As a gaming company in a vastly growing industry, you know that online gaming is all about the community. But a community brimming with fraudsters and scams ruins the experience for everyone.
Whether you run an online gambling platform or host online tournaments for popular video games, you need to be able to detect and prevent any type of fraud.
Fraud Threats Affecting the Gaming Industry
Understanding the fraud schemes most prevalent in online games can better prepare you to prevent them from happening in the first place. Most importantly, you want to catch it before it ruins the gaming experience for legitimate users.
- Account takeover fraud - In an account takeover (ATO) attack, fraudsters hack into gaming accounts to steal stored game currency, specialty items, or change account credentials. Typically, fraudsters gain access to these accounts by mass testing credentials obtained from data breaches.
- New account opening fraud - Fraudsters and opportunistic players commit new account fraud when they open multiple accounts that they have no intention of investing in. The goal is to take advantage of sign-up bonuses and promotions or to cheat in online tournaments.
- Card testing fraud - Card testing involves making small test purchases with stolen debit and credit cards to find cards that are still valid. Often, fraudsters will buy low-cost items such as in-game currency to test cards.
- Friendly fraud - Friendly fraud occurs when customers misuse the dispute process by making false claims of fraud. Sometimes customers forget they made a purchase, don’t recognize the charge on their statement, experienced buyer’s remorse, or make a purchase without a family member’s knowledge.
- Money laundering - Money laundering is especially pertinent in online casinos and games that offer any kind of currency that can be exchanged for monetary value. In this scheme, fraudsters use game currency to turn dirty money into real cash.
How Fraud Ruins the Gaming Experience for Everyone
Gamers hold a lot of power over the success of a game and, by extension, its developer. A good player experience can drastically improve the popularity of your game and increase sales immensely. But fraud and chargebacks can diminish all the time and money you put into creating something brilliant.
Players can get discouraged and abandon your game
Unfair gameplay such as bot use or multi-accounting can negatively impact your game’s success. That’s because gamers share their experiences.
Often, they form online guilds — or large groups of close-knit players — where they talk about what’s going on in games. And the guild leaders can be incredibly influential, not only within the game but outside as well.
For example, if the head of a guild has a problem with a game, that person will complain to their guild. Players will then start talking about the game outside the guild, spreading awareness in the larger community. Eventually, everyone in the guild might leave the game and potentially take other players with them.
Your reputation can sink
Lack of security and fraud protection can ultimately damage your reputation — both with players and financial institutions.
Gamers may hold you fully responsible for anything bad that happens to their accounts — such as an account takeover attack. In fact, according to a recent Kount survey, 43.77% of gamers said they would stop playing a game indefinitely if their accounts were hacked more than once.
You don’t get many opportunities to show players that your game is safe, works well, and is worth investing in. So you have to get it right from the start.
Additionally, too much fraud makes you look bad and damages your relationship with processors and financial institutions. And too many chargebacks can put you at risk for enrollment in a chargeback monitoring program or the closing of your merchant account.
You can lose revenue
Recovering from a data breach or massive account takeover attack can be costly. You have to expend extra labor to repair security systems and reimburse players. All that can cost hundreds of thousands of dollars or more.
Likewise, chargebacks can be a huge drain on revenue — especially if your game offers in-app purchases or microtransactions for small updates, armor, and currency. These transactions can lead to a lot of friendly fraud disputes.
The most common scenario is that a child makes a bunch of purchases in a game using a parent’s card. Later, the parent sees the charges, thinks they’re fraud, and disputes them with the bank.
Sometimes gamers make false fraud claims because they want to play a video game without paying for it or they experience buyer’s remorse. So they might purchase a game, play it, and then dispute the transaction to get a refund.
You can be penalized for failed compliance
If you process transactions, you have to follow AML regulations. Accepting payments that fund criminal money laundering schemes puts your business at risk of failed compliance — which means fines and penalties.
Some states and countries may also prohibit any type of monetary winnings. So you have to make sure you are not violating any laws by accepting gamers into tournaments and competitions that don’t legally allow players to enter.
TIPS & SUGGESTIONS
6 Ways to Keep Your Online Gaming Platforms Secure
Fraud protection in gaming is increasingly becoming essential for success. And with expectations high from players, you have to make sure it doesn’t affect the overall gaming experience.
Invest in complete account protection
More than ever, it’s important to protect your players — from account creation to ongoing account security.
Evaluate new sign ups
You can stop multi-accounting by limiting sign-ups and reducing fake accounts. This process involves evaluating email usage and behavior trends — such as the creation date and date last used. New emails that have only been used to sign up with your platform are red flags.
Device fingerprinting is a method of identifying a user’s device. It collects information about the device software and hardware — such as the browser used, whether it is a PC or mobile device, and more. This method can help you identify users who try to create multiple accounts using the same device.
Implement identity verification protocols
Verification protocols like multi-factor authentication (MFA) can help prevent fraudsters from hacking into player accounts. These protocols require a user to submit more information than just a password. For example, MFA typically sends a link or code to a user’s phone or email address.
