In many ways, 2020 has been a year of unprecedented changes for people’s habits — and among the biggest shifts has been gaming’s rapid climb in popularity. But as video game revenues have surged, the industry has increasingly become a more attractive mark for cybercriminals.In this article, we’ll give you an overview of the state of fraud in gaming and cover some advanced techniques that the most effective anti-fraud systems — including our industry-leading solution, Xsolla Anti-fraud — use to protect the operation of your business.As revenues rise, fraud followsNo one could have predicted how important video games would become during the COVID-19 global public health crisis. But at a time when typical interactions have sadly been limited by necessity, gaming has played an important role in helping people to entertain themselves, balance their mental health, and most importantly, stay connected with one another.As a result, there are more people playing video games now than perhaps ever before — as many as three billion people worldwide. This massive volume of interested and active gamers has accelerated gaming’s already staggering climb in growth, helping the industry to more than double in market value between 2013 and 2020. And early estimates suggest that the console segment alone will grow nearly another 20% by 2022, no doubt spurred on by the launch of several next-gen systems this year.Unfortunately, a continued side effect of the gaming industry’s success has been the increased presence of fraudulent activity. Following a trend that began before COVID-19, cybercriminals have attempted to perpetrate fraud on successful games and gaming platforms at higher volumes. And as video game earnings keep reaching new heights, fraudsters have employed more sophisticated methods to defraud successful game studios and their user communities.Why fraudsters target video gamesBecause of the unique circumstances in which global consumers found themselves in 2020, just about every industry has experienced a marked uptick in online payments activity this year. But there are a number of unique factors that make video games a prime target for cybercriminals:
The value of the average gaming purchase is relatively low. When testing payment data from a credit card or other payment method, fraudsters can discreetly make low-value purchases without drawing much attention.
Receipts are sent and received instantly. This makes it possible for fraudsters to test many sets of payment data quickly, often before account holders are aware that their personal information has been compromised.
Gaming has a vibrant secondary market. Purchases of virtual items, virtual currency, or player accounts can be quickly unloaded within active user communities, helping fraudsters to cleanly pocket the resale value of their ill-gotten gains.
Users are quick to blame the seller. Because the mechanics of payments fraud are not universally known to players, it’s typically the game developer, publisher, or platform that approved the fraudulent activity who lose twice — both in revenue and reputation.
An out-of-the box anti-fraud system that isn’t specifically built for the industry may not know enough about how gaming fraudsters operate to catch them in the act. But a solution backed by a partner like Xsolla, with more than 15 years of working exclusively in video games, has the expertise to uncover and stop various types of gaming fraud despite these factors and techniques.Where fraud can hurt you the mostLoss of revenue from fraudulent activity is unwelcome and unjust. But it’s the other loss — loss of reputation — that can be even more damaging, particularly in gaming.More and more every year, the connections between gaming companies and their user communities evolve from transactional relationships to dynamic, ongoing partnerships. This progression is best demonstrated by recent changes in monetization models, where many studios have shifted from relying on singular game sales to building continual revenue streams fed by microtransactions, subscriptions, season passes, and other similar offerings.The trust and loyalty needed to develop these important relationships is difficult to build — and if disrupted by an instance of fraud, infinitely more difficult to repair. Additionally, as gamers can be a particularly vocal crowd, a lone instance of fraud has the potential to spread across a community and disillusion users who weren’t even directly affected, damaging many relationships at once.It’s hard to imagine that an anti-fraud solution may be responsible for preserving and maintaining such an important factor in your business’s long-term success. That’s why a seasoned anti-fraud partner like Xsolla can bear that burden and help you keep valuable resources focused where they belong, on the continued development and operation of your project.Elements of an effective gaming anti-fraud systemGames can differ in many ways, from in-game attributes like genre and gameplay to administrative details like region, monetization model, or launch status. But across categories, games largely operate in similar ways when it comes to the submission and processing of payments.In much the same fashion, instances of fraudulent activity in gaming are neither completely unique nor uniform — and the best gaming anti-fraud systems are not only aware of this dichotomy, but actively integrate it into their fraud detection and verification mechanics.With this in mind, the most effective gaming fraud prevention systems should:
Be well-versed in prominent forms of gaming fraud. The earlier that an anti-fraud system can recognize a known pattern of gaming fraud — such as regional price abuse or purchase automation — and halt the transaction, the better. The most competent anti-fraud systems can draw on large banks of payment data to help filter and identify such activity.
