This February, The Fintech Times is taking a deep dive into the world of gametech. Grab your headsets and controllers and plug in to hear about the latest tech and celebrities influencing the market to the development of eSports and much more.
The evolution of the gaming market has been a godsend for many during the pandemic, offering new means of socialisation when everyone was restricted in lockdown. Unfortunately, wherever there is a successful market, there is always a group trying to capitalise off of it illegally.
Reviewing gaming fraud in 2021, Kevin Gosschalk, CEO, Arkose Labs told The Fintech Times, “Attacks on gaming companies are consistently the most persistent and targeted we see outside of financial services. By November 2021, 27 per cent of all gaming traffic is malicious on Arkose Labs, with most attacks attempting account takeover attacks. Gaming companies are susceptible to all the normal attacks that digital businesses can expect, including account takeover, bot attacks, payment fraud, fake account fraud and more. However, due to the intricate in-game economies that have sprung up, attackers have a lot of extra incentives to attack these platforms instead of many other digital businesses.
“In-game botting is one such incentive which is used to illicitly earn virtual gold, power-ups and other assets that can be sold for cash on the black or grey market, in something known as real money trading. In fact, hacked gaming accounts can be sold on for thousands of pounds when they have a lot of assets, due to the ability to sell these assets on for hard cash.
“Gaming companies use an array of innovative solutions to defeat this, because fraud and in-game botting and abuse can massively disrupt the in-game experience for genuine users and hurt their revenues. Using multi-layered risk decisioning to assess the legitimacy of activity across their platforms and across the full customer journey (from sign up, login, payment transactions, and when carrying out actions within the platforms), they are able to assess activity based on real-time risk signals across device, network and location. Gaming companies also use advanced behavioural analytics to spot suspicious activity and implement a user-centric challenge strategy that can provide secondary screening of high-risk traffic. Another suggestion is to increase collaboration by working with vendors who already work with an array of gaming companies, in order to benefit from shared attack signals and proactively protect against attacks.”
What do scams look like and who has fallen victim?
The pandemic has accelerated gaming fraud as fraudsters saw an opportunity to capitalise on the market’s exponential growth. Scams were produced in various ways according to Kaspersky who found that links to third party websites, emails confirming financial details, shared account information and weak password logins were some of the main ways of infiltrating and accessing the victims’ data.
Kamran Hedjri, CEO of PXP Financial, said, “Fraud is an important issue in gaming. Players of online video games such as Roblox, Fortnite and Fifa have frequently fallen victim to scammers. The fraudsters, often gamers themselves are perfectly placed to use the platforms to defraud players of their money and identity. A fifth of gamers have either been a victim of a gaming-related scam, or know someone who has. Worryingly, less than a third know how to spot one. Fortunately, however, there are many tools to help counteract fraud. Every player’s behaviour is screened, and each transaction passed through a wide range of checks via risk platforms which, solo or combined, might trigger flags in the system and help gaming companies identify legitimate vs fraudulent transactions. Ultimately, the growing role of AI in understanding and analysing behaviour patterns helps identify and block fraudsters. AI tools constantly learn and become an effective weapon in fighting fraud before it happens. Chargeback management is also key in combatting this problem.
Further analysis from Kaspersky found that 2FA is one extremely strong way of preventing gaming fraud. An added layer of confirmation inaccessible to criminals would flag up concerns for potential victims. However, the added layer of protection can be time consuming and stressful, not what a consumer wants when they are relaxing playing games. As a result, many overlook this. However, video game companies should give this more attention says Fraser Edwards, CEO of cheqd, as currently, it is the banks that are looking out for the consumer.
“Gaming fraud has grown by 393 per cent in the last year, and a significant proportion of the fraudsters are first time offenders. This shows that gaming fraud is lucrative and that the barrier to entry is extremely low. With in-game currencies and the move to ‘Play to earn’, where players are rewarded with currencies, the opportunity for fraud will only increase through vectors like Account Takeover (ATO) or secondary markets for in-game items.
“The reality is that many game accounts are now as valuable as bank accounts, yet their security and regulation are near non-existent. At the moment, the fraud prevention is being facilitated by industry outsiders, such as banks like Lloyds, whom have begun sending warnings and guidance to customers.
“Hopefully, gaming firms will enhance their customer protection efforts, such as enforcing two-factor-authentication, before they are regulated into doing so.”
With various gaming accounts fetching fees from $100-$1000, depending on the contents of the account, users with poor security are walking a tight rope to ensure the safety of their digital assets if they do not implement any cybersecurity measures. This responsibility should fall to the developer, not the end consumer though, and with the market’s rapid growth, should be made a priority.