Fool Me Once, Shame on You. Fool Me Twice…We Won’t Get Fooled Again

February 28, 2018

The average age for a gamer is 31 years old. However, a significant percentage—nearly 1 in 3 players—is younger than 18 years of age. For online games and gaming sites, this young cohort presents a unique challenge for payments and fraud prevention:

  • Greater vulnerability to fraud.
  • Higher rate of friendly fraud.

Greater vulnerability to fraud. Young players can be easy targets for fraudsters. They’re likely to be more trusting and less aware of the types of attacks to which they may be exposed. The result can be a surge in account takeovers and malicious account creation incidents.

  • Spoof sites. Fraudsters steal cascading style sheet (CSS) code from legitimate sites to create fraudulent spoof sites that look exactly like the sites they’re impersonating. Typically, the spoof site URL is one flipped letter different from the actual site, for example “” vs. “” If a young, unsuspecting player accidentally mistypes the web address, they arrive at what looks like the actual site. Their login credentials get collected and are used to steal their account on the true site.
  • Cyber criminals use automated bots to open massive numbers of fraudulent accounts and gain access to the online game’s user community. Exploiting the trust of young players, they’ll solicit email addresses through in-game chats and other methods. They’ll then use the harvested email addresses to send out phishing emails. These are used to steal login credentials and take over accounts.
  • Data breaches. A maker of kid-tailored gaming systems, smart watches, tablets, and other devices experienced a major cyber attack in 2015. Nearly five million parents’ accounts and over six million kids’ accounts were exposed. Cyber criminals gained access to names, mailing addresses, email addresses, passwords, IP addresses, and other critical details.

Higher rates of friendly fraud. So-called “friendly fraud” involves a chargeback that is illegitimately filed. Sources of friendly fraud include buyer’s remorse, family and friends, expired free trial period, and more. Friendly fraud is growing at double digit rates because it’s easier than ever to file a chargeback and card issuers are unlikely to investigate or challenge chargebacks in order to minimize customer service expenses and retain customers. Friendly fraud usually falls into two general categories: unintentional (customer confusion) and intentional (digital shoplifting). The high percentage of young players in the gaming world makes both more likely.

  • Unintentional (customer confusion). A common scenario for online games and gaming sites is when a young player gets a parent’s approval to use a credit card to make a purchase. The mom or dad forgets, however, then later sees an unfamiliar charge on their credit card statement and mistakenly files a chargeback. In fact, nearly half of all friendly fraud chargebacks (49%) resulted from a simple misunderstanding in which the cardholders didn’t even know they were filing chargebacks.
  • Intentional (digital shoplifting). In this scenario, a young player uses a parent’s credit card for a purchase that the parent has explicitly forbidden (hey, they’re gamers, they tend to break the rules sometimes!). The parent files a chargeback—instead of requesting a refund—sticking the site with the cost. This behavior can rear its ugly head in free trial promotions, in-game purchases, and more.

IMPORTANT: With the coming May 2018 changes to Visa chargeback rules that limit the number of chargebacks that merchants can dispute, it’s more critical than ever for online games and gaming operators to be proactive and reduce friendly fraud before chargebacks get filed.

Want to get insider hacks for fighting fraud in the online games and gaming world? Download the eBook “Level Up Your Profits: Beat Fraud in Online Games and Gambling” featuring insights from Scott Adams, a leading expert in the field and the former Director of Fraud and Risk Management at Riot Games.