Know the international payment system inside and out. Gaming companies that rightfully focus their attention and resources on their games can find the mechanics of online payments to be complex and arcane, bordering on inscrutable. So to ensure the lowest amount of risk and the fewest chargebacks possible, it’s important that your anti-fraud partner thoroughly understands the authorization, verification, and other compliance requirements that each individual transaction must meet.
Recognize what makes gaming payments unique. While out-of-the-box anti-fraud solutions may be serviceable for gaming, they may not know or be able to offer the kind of individualized attention that every game deserves. Each game’s proprietary attributes — its monetization model, the openness of its community, even its popularity — will help the right anti-fraud partner to correctly apply and calibrate the best-fit anti-fraud parameters and filters to scope out, discover, and isolate fraudulent activity.
Be involved at every stage of the life cycle of a transaction. The best anti-fraud solutions will continually monitor transactions to ensure their legitimacy, from the moment that a user selects their preferred payment method until a dispute is reviewed by their issuing bank.
Verify, verify, verify. Each stage of a transaction comes with its own opportunities to ensure that only an authorized user is attempting to make a payment. Steps in this process can include brute-force protection against a set number of attempts to enter invalid information, authentication against the 3D Secure/3D Secure 2.0, AVS, and/or device fingerprinting security protocols, and user behavior analysis with manual review of transactions that still seem to draw the wrong kind of attention.
Understand the difference between malicious and “friendly” fraud. Some instances of fraud may be accidentally caused by users themselves, whether it’s as simple as a child using a parent’s credit or debit card without permission, or a payment resulting from the forgotten auto-renewal of a subscription. Capable anti-fraud systems can differentiate these types of instances and work with sellers to correct the issue without a penalty.
Discover fraudsters’ behavioral “tells.” The subtle differences between a fraudulent and a legitimate transaction can sometimes be detected by running its activity against the recorded and stored payment data of prior sessions. Parameters or events such as how long the user takes to complete a stage of the payment or enter their payment data can act as a marker of fraud and tip off the right anti-fraud partner to halt the transaction in time.
Next stepsWhile 2020 has helped the video game industry to achieve record earnings, it can also bring unwanted attention from fraudsters seeking to pick your business’s pocket and do irreparable harm to your relationships with your user community. But as your trusted partner, Xsolla can deliver what you need for a strong defense against fraud, including:
Over 15 years of exclusive gaming-related payments and fraud expertise
Powerful anti-fraud filters built on a hybrid machine-learning mechanism
Custom filters and parameters to address your project’s specific needs
24/7 manual review of disputed transactions
Multilevel security checks at every stage of every transaction
Cross-game analytics and a fraudsters database for closer tracking
AVS, 3DS/3DS2, and PSD2 compliance (with Strong Customer Authentication)
Intimate knowledge of gaming fraudsters’ behaviors and techniques
An in-depth understanding of compliance requirements for both the international payments system and monitoring programs of major global credit card issuers
Full dispute management services for credit card and PayPal chargebacks
Contact us at business@xsolla.com to learn about how we can help you build a powerful, effective anti-fraud solution tailored to meet your business’s needs.
Marketing for Indie Video Game DevelopersRead Blog
How the right web shop partner can transform your mobile game monetization
Discover how partnering with the right web shop provider for your game can optimize your monetization strategy, enhance player engagement, and drive significant revenue growth—up to 10% or more.