Why Streaming Services Need Assurance Thinkers

Regular Commsrisk readers may remember an article published in February which highlighted that streaming services, like Spotify, can be subject to fraudulent activity where the hacking of a social media account is used to game the system. Does this mean an organisation like Spotify now needs to invest in business assurance?

Given I’ve been an avid user of Spotify, and a Premium service customer for some time, let’s take a quick look at their business.

The Price (Difference) Is Slight

The first thing that caught my attention was the pricing for Spotify’s most common premium services across three countries: the UK, the US and Germany (seeing as RAG is holding its European conference in Germany soon).  The first thing to note is that, regardless of currency, each of the services is charged at the same value in each country; 4.99 for Student Premium, 9.99 for (standard) Premium and 14.99 for Family Premium (which I subscribe to).  A quick normalization to GBP shows the difference in costs based upon currencies:

Country Students Premium Family
UK £       4.99  £       9.99  £     14.99
Germany £       4.29  £       8.59  £     12.89
US £       3.84  £       7.69  £     11.54

Whilst most people will agree that the difference in price per month isn’t material to a subscriber it does show that, as a UK customer, I pay 14% more than my German friends and a whopping 23% more than my American cousins.  There are many commercial and operational reasons why Spotify would choose to do this and I can’t fault them for it – that’s their call and businesses have to maximise revenues.

Multi-User Plans: Consolidate and Duplicate

Spotify’s Premium for Family service allows up to six individual user accounts associated to the account payer’s address (great value for money in my opinion).  However, they are now trialling their Premium Duo plan in five countries (Colombia, Chile, Denmark, Ireland, and Poland) which allows for the association of two user accounts to a discounted plan of 12.49 per month.  That means that households with two users (whether a couple without children or flatmates) can benefit from the new plan.  Great idea!

However, during the process of upgrading my subscription to the Family plan, I managed to create a duplicate account using the same email address as my original Premium account.  I know, I know – that’s on me, and rightly so.  I then failed to notice duplicate payments for my monthly Spotify service(s).  Again, you could argue that that’s my fault.  So how did I find out about it?


I was happily using the service when it started playing tracks I had never heard of, nor requested.  I thought it a glitch so I reverted to my music, but it happened again, and again.  Spotify’s service means that there can be only one output device active for a user account at any given time, which makes sense and alerted me to the possibility that my account had been compromised. I raised the incident to Spotify. An agent immediately picked it up.  But it was only when doing this that the agent asked me which of my accounts I was referring to.  At that point both the agent and I realised that, aside from the breach on the account, I had also been double-paying for a service that had had no usage against it.

Action Taken – Confidence Restored?

I’m a big believer that businesses should always do the right thing for the customer. In this instance, I must applaud both the agent and Spotify.  The agent raised the issue internally, closed down the superfluous account and refunded all my over-payments before the end of the day.  But this error should not occur with any internet-based business that has so much data about its users and their behaviour. The simplest common-sense processes and analysis would shine a spotlight on such anomalies. Performing assurance-based thinking at the design phase would likely have prevented the problem occurring in the first place.

I Can’t Be the Only One

The mistake that happened to me raises the question about what Spotify will do to prevent this from occurring over and over again, or if it’s even worth their while financially to do so. Furthermore, I wonder if they will be analysing their customer base to understand which Family accounts would be eligible for the Duo plan, and whether they will make any effort to proactively inform customers about their eligibility for a more cost effective plan.

Surety in Assurance

Though assurance activities in telcos seem to be mature and are now regarded as business as usual activities, the value of the assurance practitioner is evident in industries and organizations who previously have questioned the need for it.  Assurance thinking should be applied across all areas of a business, from product design to on-boarding and all the way to the bottom-line.  As more high-quality user experience services saturate the global market, there is greater need to remain competitive whilst ensuring revenues are maximised and costs are controlled. Any incumbent provider should always keep these goals in mind.  For existing value-for-money service providers, such as Spotify, customer loyalty will play an important role in reputation, retention and success.

Rob Chapman
Rob Chapman
Rob is the Chief Operating Officer of the Risk & Assurance Group (RAG). He is responsible for the planning and execution of each RAG event. Rob's goal is to bring together professionals from across the industry and drive RAG's agenda forward.

Rob started working for RAG full time in 2018, having served as Chair on a voluntary basis for the previous four years.

Before joining RAG, Rob was a senior consultant at Cartesian. He has worked in revenue assurance and billing roles for TalkTalk, Verizon Business, Energis and Hutchinson 3G.