By: Dan Frechtling, SVP of Marketing and Chief Product Officer
File lockers go by many names: cyberlockers, cloud storage, file-hosting services, cloud-based storage services, and online file-storage providers, to name a few. Regardless of what you call them, the business model is the same: users create accounts, save files to their accounts, and can then share these files with others. Many use these accounts to provide friends and family access to photos or video, while others may use it to store business documents.
But some file lockers have affiliate programs or premium accounts that can be used for the storage and monetization of bad content – content that not only can get them suspended from payment networks, but that is also illegal. While not all file lockers contain this content, card networks are paying closer attention to violations, and payment providers are giving ultimatums: “clean up your file locker, or lose our relationship.”
In order to better facilitate the cleanliness of a file locker, G2 has put together 10 best practices for keeping a file locker clean of the aforementioned illegal content:
1. Monitor Content
There should be a formal policy and procedure for reviewing files stored in a file locker; ensuring files do not contain prohibited content.
2. Implement a Takedown Policy
If prohibited content is found on the server, the file locker should enforce a written, publicly available notice and takedown policy.
3. Identify File Locker Traffic Sources
File locker operators need to know everything they can about where users are coming from. This requires identifying connected websites and other sources of traffic coming to them.
4. Administer Velocity Monitoring
It is important to monitor for sharp spikes in activity and other discrepancies between upload and download velocity. A large variation between the two numbers may give you some insight into suspicious content.
5. Enforce a Repeat Infringer Policy
Having and enforcing a written and publicly available repeat infringer policy is a must. The policy must mention the identification and termination of users who attempt to upload prohibited content more than once.
6. Require Reporting
On no less than a monthly basis the file locker should generate a report that identifies and summarizes all efforts taken in support of their best practices and requirements policies.
7. Enforce a Child Exploitation Reporting Policy
Take proactive steps to ending the exploitation of child victims by immediately reporting detected files to the Internet Watch Foundation, National Center for Missing & Exploited Children, or other appropriate authority.
8. Provide Partners Access to System
The file locker’s acquiring entity – or its designated representatives – should be provided access to their system via premium account privileges so they can review content available through its service.
9. Require a Point of Contact
There should be no ambiguity. The file locker needs to provide the full name, address, email address, and phone number for a main point of contact. This will be the person that is able to facilitate all previous best practices.
10. Cooperate with Law Enforcement
All members in the partnership – payments facilitator, file locker, acquirer – need to cooperate with all law enforcement requests or court orders including: subpoenas, search warrants, discovery orders, etc.
Not all file lockers contain bad content, but hosting child pornography, rape, or bestiality is illegal, and a file locker may be held accountable for any of these files that are found. Following these best practices can help keep a file locker clean of any of this illegal content, and their payment facilitator relationships intact.
File lockers use these 10 practices as a starting point. G2’s experience helping file lockers clean up violating content, and our collaboration with associations like The Internet Watch Foundation, help file lockers take further steps to ensure they don’t face business interruption…or worse.