launches, subscribers will experience service disruptions which could further hurt operators’ business.

To be effective in stopping credential sharing, OTT operators must implement a secure and reliable concurrency management solution which will also give them the flexibility to upsell services.