Fraud equals cheating, the cost of fraud in online games – does the house always lose? Online gamers can be keen to win at all costs. But it’s critical games developers ensure those winning strategies don’t include fraud. Failing to keep ahead of cheats can harm both the reputation of the game and its finances since gamers that don’t feel they have a fair chance at advancing or winning during play, leave and take their wallets with them.
Games played out in virtual universes can draw in thousands of players eager to pit their wits against their rivals. Each is keen to move up through the levels of an immersive gaming experience, winning upgrades and financial rewards – in the currency of the virtual game – as they go. But it’s critical to all involved, from the players to the developers that they do so fair and square. And, when fraudsters or cyber criminals use stolen credit/debit cards or a compromised PayPal account for instance, they change the playing experience for everyone.
In one popular MMO (massively multiplayer online game), a player was found to have been killing characters and stealing their riches. Detection came when other players complained. The punishment? The individual’s in-game avatar was forced to leap off a bridge to their death – and then, just to be sure, the real-life player was banned from the game.
It might seem drastic, but this developer was taking action to protect itself. When players cheat with impunity they’re committing fraud that disadvantages other gamers – and the developers. The same is true for those who rip off in-game currencies or use other fraudulent means to buy their way to advantage. Fraudsters may find the quickest way to win is by using stolen or fraudulent credit card details to buy large amounts of in-game money or other bonus items that give them an unfair advantage. Just as in the real world, virtual gaming currencies sustain economies that are damaged when players are allowed into the game using stolen credentials. This gives them a huge advantage over other players using their own funds.
Sometimes fraudsters go further still, stepping into the world of money-laundering and organised criminal activity. They steal stolen credit card details that are used to buy paid memberships of games, enabling them to earn virtual currency at a faster rate.
Those card details are sourced in the first place through highly organised and illegal activity. Phishing attacks, for example, are launched by email, enticing message recipients to visit and log into a website that at first glance seems to be one they recognise. Through such fake sites, the attacker steals valuable items, from credentials to money, from the victim.
Alternatively, fraudsters may use fake emails to install illicit crimeware on individual computers. By using tools such as keyloggers and screen scrapers, criminals steal card data; use it to buy in-game currency and related items. The currency or even the account may then be sold on for real money, a process known as ‘gold farming’.
THE INDUSTRY RESPONSE
These are very real problems that fraud prevention specialists and game developers alike are taking seriously. Fraud Prevention Company Kount helped develop its own game to explain how criminals operate. Fraud Tycoon uses puzzle-based gameplay to take participants behind the scenes of criminal organisations as they attack vulnerable online businesses. Players take on the role of the fraudster and compete for fake currency that can be spent on tools including stolen credit cards in order to build a criminal business.
Leading UK games developer Jagex is behind highly popular MMOs including RuneScape, which won a Guinness World Record as the most popular free multiplayer online game. But in 2009 such popularity started to cost the company dear. It was hit by gold farming fraudsters using stolen credit cards to earn virtual currency at a faster rate, and then to sell on that currency for real money. Jagex stepped up its protection, and for a time it was successful, although the fraud rules it used to assess applications to join the game meant that many potential players were rejected. In 2011 the gold farmers stepped up the attack once again. That’s when the company knew it needed outside help – and found the Kount fraud prevention system. By implementing the SaaS platform, it cut its rejection rate, enabling it to accept more sales while holding its chargeback rate at about 0.2%. Net credit card income rose by about 4% a year, while its conversion rate on membership subscriptions rose by between 3% and 4%.
Dave Parrott, payment and fraud manager at Jagex, says the system enables him to react quickly. “Kount lets me quickly and easily implement custom rules specific to our transactions. For example, if I detect a new kind of fraud attack I can respond with new rules within minutes.”
WHY IT MATTERS
When fraud goes unchallenged in the gaming world, brands suffer. Gamers start to cancel their memberships and a drift away from the game can be hard to turn around. That has a knock-on effect on advertisers, who will also be discouraged by any news of fraud. Earning new business from either group becomes downright difficult. As a result, games quickly lose sales and become unprofitable. The answer, as Jagex’s example shows, is to invest in fraud detection tools that work.
Acting before fraud happens safeguards the business in the present and protects it for the future. Fraud detection and prevention systems work most effectively when they enable gaming companies to rewrite anti-fraud rules quickly, reducing rejection rates by enabling legitimate transactions to take place in a secure environment. By choking off fraudsters’ ability to operate in online games, studios suffocate their ability to operate at all. Without games to use as a tool for money laundering and other fraudulent activities, fraudsters fail.