Preventing users from sharing account information is a security concern as well as a way to prevent paid accounts from being shared. When hosting a virtual environment targeted to kids, you are also required to take reasonable measures to prevent users from sharing PII (Personal Identifiable Information) in accordance with COPPA (Children’s Online Privacy Protection Act). The types of personal information include, but are not limited to, phone number, email address, and home address which cannot be shared in chat rooms, forum posts, and the like. Implementing all of the following prevention techniques will dramatically reduce your risk from users sharing account credentials and PII.
Educate Your Users
Prevent Users from Typing Their Own Information
Passwords typically cannot be filtered since each user’s password is One-way Encrypted in your system (at least it should be!). However, you can prevent users from sharing their login names by rejecting messages that contain the login name of the user that generated the message. Without it, the password is not very useful. Note that a user’s login name cannot be the same as their public display name for this technique to work. Any personally identifiable information you store about a user (name, email, address, etc) can also be filtered on a user-by-user basis using this technique.
Open Chat: Filter Commonly Used Phrases
To identify and eliminate a majority of chat messages or forum posts that contain PII or account information, add commonly used phrases to your blacklist such as:
- My phone number is
- My address is
- What is your phone number
- Send me your account info
There are a number of variations for each phrase to consider as well, such as the pound sign (#) in place of the word “number”. Keep the phrases as short as possible, but not too vague as to generate false-positives. For example, blocking the word “number” will generate too many false-positives if filtered alone. Instead, add “my phone number” to your filter blacklist.
Open Chat: Detect Email Addresses and Phone Numbers
Two of the most commonly shared pieces of personally identifiable information are email addresses and phone numbers. Simply preventing “.com”, the “@” sign, and numbers from being typed are a good start. Better yet, use a filtering solution that can detect clever attempts of getting around the filter when users spell out numbers or type “at” in place of the “@” sign (among other techniques).
Implement Restricted Chat
Restricted chat is commonly referred to as White List Filtering. Users are only allowed to type words and phrases that are on a pre-approved list. Kids have been known to be able to circumvent white list filters to share information such as their phone number, so moderation efforts still need to be in place. Read the very informative post by Izzy Neis for more details on restricted chat challenges: Is there such thing as 100% Safe Chat for kids?
Keep an Eye on Repeat Offenders
This is a common moderation practice for preventing any inappropriate behavior and worth mentioning here. If a user tries to share their personal information once, keep an eye on their content to be sure they do not try again.
Will these techniques be 100% effective when used together to prevent users from sharing account credentials and personal information? Most likely not, but making the effort will drastically reduce your risk and provide users a level of comfort and security while participating in your online environment. Visit the description of Inversoft’s CleanSpeak Filter and Moderation Tools to learn how integrating CleanSpeak will make the effort easy!
You should follow me on Twitter