There are 2.2 billion active gamers, and 100 percent of them are at risk from fraudsters. Also at risk: your game’s reputation, customer retention, and your bottom line. Learn how machine learning and AI can keep your game and players safe online criminals, don’t miss this VB Live event!
Don’t miss out! Access here on demand for free.
“So many companies, especially game companies, think there’s no reason they’d get attacked, and they just don’t realize how vulnerable they are,” says Scott Adams, CEO of FraudPvP.com, and former director of fraud and risk at Riot Games. “There are so many issues around hacking and cheating, all the way down to payments.”
Initially brought in as a contractor by Riot Games to just fix their chargeback problems, Adams saw that those issues were only the beginning of the problem. The company had nobody in house dealing with fraud, and hacking, cheating, and financial fraud was a serious issue. He worked to build teams across the world to combat fraud and risk issues at Riot.
His fraud teams even went after and shut down some of the multi-million dollar cheating and hacking companies — ones that created services to help people cheat, from in-game item hoarding to in-game resource stealing, using brute force to hack APIs to steal codes.
Games have a particularly unique set of challenges in fraud detection Adam explains. If this were a merchant, an online digital or physical goods company, you can almost always predict the fraud by thinking about profit. How is the fraudster making money? It’s always simple: they put in a stolen card, test it, and then go sell the card. Or they use the card to buy merchandise and drop-ship it to different places, pick it up, and resell those goods, or use them if that’s what they want.
But with a game, there’s a number of other factors that a lot of people forget about, he says.
“For instance, just ego — the profit doesn’t have to be money,” he says. “It could be that these are people who like to play games. Fraud can be looked at as a game. Can I beat the big game companies? That alone could be the motivation.”
Just as common, and not as obvious to a non-gamer, is the question of in-game items and status and money. Gamers covet the big items of power, the fancy armor, the spectacular mounts and upgraded weapons. They want more in-game currency to buy the things that seem out of reach.
“To a non-gamer it means nothing, but to the gamer it means everything,” Adams says. “The fraudsters take advantage of that.” And it works so often, he says, because there is a huge demographic of kids and young adults in the gaming world.
For instance, fraudsters will offer a discount on in-game currency, which they gain by using stolen credit cards, and then players are asked to log in to a site that looks exactly like the game site, to download their new cash, which they’ll do without a thought. And of course, their account gets hacked. Or sometimes they’ll get what’s promised, but then a week or two later the system catches it and they get their account taken away because they got a chargeback on a stolen credit card attached to their account.
And the fraud methods, modes of attack, and types of attacks are continually escalating, because hackers aren’t gunning for cash in a bubble.
“Fraudsters talk, just like everyone else,” Adams says. “Once they know there’s an issue that someone’s not protecting themselves from, they attack.” But once you put in the effort to mitigate those problems and make their lives difficult, he adds, they go away, and the word spreads, and fraud drops.
“Most game companies go into this field to create a game — they’re not payments and fraud people,” he says. “Almost no engineer starts at a game company and says, ‘Hey, I want to work on fraud.’ They want to build a game.”
Because of that, especially in games, these companies are at risk. The problem is educating game companies and other merchants that before you launch your business, you need to be thinking about how to protect it. Because if you’re successful at all, you’re going to get attacked, especially if you get big.
And it’s so much harder to fight those problems after the fact, he says. When you already have issues, and you also have no protection, it’s so much more costly and complex to go back in and plug the hole in the dam, than it would be to build the game safe and secure, and stay alert along the way.
“As you’re creating this new game or this new service, think every step of the way, how could this get taken advantage of? How could there be profit for a fraudster in this thing we’re building? A lot of times it’s an easy decision to make it so that it will not be profitable for somebody,” he says. “Do it as design, rather than as an afterthought.”
But sometimes the horse is out of the barn, but it’s not too late to close the gate. There are small things a company can do to combat fraud — something as simple as authenticating an email address can make a huge difference. Despite the fact that it could be considered a barrier to signing up, Adams notes that it’s such a common practice that consumers don’t even blink, nowadays.
“It’s so simple to use bots to create fake accounts,” Adams says. “Email verification is not as big a deal as people think it is, and it saves so many problems in the long run.”
There are also simple things to look at like rate limiting. If you have an API, then there’s no reason to make it unlimited, so that the same IP address can hit it thousands of times in a second, he points out. What normal player is going to do that?
But really, it’s about actually taking action. Some game companies will see something like a chargeback, or catch an account that seems to have been taken over, but won’t fight them, or close the account, or take away the stolen items.
“They want to keep gamers playing — they don’t want to create a bad experience for the gamer,” Adams says. “That’s great, and I think you should be looking out for the gamer to give them the best experience possible, but the flip side of that is you’re not sending a message to the fraudsters. If they know they can get away with it, you’ll just get taken advantage of even further.”
He adds that although it might seem like a negative thing, you can also spin it.
“Say, ‘Hey, you know what? We banned your account, but we’re doing that to protect you,'” he says. “It stops people from creating a bad experience for every player.”
To learn more about getting ahead of the fraud curve, best practices for prevention and resolution of fraud, the kinds of signs you should be looking for, and the way to combat them, catch up on this VB Live event!
In this webinar, you’ll learn:
- How the gaming industry can secure gamer data and build trust
- How account takeover, fake licensing, spam, and scams pose a particular challenge to gamers and gaming platforms
- What policies your company should have in place around data breach ransom
- How to combat trolling
- Jeff Sakasegawa, Trust and Safety Architect, Sift Science
- Dean Takahashi, Lead Writer, GamesBeat
- Scott Adams, CEO FraudPvP.com, Former Director of Fraud & Risk, Riot Games
- Rachael Brownell, Moderator, VentureBeat
Sponsored by Sift Science