5 online gaming fraud schemes that lose revenue, discourage players
The gaming industry rakes in billions of dollars a year from online casino tables to mobile apps, making it a prime target for fraud. And unfortunately, the payment systems within online games pave easy pathways for bad actors to commit fraud.
Gaming is all about the community, and a community brimming with fraudsters ruins the experience for everyone. Fraud can quickly tarnish a game developer’s reputation and deter players who won’t stick around if bots and scammers overrun a game.
Whether they’re infiltrating Twitch streams or hacking into Fortnite accounts, fraudsters use gaming as a vehicle for payments fraud, account takeover attacks, card testing, and a host of other nefarious acts. Meanwhile, even legitimate gamers can commit intentional or accidental friendly fraud.
Because the success of a game relies on good gaming experiences, developers are in a tricky position when it comes to fighting fraud. They have to maintain customer loyalty, provide a good gaming experience, and weed out bad actors while turning a profit.
Knowing the types of fraud most threatening to online games can help better prepare game companies to fight the fraud before it happens. And before it ruins the gaming experience for loyal customers.
1. Online gaming currencies supply real-world money and fraud opportunities
The biggest opportunities for fraudsters to monetize their activities are buying and selling virtual currencies and artifacts like skins, weapons, or armor. These items provide abundant opportunities for fraud schemes such as money laundering and payments fraud, as one widely popular free-to-play online multiplayer game experienced.
For example, a fraudster creates a free account for an online multiplayer game then uses stolen credit cards to fill up the account with in-game currency and skins. Once the account is loaded, the fraudster sells it on a trading site. Accounts sell for several hundred to thousands of dollars, turning stolen virtual goods into real cash. Similarly, they may buy and sell special items like loot boxes containing weapons, armor, or other virtual goods.
Typically, buying and selling accounts goes against a game’s end-user license, so game developers have the power to close accounts that have been purchased or sold. But this practice can be infuriating for legitimate players who spend thousands of dollars on an account.
“The fraudster can try to launder an item and sell it for real money in the real world via a trading site. Meanwhile, the gaming company gets the chargeback,” said Sven Hindman, Product Manager at Kount.
Unfortunately, the repercussions of trading in-game currencies and artifacts fall back on the game companies. For example, let’s say an unsuspecting player purchases a special artifact or game account on a third-party trading site.
The game company then deletes the item or account because it violates a game policy. So the player files a chargeback. Unfortunately, the game company has to pay for that chargeback and potentially lose customer loyalty.
“It’s a balancing act between not encouraging fraudsters to purchase things and launder them and losing legit customers that want to play the game,” said Hindman.
2. Fraudsters take over game accounts for the stored value
What makes games so valuable are the loyal players who spend hundreds of hours leveling up characters and hundreds to thousands of dollars on extra game content. And because of the time and money players spend, their game accounts hold tons of stored value, making them huge targets for account takeover attacks. In fact, 21% of gamers in a recent Kount survey said they’d been hacked in the last year.
The ways in which fraudsters hack into gamer accounts are numerous, but some of the common ways include:
- Creating spoof sites to steal login credentials.
- Buying user credentials on the dark web for credential stuffing.
- Phishing scams.
- Offering help or bonuses in-game in exchange for player credentials.
With access to a player’s gaming account, a fraudster can sell the entire account, spread spam and links to phishing sites to other gamers, steal credit card information, withdraw funds, and change account information.
Account takeover attacks are detrimental to gamers and costly to fix for game companies. Hindman once ran a customer service department for an online game company and experienced firsthand the costs of a phishing attack. Attackers compromised some 500 player accounts and sold every stored item.
“The customer service center was inundated with all of these account takeovers, and it took us over a month to sort all of it out. And it cost about $60,000 in overtime,” said Hindman.
The labor costs alone can be financially detrimental to a game company. But the bigger loss is losing legitimate players who may feel discouraged and leave the game entirely. According to Kount’s “Account Takeover, Game Over” survey, the No. 1 thing game companies could do to increase gamers’ confidence in account security is notify players of suspicious login activity.
3. Promotional offerings prompt new account fraud and card testing
Sign-up bonuses, coupons, and other promotional offers can be a great way to attract new players. But, like with online streaming fraud, they also lure fraudsters who are looking to abuse these offerings.
