Cyberlockers are third party file-sharing, or “file hosting,” services. Examples of popular cyberlockers are DropBox, Hotfile, MegaVideo, and RapidShare. While there are practical applications for this type of services, such as transferring documents and photos between friends, or collaborating with remote colleagues, these file-sharing merchants can also pose immense risk to acquirers. Cyberlockers are repeatedly associated with brand damaging, risky, or even illegal content, including violent video and intellectual property rights infringement. This business model is largely unregulated and very difficult to monitor, so acquirers should proceed with caution.
While some file-sharing sites may be legitimate, a website with more than one of the following characteristics should be considered extremely high risk:
- “Rewards”, cash payments, or other incentives are paid to uploaders based on the number of times their files are downloaded or streamed
- The “rewards” program emphasizes distribution of files in excess of 200 MB consistent with long form content, like movies and TV shows
- Links to prohibited content are indexed or distributed on third party websites
- High volumes of links to prohibited content are identified either by review of linking or indexing websites, search engine queries, reports by rights holders, or other methods of identification
- Distribution of large files is emphasized, consistent with the distribution of prohibited, long form copyrighted content whether in compressed (.rar, .zip) or uncompressed file formats (.avi, .wmv, .mpg, .mkv, .mp4, .divx, .xvid, .flv, .mov, .mpeg)
- Free access to stored files may be limited by increased wait times, bandwidth throttling, download limits, captchas, online advertising, or other techniques to encourage the purchase of “premium” memberships
- Files are deleted unless the uploader purchases a “premium” membership or a file is regularly accessed
- The site provides a “link checker” which allows uploaders to check if a link has been disabled to facilitate re-upload of content removed by rights holders
- The site provides uploaders with “forum codes” and “URL codes” to facilitate incorporation of the links on third party indexing or “linking” websites
Acquirers must take precautions to ensure that their merchants have a legitimate business model to prevent prohibited content from being stored or distributed using their service. In addition, the acquirer should provide the merchant with best practices so that they comply with all applicable laws based on the jurisdictions in which any user is based. The acquiring entity should evaluate a merchant’s policies and procedures, as well as responses to reports of prohibited content and reserve the right to close, suspend, or otherwise limit access to a merchant’s account(s) for failure to comply.
If you would like assistance with better understanding the risks that cyberlocker merchants may pose to your organization, or a list of suggested best practices, please contact G2 Web Services.