You know how you have one Netflix account shared within your immediate family, a few colleagues, that couple you met on holiday and your family physician? So, that's called account sharing. We've all done it at one point or another, and by and large, most people see it as a victimless crime since the only ones put out by it are big, faceless corporations who make too much money and probably test their products on puppies or babies or something equally defenseless and small.
The thing is, it's been happening at Prezly in some form for about as long as Prezly has existed, and we haven't tested anything on a puppy in years. Even so, the problem has never been huge.
So why do we care now?
Earlier this year, we changed our pricing model to scrap the user minimum and instead price each subscription per user, with the option to pay more if you want extra features like additional newsrooms. This meant that our cheapest plan went from €240 to just €40 per month. It also meant that bootstrapped startups and one-person NGO teams could use the same tools as the biggest agencies and enterprise powerhouses. We counted that as a win 🎉
But even with subscriptions stripped back to about a third of what they had been, account sharing went up. People will always try to lower the price; it's in our nature.
Why pay for three seats when you can get one and share the login?
Honestly, we often look the other way if there are only a couple of people involved, or if the activity is limited. I get the feeling that many companies do the same. There's no way the people at Netflix buy that the members of my household habitually travel between Leuven, Brussels, London, New York and the Hague.
But even if the cost of lost subscriptions isn't that high in the grand scheme of things – Prezly has been generating a healthy revenue for years and continues to do so – there are other hits you will take by allowing account sharing to take place: it's harder to give support, security issues, misuse of team resources, a drop in quality for all users, and a potential loss of trust.
Let's use an example to illustrate what I mean.
Walk into any McDonald's in the US or Canada and you can get a coca-cola with the promise of free refills for the duration of your meal.
The concept is similar to the pricing model we have at Prezly: you pay a set amount to use our software for the month or the year, and fill the CRM with as many contacts as you like, send out however many campaigns you need to, publish all the stories you want. Endless multimedia, unlimited comms, and support are always there when you need it.
To ensure that everyone wins, it's generally understood that some baseline rules go unspoken.
- It's ok to have a sip of your husband's drink
- We'll close an eye if we see two students piggybacking on one soda to save a few $
- Minor abuse of the system is expected and factored into our numbers
So at what point does it become too much?
What if it's not a couple of friends that walk in, but a busload of tourists. They drive up to the McDonald's, come in, take a seat – all two dozen of them – and order a single drink.
Maybe they wheel in their own barrel, surreptitiously plugging a tube into the bottom of their cup to siphon off the stream of coke until the machine's sputtering. At which point they turn to the cashier and ask that they come to fix it, and fill it up again. So she does, while the queue of regulars stacks up, getting more and more impatient. A few walk out the door.
The majority of people wouldn't dream of walking into McDonald's and doing something like that. Hell, they probably wouldn't even pull that stunt in a Wendy's. Online on the other hand? It's all too easy.
Here are some anonymized stats on the account sharing we see every day:
- 10 customers (2%) with extreme account sharing activity sometimes clocking in more than 10 simultaneous sessions within the same hour (different browsers)
- Another 10% of customers showing mild account sharing activity (3-5 simultaneous sessions)
It is hard to put that into revenue numbers as we know not all those customers are planning to upgrade their accounts to include a seat for every team member and it's not factoring in volume discounts, but lets try
- 5100euro/month. Extreme sharers have an average of 6.8 simultaneous sessions which would total 68 seats. On average (throughout customer base) we're charging about 75euro/month/seat.
- 3000euro/month. Mild sharers are harder to estimate as those might be low usage seats (only used once every month). For the sake of the exercise let's say that every mild sharing account will buy 1 extra seat (some will buy multiple, some will not)
It's easy to think of companies as greedy capitalists whose main ambition is to wring every cent from prospective customers. But there's another level to it.
For a relatively small business, particularly a bootstrapped one that cannot rely on any external investment, that missed revenue (100k/year) means we cannot hire additional developers to build out the 12345 features our existing clients have asked for.
Perhaps more annoyingly, Prezly wasn't intended for multiple people to use the same user account, so the practice messes up functions like conversation tracking with CRM contacts and the history of who published what story when, who sent out which pitches and campaigns, and so on – features that are absolutely core to the way Prezly functions.
(Not to mention that it's not exactly fair for the 88% of our clients who pay for our product according to their usage.)
So, clearly there's a problem.
Today there are about 100 people taking advantage of Prezly's bottomless brunch system. For now, we're approaching tackling this account sharing in tiers.
Tier 1: The carrot 🥕
Speak with the worst offenders, letting them know that we know they're account sharing and informing them of the inherent risks and downsides (that this is against our terms of service, that it messes up the history within their account, that it can compromise security).
Tier 2: The slightly inconveniencing carrot 🥕
If the polite nudging from tier 1 doesn't work, we wait for our system to flag that there are too many people accessing an account simultaneously and we force a password reset. It's easy for people to get around, but gives enough inconvenience to show that hey, we weren't kidding about this "breaking our terms of service" thing. Please cut it out.
Tier 3: The full-metal carrot 🥕
If those doing the account sharing continue to ignore our warnings and don't respond to our emails to work something out in good stead, we put on our big-boy pants.
As a last resort, we:
- Start resetting passwords every time we see too much simultaneous activity
- Suspend their account
- Force 2FA/SSO
Honestly? Sort of. We had the carrot conversation with a few accounts and some of them made allowances by paying for additional seats or pinky-promising not to account share again. Others were less cooperative, so we're in the process of making a go of the tier 2 response, which is proving a bit trickier than expected. I'll update this post with the results once we have them.
For now, I'll reset my Netflix account and politely mention to my aunt, colleague, and the barista at my favourite coffee shop that it might be time they get their own.
I'd love to hear your perspective on this. Have you dealt with this? Do you see it as a problem? Should we just let it go? Is this all a capitalist scheme to help us fill our swimming pool with coins?