The gaming industry had a record year in 2020 — but where there’s success, there’s a higher chance that fraudsters aren’t far behind.
Here are five developing gaming fraud trends that you should watch out for:
In 2020, global consumers drastically shifted their habits toward making more payments online, including and especially for gaming. According to our data, this spike in online payments has resulted in as many as 2.5 times the number of fraud attempts compared to the previous year.
At the same time, the average fraud attempt in 2020 was for an amount that’s more than twice the value of the average legitimate gaming payment. This largely due to the fact that fraudsters often attempt fewer, more expensive purchases over a higher number of smaller purchases, as a higher volume of payment attempts will draw greater scrutiny from the fraud filters and checks used by the payment systems involved:
To combat this, we recommend applying additional fraud checks and verifications to the most expensive purchases made among your users. Closely monitor your users’ behavioral patterns over time, and take note of any sudden, sharp changes. If your game is performing well — and we hope that it is — be prepared to turn the dial up on your anti-fraud efforts to stay safe.
A significant amount of users who have made the shift to online payments within the last 12 months are doing so for the first time. Many of them either didn’t have access to online payments until now, have recently become old enough to make payments online, or are older and never needed or wanted to make the shift until now. In all of these cases, these users lack basic financial and IT literacy for online payments due to their inexperience, presenting fraudsters with a fresh crop of unexpecting victims.
In gaming, these new users can often fall for phishing scams, where fake surveys, other false “fast money” opportunities, or significant discounts on game keys or in-game goods are advertised to them on gaming forums or social network pages. Once a fraudster has captured the user’s payment data, they will attempt to buy game keys, virtual currency, or virtual items either for the purpose of reselling at a profit or for personal use.
For this type of fraud, we recommend that you closely manage your game’s forums or other online gathering places, and warn your community not to buy games or gaming goods from non-sanctioned third-party sites. If one of your users becomes a victim, do what you can to help. It’s also a good idea to activate additional verification for unsafe payment methods.
The use of prepaid cards has become more prevalent for online gaming payments in the last year. Unlike a credit card or debit card, they come preloaded with a specific value and they’re not tied to a user’s identity or personal data. They’re also highly popular as gifts, especially for kids.
Within the last 12 months, prepaid cards were used in 4.6% more overall online gaming purchases, but 7.5% more online gaming fraud attempts in the same period. So while they’ve grown in overall popularity for users, they’ve grown even faster in popularity for fraudsters. And by our estimate, prepaid cards are likely to account for somewhere between 15% and 17% of online gaming fraud attempts by the end of 2021.
The key to the appeal of prepaid cards for fraudsters is the relative anonymity of prepaid card users. Prepaid card providers often view their cards as safer and choose not to apply additional fraud checks to payments because either their cardholders don’t have a personal account at all, or they don’t have a phone attached to the account, which would be necessary to pass authentication checks from standard security protocols such as 3D Secure.
As a result, gaming fraudsters are increasingly trying to use prepaid cards to perpetrate fraud on your users and your business. To procure these cards, they will either steal them directly or compromise a user’s personal account (such as a bank account) to purchase prepaid cards for themselves, and then use these cards to make gaming purchases that appear legitimate.
To protect your business, we recommend that you always use the most detailed info about your users’ payment cards when authenticating purchases, including the card type. Always watch your payment traffic to detect abnormal patterns early and make real-time adjustments to the filtration parameters of your fraud prevention system. Finally, always apply the same security measures to authenticate prepaid cards as you would for credit card and debit cards.
The EU Revised Directive on Payment Services (PSD2) officially went into full effect in September of 2019, with some EU countries requiring an extension until the end of 2020 in order to become fully compliant. To create additional protections for consumers, PSD2 established a new baseline security requirement for online payments called Strong Customer Authentication (SCA), which mandates multi-factor authentication for online payments, among other improvements.
One security protocol that meets the requirements of SCA under PSD2 is 3DS2, a multi-factor update to the original 3-D Secure protocol developed over a decade ago. According to our data, applying 3DS2 authentication to online gaming payments can reduce your fraud rate to a level below that of non-3DS-protected online payments and online payments that are only protected by the 3DS 1.0 protocol:
For the strongest defense against fraud, we strongly recommend that the company from which you receive commerce support services — such as a payment service provider, payment gateway, or Merchant of Record — utilizes the 3DS2 protocol when authenticating payments. Also, analyze efficiency and conversion rates when you work with acquiring and issuing banks.
Between 2019 and 2020, the top five countries experiencing online gaming payments fraud by volume looked like this (listed alphabetically):
If you take a quick glance, you may think that Argentina’s sudden emergence on this chart is directly tied to its overall growth and emergence as a relatively new market for online gaming. But on closer inspection, it’s actually more closely related to regional pricing, where fraudsters take advantage of conversion rates to buy game keys and other gaming goods in order to resell them on third-party sites for a profit.
When this scheme is combined with stolen payment data from personal accounts, fraudsters can do some real damage — which is especially frustrating as Argentina and other markets like it are still working to establish themselves.
To reduce market-specific fraud, we recommend that you only sell region-locked game keys, effectively nullifying any regional-pricing-based scams. Also, take special notice when a user changes their country, whether it’s the country of their payment card or other payment method, their issuing bank, or the server on which they regularly play your game.
These five fraud trends represent only a small window into all of the ways that fraudsters may already be targeting your gaming business and your users. If you follow the best practices provided, you’ll build a stronger defense — and Xsolla can help you do them all and more. With over 15 years of experience exclusively in gaming, Xsolla’s best-in-class anti-fraud system:
If you’re not an Xsolla partner, contact us at firstname.lastname@example.org to learn about how we can help you defend your business and your users from gaming fraudsters.
If you’re currently an Xsolla partner, email your account manager and set up a time to discuss how our expert team can help you apply additional custom filters to your fraud defense.