Fraudsters engage in promo abuse to test credit cards, create fake accounts, and hack existing accounts. Online games and gambling sites that offer $0 authorization fees are especially vulnerable to card testing. Cardholders may not notice the authorizations immediately, so fraudsters have time to use validated cards elsewhere.
Fraudsters may also program bots to automate and increase the speed and velocity of card testing. Typically, companies see hundreds of sign-ups when they offer a free trial or promotion, so they’re less likely to notice a high volume of testing from fraudsters.
Fraudsters take advantage of sign-up bonuses or marketing promotions by creating new accounts using synthetic identities or fake credentials and identity elements bought on the dark web.
They’ll grab the promo, usually a special or rare item, and sell it on a trading site. This practice can result in revenue loss and poor marketing spend if the company hands out too many promotional items.
Yet if companies are too aggressive about combatting promo abuse, they can increase friction unnecessarily. For example, they may require multi-factor authentication for everyone all the time, which increases the likelihood of locking good players out of their accounts or driving them to a competitor’s website.
4. The ease of microtransactions fuels friendly fraud
While fraudsters are always on a new quest to scam, cheat, and siphon funds from gaming accounts, good gamers can also commit fraud.
Let’s say a child has access to a parent’s mobile device or credit card and uses it to make in-game and in-app purchases. If the parent doesn’t recognize the charges, they may dispute the purchases with their bank in an act known as friendly fraud.
The parent may also call the game company directly and request a refund. While working at an online games company, Hindman witnessed just that. A child made purchases on a parent’s credit card over time, totaling about $10,000, which the company refunded.
“But it was more often that we would see chargebacks,” said Hindman. “So we ended up implementing spending limits, which meant that we had to limit how much money we could collect from legit users to combat problems with friendly fraud.”
Games with in-app purchases or microtransactions are especially prone to friendly fraud. While microtransactions fuel a lot of the friendly fraud seen in the gaming industry, sometimes gamers commit intentional friendly fraud. In this case, gamers purchase a game, play it, and then dispute the purchase or obtain a refund.
These claims typically hurt lesser-known indie developers, as their games cost less than more prominent options. The developers are responsible for proving that the user — and not a fraudster — purchased the games or services. But many times, they lose the money.
5. Fraud and friction deter gamers and guilds
Gamers hold a lot of power over the success of a game and, by extension, its developer.
“A lot of these games have guilds, and some of them are incredibly large,” said Hindman. “And the head of these guilds can be incredibly influential, not only within the game but outside the game as well.”
For example, if the head of a guild has a problem with a game, that person will complain to their guild. The guild will then start talking about the game outside the guild, spreading awareness in the larger community. Eventually, everyone in the guild might leave the game and potentially take other players with them.
Games overrun by fraudsters aren’t fun for anyone. Legitimate players will grow frustrated with scams and bots in multiplayer games. And fraudsters who create multiple fake accounts to win casino games will drive away legitimate players.
Therefore, game companies have to stop fraudsters from ruining their games and create a good experience for legitimate gamers. Any friction or bad experiences for the gamer can damage the company’s reputation.
How to combat online gaming fraud and keep your players happy
An AI-driven fraud prevention solution can tell if a new account, order, or payment indicates fraud. The solution establishes the level of identity trust for every interaction, which allows game companies to block new account fraud, decrease promo abuse, stop digital payments fraud, and prevent chargebacks.
Additionally, an account takeover solution that uses device intelligence allows game companies to collect and analyze device data associated with specific users. As a result, game companies can better identify legitimate players and reduce friction for known players.
“Being able to interrogate a device and know if a person is trusted on the device is important,” said Hindman. “If somebody has successfully been able to phish account information from a user and then tries to log in, we’ll see that they’re not coming from a trusted device, so we’re going to be able to stop that.”
Gamers typically expect transactions to be immediate, so game companies also need a solution that can automate decisions to approve or decline transactions in real time. Without a digital fraud solution, game companies have to review transactions internally by their development or operations teams.
Of course, those reviews take time away from further game development. With online gaming fraud detection, game companies can significantly reduce manual reviews and provide gamers with seamless gaming experiences.