A Case of Attacking Account Abuse

Page 1 of 2

ISI Emerging Markets, a subsidiary of Euromoney Institutional Investor, aggregates, produces, and delivers global financial data to institutional customers worldwide via a digital platform, providing coverage of 80 different emerging markets in 18 different languages culled from 16,000 local and global publications. Its subscription-only services include the Emerging Market Information Service, the Islamic Finance Information Service, IntelliNews, and ISI DealWatch, and its customers include top investment banks, law firms, consultants, investors, insurers, universities, libraries, and others.


ISI's information technology team began to suspect an increase in unauthorized account activity, but a diverse userbase across dozens of countries made it hard to collect hard data to quantify the problem. With valuable, hard-to-find content locked behind a subscription-only pay wall, "people will try to cheat the system-it's not free, and they're going to try to beat it," says ISI CIO Antonio Monteiro. Despite these suspicions, Monteiro said it was hard to address possible unauthorized use with customers without hard statistics or specific examples in hand and without being able to gauge the true extent of the problem.

VENDOR OF CHOICE: Scout Analytics
Washington-based Scout Analytics creates behavioral analytic tools to help paid content companies gather and apply data about online users' activities and patterns. Its Scout Analytics Platform serves as the base for three software-as-a-service (SaaS) applications-Scout Revenue Assurance, Expansion, and Retention-that identify and track user patterns and activity in order to spot and address unauthorized activity on accounts, generate recommendations tailored to individual customers, and locate any instances of lagging demand.


ISI's international clientele spans the globe, with a growing number concentrated in fast-growing, still-developing markets like India and China. Its business model consists of corporate subscriptions under named-user licensing agreements with predetermined limits on logins and user accounts. ISI has had, for about 8 years, a few rudimentary tools in place to detect unauthorized activity - "all the easy stuff," such as IP addresses, cookies, and trackers for user IDs and sessions, according to Monteiro.

However, information gathered from the homegrown monitoring system offered a limited glimpse into the extent, nature, and specifics of unauthorized activity, making it difficult to identify problem accounts.

The company began to suspect an increase in unauthorized activity on some customers' accounts, but the proof was hard to pin down. For instance, logging in with a specific user ID from two spots halfway around the globe from each other might signal that the user is illicitly sharing his access to the paid content, or it might just be that the user is traveling internationally. "The problem we had is that we reached a wall-there were some customers, in some parts of the world, where it's your word against mine," says Monteiro. "That's never a very comfortable situation to be in."

Without hard evidence, it was difficult to pinpoint which customers were having which problems. It also made it harder to address these issues and try to reach a solution with customers to either upsell their accounts or put a halt to the unauthorized access, according to Monteiro. "There's no hard and fast way to point fingers at abusers."

Page 1 of 2