For the gaming industry, fighting online gaming fraud is about protecting the sanctity of the game, building brand loyalty, improving customer experience and maximizing profits. Fraud follows the money, and the gaming industry’s prolific growth has attracted a wide range of fraudsters both large and small. According to Newzoo’s annual Global Games Market Report, the company predicted that gamers would generate $108.9 billion in game revenues for 2017 across multiple device types and segments. It also estimated that of the 2.2 billion active gamers in the world, nearly half (47%) spend money while playing.
The online gaming industry deals with low-cost transactions that need to be approved in real time so as not to interfere with the gaming experience. This near-instantaneous analysis of the transaction means reviewing billions of data points of current and past transactions behind the scenes to not only protect the consumer but also protect the integrity of the game, the gaming company and the industry as a whole.
Whether it’s taking over accounts, hacking games, stealing credentials or developing bots to exploit games, fraudsters are continually looking to identify weaknesses in the online gaming industry to generate profits. Scott Adams, former director of fraud and risk management at Riot Games, can attest to these challenges. (Full disclosure: Riot Games is a Kount customer.) In his role, Scott was tasked with reducing fraud for millions of people who play League of Legends worldwide, focusing on payment processing to create a seamless experience for the gamer. He worked with the ecosystem of the fraud industry to ensure the company stayed ahead of its fight against card-not-present (CNP) fraud. With some insight from Scott, here are some of the top fraud schemes that are unique to the gaming industry:
Account Takeover And Synthetic IDs
In this scenario, fraudsters target accounts with advanced capabilities, special strengths or powers, or large amounts of game currency and then “sell” those accounts over and over to unsuspecting, legitimate players. Account takeover attacks typically result in the majority of the players not receiving their purchases and a black eye for the individual game.
Another means of obtaining the information necessary for payment fraud or account takeover is the creation of spoof sites that collect user data from unsuspecting visitors. Unfortunately for all involved but the fraudsters, these spoof sites can look exactly like the sites they mimic. A site that is spoofed might have a URL that is just one letter off from the correct one, making it difficult for trusting users to detect. The player unknowingly inserts their login credentials to the fake site, which are then sold on the dark web or used on the real site to take over legitimate player accounts.
Bots are another serious threat to the gaming industry. Beyond using bots to farm for points, a fraudster can run referral bonus schemes and refer “new” players that are just bots using synthetic IDs and stolen credit card accounts. With each referral, the fraudster receives a reward that he or she either turns directly into cash or uses to boost the value of the account so that he or she can sell it on the dark web.
Arbitrage illustrates the sophistication of today’s fraudsters. The proliferation of payment types and the growth of global gameplay has led to unique and unexpected fraud scenarios. In this case, fraudsters load up accounts with a bunch of points in one region and then, taking advantage of currency exchange rates (with the help of bots to automate the process), transfer funds back and forth among different types of currency in order to make gains.
On an individual fraud level, the gaming industry is also faced with “friendly fraud,” which is when a product, either physical or digital, is ordered and then disputed as having never been received, received damaged, never ordered, etc. The simplest form of friendly fraud results from cardholder confusion, where the billing originates from an unknown company and is poorly labeled on the credit card statement. This can easily be corrected by ensuring that the credit card statement reflects a specific game rather than its parent company. The second form is more nefarious and occurs when the gamer, not wanting to pay, disputes legitimate charges. Because the gaming industry deals in digital goods and low-value transactions, this places tremendous pressure on a gaming company to prove products or services were indeed purchased by the user. This additional burden often costs time, money and resources.
To combat this barrage of fraudulent activity, companies like Kount and the Alacer Group are looking to aid the gaming industry in building collaborative solutions that integrate transaction data with gameplay data. This type of comprehensive approach not only allows the gaming industry to identify fraudsters and their patterns but also block them before they cause harm and headaches. By integrating these two sources of data insight, gaming companies can more quickly spot account takeovers when the buying behavior, or behavior of play, changes suddenly. By rapidly pinpointing these traits, the industry can become more aggressive with its fraud-fighting techniques and begin to flag other “players” sharing the same device, IDs, credit card accounts, email addresses, IP addresses and other data points associated with a known fraudulent account.
The online gaming industry’s popularity continues to grow worldwide, attracting both fans and fraudsters at significant rates. To fight back and to protect the sanctity of the game, the industry needs to deploy state-of-the-art fraud solutions that leverage data from multiple sources. This collaborative approach would allow companies to not only stop fraud but also protect the billions of gamers across the world.