/ Product

Kenzie Wilson


The Ultimate Guide to Account Sharing Prevention and Growth

Account sharing occurs when a paying user shares their account information with a non-paying user so that they are also able to use the company's services.

Account sharing can result in a 30%+ loss in revenue. Here is the ultimate guide to account sharing and how you could start preventing it today.

When does it make sense to start an account sharing prevention effort?

You shouldn’t start an account sharing prevention effort until you have found your product market fit. You also should have the time and resources to effectively go after account sharers.

It is also a great time to consider account sharing prevention when you have reached saturation. When you can no longer grow vertically you have to grow horizontally. Account sharing prevention will give you a nice boost in revenue, but it will also give you a boost in users so be sure that your platform or service is able to handle that.

Strategies and policies to prevent account sharing

When you prevent account sharing you want to make sure that you reach the right person. The right person is the user who can make the purchase or sign up for their own account. This could either be the account lead or the hidden user.

There are two main strategies or policies to prevent account sharing.

  1. Communicate approach

This approach is mainly used by B2B companies who have the contact information of their users. Usually they will reach out to the user who is in charge of purchasing seats and licenses.

Since B2B companies have the email information for their users they can set up automated emails. This makes it easier to manage. These emails should start soft and allow the user to verify the additional seats.

  1. In-app approach

The in-app approach is used by many B2C companies and can also be used by B2B companies. This approach involves reaching the user through the app rather than via email communications.

In this approach, you have to reach the account sharer while they are actively account sharing. This can be done through the app or device so that you can reach the right user. It is highly unlikely that the primary account holder will purchase their “friend” or whoever they are sharing their account with. Therefore it is critical that you reach them in-app.

Here’s an example of how Rupt does in-app approach.

Dos and Don’ts of account sharing prevention

  1. Don’t assume the worst when working with customers.

Your customers aren’t always trying to cheat or steal from you. When you give your customers the benefit of the doubt you are able to effectively communicate with them. If you start accusing your customers without having the full picture it can damage your relationship with them.

  1. Do err on the side of caution.

You want to prevent account sharing without damaging the customer experience. This means that you should err on the side of caution and not cut anyone's access to your platform without being 1000% confident that they are account sharing.

  1. Don’t ruin your user experience.

Piggybacking on the point above, you want to maintain your user’s experience throughout your account sharing prevention efforts. Don’t require 2FA on every login or on every page. Don’t prevent multiple sessions. Be gentle with your users and ensure that your platform is still focused on them.

The technical details of account sharing monitoring

The question you should be constantly asking yourself is “Is this account or access coming from the same user or a different user?”.

To answer this question we have to look at a number of different signals. Generally, people rely on IP addresses when looking for shadow users. While, this is a great first signal to look at it cannot be the sole measurement for account sharing.

Especially in the age of remote working, users may have multiple IP addresses because they are working from the library, coffee shop, etc.

Any signal all by itself isn’t enough to accurately measure account sharing and as mentioned above you don’t want to approach a user until you are 1000% sure they are sharing.

When you use a lot of signals together you can create a user fingerprint. Using the fingerprint, you can infer if the account holder is logging in or if it is another user. For instance, if there are an excessive number of devices then there is probably a shadow user or possibly a few. You can also look at the number of accesses and compare it to the number of accesses of other users to determine if there are shadow users.

Rupt uses reliable and stable signals in a trained algorithm alongside machine learning to determine if account sharing is present.

Interested in learning more about what account sharing prevention could mean for your business? Sign up here.