Attacks on streaming services include new fake account creation, account takeover, phishing, and spam. These attacks are on the rise as fraudsters are tapping into the opportunities presented by an overwhelming increase in the number of users accessing these services.
The stay-at-home mandates, owing to the coronavirus outbreak, have caused theaters and cinema halls around the world to close down. The search for alternate means of entertainment has created a windfall for streaming services that are witnessing an unprecedented surge in viewership. With the number of users increasing, attacks on streaming services are also increasing proportionately.
Subscriptions and viewing hours have increased
Initially considered a niche service for the millennials, digital streaming has cut across age-groups to appeal to people across demographics. Ease of use and low barriers to entry have made streaming services a popular entertainment channel during the global lockdowns. So much so that people are live streaming their yoga and cookery sessions.
According to estimates, the US saw a 13% rise in streaming services, which is projected to rise further to 60%. As the number of subscriptions and the viewing hours keep increasing, fraudsters are having a field day, exploiting opportunities to launch attacks on streaming services platforms.
Fraud disrupts user experience, causes losses
To attract new users and foster customer loyalty, streaming platforms offer an immersive user experience. However, user experience can take a beating if fraudsters are able to mix with true users and abuse the platform. Often, fraudsters create fake new accounts en masse to overwhelm the service. They also deploy bots for credential stuffing and account takeover at scale. Once they create fake accounts or wrest control of existing user accounts, fraudsters can scam other users, disseminate spam, and disrupt the platform.
For instance, an up-and-coming broadcasting service platform that streams live entertainment, gaming, sports, and e-sports videos were facing automated bot attacks from fake accounts. Further, the platform saw dormant accounts suddenly becoming active after months of inactivity to scam people and send out spam. This vitiated the platform and caused disruption to users trying to watch and stream events.
Fraud attacks don’t just disrupt the user experience, they also cause loss of revenues and damage to reputation, which is a rather long-term loss. Consumer trust is paramount for the success of streaming platforms and erosion of this trust can lead to loss of customers. Acquiring new customers often costs nearly five times the cost of retaining existing customers. The loss of a customer is, therefore, a massive loss for a platform.
Point solutions cannot protect against complex fraud
The onus to protect the revenues and safeguard the interests of true users from the fraudulent activity is on the streaming service provider. Aware of its responsibility, the digital streaming service platform deployed reCaptcha to fight fraud. However, the solution was susceptible to automated attacks and fraudsters could easily circumvent it to create new fake accounts en masse.
Further, the solution could not protect the platform from account takeover, as dormant accounts suddenly sprung up to life to disseminate spam and launch other malicious activities. As a result, the platform was finding it difficult to preserve the superlative digital experience it was known for.
Fraud-prevention that keeps user experience at the forefront
Arkose Labs helped fight attacks on streaming services platforms by filtering out automated bots while keeping user experience front and center. The Arkose Labs solution replaced the existing fraud prevention mechanism and was deployed at the account registration stage. All incoming traffic to the website was subject to screening using parameters such as device ID, IP address, and location. Based on this analysis and continuous intelligence, each user was assigned a risk score.
Each user was presented with 3D challenges, which had to be solved to prove authenticity. Bots and machines could not solve these challenges and failed. This is because the challenges are resilient to automatic solvers. Good users on the other hand could sail through without any difficulty or disruption. This put an end to automated attacks on streaming services platforms.
Buoyed by the results in stopping fake new account creation, Arkose Labs solution was deployed to tackle account takeover attacks at the login page. The Arkose Labs solution monitored every login attempt and segregated good users from bots and malicious humans. Once again context-based, 3D challenges caused bots to fail instantly.
For malicious humans and sweatshops, the challenges incrementally increased in complexity. This slowed down the attackers and prevented them from achieving scale—which is extremely crucial to maximize the RoI. Attackers had to deploy additional resources to clear the challenges at scale, which meant extra investments and depleting returns. All of these factors depleted the returns from attacks on the streaming services platform. This bankrupted the business model of fraud and forced the fraudsters to abandon the attack and move on.
New approach to fight attacks on streaming services platforms
This new approach to fighting attacks on the streaming services platform enabled it to welcome true users in a markedly safer environment. The true users continue to enjoy the top-notch user experience they had come to expect of the platform. Further, the feedback loop between risk assessment and the challenge-response mechanism ensures that fraud-prevention quickly adapts to the evolving threat landscape so there is no loss of business or user experience.
To learn how Arkose Labs helped fight attacks on the streaming services platform and preserve user experience while eliminating bot attacks, download your copy of the Caffeine.tv case study.