Last year was unlike any other in recent memory. It ushered in a new way of life, as digital interaction for work and play drastically increased. Online gaming, in particular, was one of the top pastimes as it became a social lifeline, with its robust online communities and ability to forge friendships to overcome the isolation blues.
Online gaming is a top target for fraudsters
Tapping into an increased demand for interactive digital entertainment avenues, online gaming not only saw a prolific increase in the number of players, but also in the number of hours as well as the money spent. It is estimated that during the pandemic the number of users playing video games in the U.S. rose to 79% while the time spent on gaming increased 26% and the money spent increased 33%. Online gaming companies experienced the biggest engagement levels and increased revenues that are projected to touch US$31,328m by 2025.
This explosion of activity in the online gaming industry also contributed to the fact that there were 2.5x more attacks in Q1 2022 than Q4 2021. Gaming platforms were barraged with bot attacks as attackers launched high-volume campaigns to target multiple consumer touchpoints, with fake account registrations seeing the highest increase of 86% from Q4 2021.
The gaming fraudster is an expert and focused on their target
To understand what makes the gaming industry so attractive to fraudsters, we analyzed the profile of a typical gaming fraudster and the ease of orchestrating an attack on an online gaming platform. Probably located in one of the fraud hubs including Vietnam, Brazil, Russia, Indonesia, or India, this fraudster has a high playing volume but a win rate of less than 5%. That does not imply that the fraudster is frittering away time and resources on the gaming platform.
He is an expert when it comes to platform knowledge and is highly focused on the target. He has no fear of the consequences and will maneuver his resources in every manner possible to maximize the ROI, relying on a number of power ups which include data brokers, identity farms, fraud farms, money mules, arms dealers, marketplace, infrastructure providers, and coders. Often, this fraudster is not a loner as he collaborates and communicates with other gaming fraudsters on other platforms.
A gaming fraudster is watchful and looks to scale up the attacks with defined peaks around promotions and events. He executes millions of attacks every day, attacking up to 74% of the traffic, and scales up the attacks further during the holiday season.
How a gaming fraudster maximizes ROI
Fraudsters are in the business of making money and try to maximize profits with the least possible investment. While we know it is neither too difficult nor too expensive to execute a fraud attack today, our deep-dive research revealed some shocking results into the fraud costs. A typical gaming fraudster would spend around $350 on proxy servers that provide him with more than 150,000 global IPs and unlimited bandwidth. He would spend another $92 on dedicated root server hosting, and $28 on server license. When it comes to bot attacks, they can be launched at scale for around $470 dollars per month or $15 per day.
Once the investments are in place, it is time for the fraudster to make money. A fraudster can pay for an entire month's costs through a single day of reselling accounts. He can easily resell about a 1,000 fake new accounts for anywhere between $1 and $5. However, it is the compromised accounts that bring in the maximum profits, with valuable accounts resold for up to $3,000.
Banning suspicious users can be counterproductive
Since the business of online gaming fraud provides fraudsters with high returns, it becomes imperative to make the attacks less attractive by making them more expensive. Often, fraudsters exhibit good behavior initially and play the game legitimately only to launch attacks later. They seek out dormant accounts for credential stuffing attacks and attempt account takeover of valuable accounts with rare or valuable assets.
Many online gaming platforms resort to banning suspicious users, which may prove counterproductive as it may even lead to banning good users. Therefore, in order to fight against online gaming fraud, companies need a fresh approach that allows them to accurately identify and stop bad actors without disrupting the digital gaming experience for authentic users. To this end, in order to fight against online gaming fraud, online gaming companies need to strengthen their checkposts at the time of entry – new accounts creation and logins.
Bankrupt the business model of fraud
The Arkose Labs platform monitors new and returning users by affording them an opportunity to prove their authenticity. Based on real-time risk assessment of the users, they are presented with adaptive enforcement challenges. These challenges are fun for authentic users but cause bots and automated scripts to fail instantly. Malicious actors are continuously presented with increasingly complex challenges to sap their time and resources, which erodes the economic returns from the attack. Eventually, the attack becomes financially non-viable and the fraudsters are forced to abandon the attack.
To learn how Arkose Labs helps leading online gaming brands safeguard their platforms from fraud and online abuse while delivering a seamless gaming experience for good users, please book a demo now.