February 17, 2018
As a veteran of the online games world, Scott Adams has seen plenty of carnage. However, that’s not the kind of gut-spilling this blog post will cover.
Instead, we’ll summarize insider insights Scott has gained from his years of fighting fraud, including as the Director of Fraud and Risk Management at Riot Games. (You can read more of Scott’s hacks by downloading the white paper “Insider Hacks: Fighting Fraud for Online Games”.)
Beyond conventional fraud attacks like card-not-present (CNP) fraud, online games companies face unique challenges that require unique fraud prevention solutions. Here are a few that Scott highlights:
Small-Ticket Orders and Card Testing. Transactions for many online games and gaming sites often involve amounts of less than $10. This makes online games and gaming sites a tempting target for card testers. “For fraud rings that are doing card testing on stolen credit cards,” Scott notes, “a $3-$5 transaction on a game site is a low-cost way to run cards. If you’re not prepared to stop those attacks, you could be hit with a huge number of chargebacks.” The small transaction amounts also lead to TC-40 claims and the hidden (but huge) threat they present.
Account Takeover and Synthetic IDs (Fraudulent Account Creation). Many fraudsters are also gamers. For them, fraud is a game, a competition. “They enjoy the thrill of testing their skills,” Scott points out. “They’re not just in it for the money – though that certainly is a factor – but also to show the world that they’re able to ‘beat’ the system.”
Spoof Sites. Fraudulent spoof sites can look exactly like the site they’re spoofing. “With stolen CSS, it’s so easy for fraudsters to mimic actual sites,” says Scott. Unsuspecting players unknowingly reveal login credentials. These credentials are then used to steal their account on the true site. “Because players are often young, unsophisticated buyers, spoofing is a huge problem,” notes Scott.
Bots. “One popular bot fraud tactic is for fraudsters to ‘recruit’ new players and then collect referral rewards,” observes Scott. Whether referral fraud, promotion fraud, or game action fraud, bots cost online games and gaming sites money and poison the user experience.
Arbitrage. Scott relates one unusual episode: “There was one arbitrage operation where fraudsters were loading up accounts with a bunch of points in one region, and then taking advantage of currency exchange rates to flip those accounts in other countries to multiply their gains.”
What’s the best way to stop fraud?
Scott recommends a multi-layered approach that takes advantage of fraud screening technologies and transaction data, plus simple “low-tech” practices that frustrate fraudsters, as well as using the data that game sites themselves gather about their players.
- Use enterprise-class fraud prevention system. This will detect a large percentage of fraudsters and prevent them from gaining access to your network.
- Reduce economic incentives. This may not be possible for all online game and gaming sites, obviously, but reducing the profit potential tends to drive fraudsters away.
- Leverage gameplay data. This can provide real insight into who is and who isn’t legitimate on the site. For example, it can reveal referral scams: “By monitoring the initial gameplay of ‘new players,’” Scott says, “you might quickly determine that they continue to repeat the same mistake over and over, a sure giveaway that they’re dumb bots.”
- Avoid cardholder confusion/error. One simple example is a player’s parents—who pay the credit card charge—don’t recognize the line item on their statement. Review your billing processes and make sure you remove all opportunities for confusion.
- Fight digital shoplifting. Data from both your fraud prevention system and from gameplay should be easily accessible so you can provide the evidence needed to win chargeback disputes (representments).
Keep the game pure.
Economic losses aren’t the only reasons to fight fraud. Scott emphasizes the corrosive effect of fraud: “Let’s say fraudsters have compromised an online poker site, and are running multiple ‘players’ using different synthetic IDs or bots. This allows the fraudsters to know most of the cards in the game so they can stack the odds in their favor and win more than their fair share of pots. Pretty quickly, players who are not cheating will abandon the site because of their high losses. Ultimately, stopping fraud is not just about stopping financial losses, but also about maintaining the integrity of our games and providing our customers with the best experience possible.”
“Our industry has to do a better job of sharing. The more we can call out known fraudsters, tactics and techniques, the better off we’ll all be.”
– Scott Adams
Interested in additional insights about fighting fraud in the online games and gaming world? Download the eBook “Level Up Your Profits: Beat Fraud in Online Games and Gambling” and discover how online games and gaming sites are incorporating fraud-fighting strategies into their gameplay to land more whales while busting more sharks.