Top 4 fraud schemes affecting mobile gaming — and how to stop them

Morgan Ackley | Tuesday, January 31st, 2023 | 5 minutes

In the past year, consumers globally have spent $116 billion on mobile games. Meanwhile, mobile games have made up 30% of game purchases in 2022, according to the latest roundup for gaming statistics. So it’s no surprise that mobile gaming has become one of the most popular forms of gaming, surpassing PC and console platforms. Anyone can play anywhere they want.

Unfortunately, online gaming fraud is a huge risk to the gaming industry. And when it comes to mobile games, fraudsters have an easy advantage for committing fraud.

Poor app development standards and security make businesses across industries, from QSRs to clothing retailers, vulnerable to mobile app fraud. Pair that with the value stored within apps, such as payment information, loyalty points, game currency and assets, and you have a goldmine for fraudsters.

But when a fraudster steals that information and uses it to make fraudulent purchases or sell on trading marketplaces, the victim usually files a dispute with their bank. And app developers and gaming companies wind up paying big for those chargebacks.

It can cost thousands of dollars to develop a mobile game. So app developers and gaming companies must understand the risks that mobile gaming apps pose and what they can do to prevent fraud from ruining their games.

1. Fraudsters use fake apps and malware to steal user information

Fake apps wind up on official app stores all the time. And with mobile gaming apps, fraudsters can create a fake version of an app that closely resembles the original game. When a user downloads the fake game, it installs malware on their device, giving the fraudster access to it.

For example, let’s say a gamer downloads a fake version of a popular gaming app. The fraudster who created the false app can now access the gamer’s private messages, take control of the device, or log the gamer’s keystrokes to get password credentials.

After gaining access to all the gamer’s passwords, the fraudster can break into bank accounts, credit card portals, and other gaming accounts. And they rack up charges on all the gamer’s accounts.

Once the gamer discovers their accounts have been compromised, they may dispute fraudulent charges with their bank to get their money back. And the responsibility for those chargebacks falls on every game developer whose accounts were hacked.

Fraudsters may also steal user information using malware to inject malicious code into gaming apps. This code gives them backdoor access to a user’s device. From there, the fraudster can install additional malware, steal payment information, and execute additional commands on the device.

2. Fraudsters create new accounts to make fraudulent in-app purchases

It’s expensive to acquire new players in mobile games and even more expensive to get them to make their first in-app purchase. So it’s essential that those in-app purchases are legitimate. Otherwise, developers lose money to chargebacks.

Free-to-play mobile games that feature in-app purchases are particularly vulnerable to new account fraud. A fraudster creates a new account and uses a stolen credit card to level up the account, buy digital goods, or load up the account with gaming currency. Similar to online streaming fraud, they sell the account on a trading site.

When the cardholder calls their bank to dispute fraudulent charges, the developer winds up paying for those chargebacks. Additionally, the developer’s brand reputation may suffer. New players may find the game too risky to download if their game becomes known as a conduit for credit card fraud and scams.

3. Fraudsters use spoof sites to hack into game accounts

Fraudsters are not above using old-school phishing tactics to hack into mobile gaming accounts. Often, fraudsters send emails or texts to gamers, telling them that their gaming account will be suspended if they don’t verify their information.

In the message, the fraudster will include a link to a website made to look like a legitimate gaming website and coerce the gamer to open the link to verify their account information. Once the gamer enters their login credentials on the spoof site, the fraudster gains access to their gaming accounts.

After that, the fraudster can steal credit card information stored on the account, change account details, change passwords, and even sell the account. In fact, 21% of gamers in a recent Kount survey said they’d been hacked in the last year. When account takeover attacks like this happen, gamers often blame the game company for not offering better account protection.

They may spread the word about a data breach in the larger gaming community, eroding confidence among players. Account takeover attacks ruin brand reputations and cost businesses a lot of time and money in labor to fix the damage.

4. Fraudsters launch click fraud schemes that waste marketing spend

Mobile gaming thrives on free-to-play apps that allow players to purchase virtual items in-game with real money. These microtransactions are how developers make their money.

Developers spend billions of dollars marketing these games and acquiring new players each year. To get those new players, they work with advertising networks, paying a certain amount for each new installation of the game.

The advertising networks work with smaller agencies that create ads that force open official app stores when users visit a mobile website. Since they are paid per installation, smaller agencies may use bots to download games repeatedly.

So while it looks like a developer’s game is acquiring tons of new players, in reality, they’re getting a bunch of bots that will never play the game. Essentially, the money developers spend on marketing their products is completely wasted.

Digital fraud solutions prevent revenue loss and protect mobile gaming accounts

The key to preventing mobile gaming fraud is knowing who your good players are and who to block or challenge. A solution with device intelligence technology can accurately identify a device and flag anomalies every time a user logs in to a website or app. Thus, businesses can personalize the experience for known customers while detecting and stopping fraud in real time.

Additionally, an account takeover solution protects customer accounts from account takeover attacks, identifies abnormal behavior and risky logins, and reduces customer friction at login. The solution challenges abnormal behavior with multi-factor authentication (MFA).

For example, say a fraudster is trying to log in to an account on a mobile app using a series of usernames and passwords. The account takeover solution can identify that the device is unknown using machine learning and device intelligence technology. Then it can recognize that the unknown user is trying to breach a player’s account and challenge or block the behavior with MFA.

Implementing mobile and online gaming fraud detection that can protect mobile gaming accounts and saves your business from costly account takeover attacks and chargebacks. Don’t let fraud waste the money you spend on game development and marketing.

Related content

See more related content

Kount can prevent revenue loss from mobile gaming fraud schemes


Morgan Ackley

Content Strategist

Morgan has worked in the tech industry for over 5 years. Her breadth of knowledge and curiosity about technology and all things fraud-related drive her to craft compelling, educational pieces for readers seeking answers.