You can implement these protocols every time a user signs in from a new location or on a new device to block fraudsters trying to hack the account.
Monitor account activity
Stop account takeover fraud by identifying and challenging suspicious login activity — such as logins from unknown devices or new locations. Then continually monitor account activity like password changes, updated card information, and more. Notify players of unusual activity when changes happen to confirm if the account holder or a fraudster is accessing the account.
Provide clear communication to players
When it comes to stopping friendly fraud, the best thing you can do is to encourage your players to communicate with you when they run into issues.
You can combat some disputes by sending purchase confirmation emails to players. And in that email, include a link to reverse the charge if it was made in error. You can also consider requiring password entry before a player makes an in-game or in-app purchase.
Write clear policies and billing descriptors
Because digital games and assets are often not returnable, make sure players understand how they are going to be billed and what your cancellation policies are. Consider including a link or copy of the stated policies in purchase confirmation emails.
Know who you’re doing business with
Accepting online payments comes with some risks. It’s up to you to make sure you’re not accepting payments obtained illegally. And since you can’t see the people making purchases with you, you have to get to know them in other ways.
Perform KYC verification checks
Know your customer (KYC) checks involve collecting customer information such as name, address, date of birth, and government-issued ID number. The goal is to verify a customer’s identity, financial activities, and the risk they pose to your business.
However, not all your players will need the same level of verification, so you need adaptable KYC checks. Fraud detection software can help you identify which players need more robust checks and which ones don’t.
Transaction monitoring can help you identify suspicious transactions that could be connected with money laundering or other financial crime schemes. The process involves monitoring a player’s transactions such as money transfers, deposits, and withdrawals.
Collect identity insights
The best way to get to know your customers is to collect as much data as possible. The more history you have of a player, the better you can gauge their risk and understand their patterns of behavior. When unusual events occur, you’ll be able to more accurately determine what is fraud and what isn’t.
Monitor your games
If you want to stay ahead of fraudsters, pay attention to online forums. That’s often where players will discuss issues with bots, cheating, scams, and other unfair gameplay. Consider sending moderators into these forums to monitor recurring issues amongst players. Also consider adding a reporting feature in the game so that players can notify you of issues when they happen.
Block bot traffic
Not all bots are bad, but often the ones impacting your games are only there to cause problems. And it’s up to you to resolve the issue. Blocking bots before they infiltrate your games is the best way to ensure your players have the best experience possible.
Firewalls allow you to monitor your site traffic and filter out bad traffic — such as traffic from bots. You can get a better sense of who is visiting your site.
CAPTCHAs are tests that help determine if a user is a human or a bot. When users sign up for a new account or make a purchase, require them to fill out a CAPTCHA.
Block known hosting providers and proxy services
Hosting providers and proxy services essentially help bots run. Blocking providers and services that enable these scams can reduce overall bot traffic and deter fraudsters from coming after your platforms.
If left unchecked, unauthorized transactions can cause major problems for your business. Fortunately, you can take steps to reduce fraudulent purchases.
Require CVV codes
The card verification value (CVV) is a three-or-four digit number on a payment card that’s used to verify online purchases. Businesses can’t store these codes, so fraudsters are unlikely to have them if they obtain card credentials from a data breach. Requiring this information could stop card testing and prevent unauthorized transactions.
Perform AVS checks
Address Verification Service (AVS) compares the billing address provided during checkout to the billing address on file with the cardholder’s bank. If the addresses don’t match, the user likely isn’t the cardholder. Performing AVS checks can help you reduce unauthorized transactions.
Implement encryption protocols
Make sure you're using encryption protocols — such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) — to prevent fraudsters from intercepting sensitive information like login credentials and payment information.
PROTECT YOUR BUSINESS
Fraud Detection Software for Online Gaming Companies
Fighting fraud can be challenging — especially if you’re doing it on your own. The thing is, you have to get your fraud controls right the first time. You don’t want to cause unnecessary friction for players or block good ones, so your fraud solution needs to work in real time.
That means you can’t use fraud tools that require lots of human intervention and oversight. Instead, you need a solution that incorporates machine learning to automate tasks.
If you’re wondering “is there a better, easier way to deal with all these fraud risks?” we’re here to tell you yes. There is.
Kount — the industry’s leading trust and safety solution — can do all the heavy lifting. We have the data, technology, and expertise you need to accurately distinguish between legitimate customers and fraudsters. You’ll have less worry, less risk, more opportunities for growth.
Kount helps Jagex control fraud and improve operations
Jagex was using an internally developed fraud solution for years. And it worked fine until they were hit with attacks that overwhelmed the system. Fraudsters were buying up in-game currency with stolen cards, then selling it online for real money.
That’s when the company turned to Kount. They were able to control the fraud issues quickly so they could focus on improving business processes. As a result, they discovered new opportunities to improve revenue.