(Virtual) Reality Check: How to Stop Online Gaming Fraud
Online gaming fraud is soaring. Here’s what to do about it.
Online gaming fraud is soaring. Here’s what to do about it.
The global gaming market is expected to reach $287 billion by 2026, a significant jump from $168 billion in 2020.
More gamers click-clacking their controllers and keyboards means more fraudsters gnawing at the bit, taking advantage of vulnerable online gaming platforms with exploitable security defenses. In fact, bad actors accounted for more than a third of gaming traffic in 2020.
Perhaps more than any other vertical, the schemes cooked up by fraudsters in the gaming sphere are both multitudinous and exceptionally cunning. The end result, however, is the same for gaming companies: defrauded users, lost revenue, and churn.
Here is a closer look at why online gaming fraud isn’t a game, and how video game publishers and services can hit the reset button and protect players from malicious (and costly) online attacks.
A formidable ATO arsenal
As we speak, gaming fraudsters are running a variety of account takeover (ATO) scams targeting naive players. Much of this is happening in the PC gaming world, specifically on gaming distribution service Steam, which controls about 75% of the PC market.
One scam that’s made the rounds as of late starts off like many others do: with a seemingly innocuous DM. “I accidentally reported your Steam account,” says the bad actor, intimating to the unsuspecting user that they should contact a Steam admin to avoid getting banned. The problem is that said “Steam admin” is in on the heist, so once the player sends screenshots and other sensitive information to the fake admin, it’s game over for their account.
Other common Steam schemes hack players through legitimate-looking third-party websites or item inventory pages. One fraudster, messaging from a compromised friend’s account, might ask a player to visit a website and vote for them to participate in an upcoming tournament. Another fraudster will share a link to a bogus marketplace selling skins (visual enhancements to a character’s appearance or weapon). Login credentials are entered and subsequently phished; accounts are taken over and drained, then used to bait the next batch of players.
When you factor in the classic forms of online fraud — transaction fraud, promotion abuse, friendly fraud — the bag of tricks for gaming fraudsters runs quite deep. And the in-game assets they’re stealing are more valuable than one might think.
No time to play around
For consumers, in this case video game players, having their accounts seized is costly and painful. Aside from losing the money in their digital wallets, players can be stripped of in-game assets (collectively valued at $50 billion) they either purchased or earned through hours and hours of gameplay. Imagine spending potentially weeks or months stacking achievements and stats only to lose it all in a few minutes.
For gaming companies, ATO fraud represents the worst possible version of Space Invaders: measly defense lasers outmanned by endless rows of fraudsters and fake accounts. Revenue is lost; in-game economies are thrown out of whack; users churn away due to a lack of trust; and don’t forget the possibility of a large-scale breach.
Beefing up security at the account creation and verification stages is the right idea, but more friction won’t help matters. Gaming companies must protect their players — and their revenue — but avoid scaring them away with sluggish MFA solutions.
Game on, fraudsters
Protecting online gamers from ATO is comparable to fighting fraud in any other vertical that requires account creation and logging in. Authentication methods like 2FA and MFA can help, but they add unnecessary friction and rely on flawed static data. The panacea lies in real-time insights, dynamic data that can effectively combat ATO schemes like credential stuffing and synthetic identity fraud.
Deduce realizes that ATO is not a game. Our real-time Identity Network taps more than 450 million anonymized user profiles and 1.4 billion daily user activities across participating 150,000 websites and apps to prevent account creation fraud that leads to ATO downstream. Faster and more accurate authentication makes for happier players and robust revenue.
Want to make your user experience seamless and secure? Give us a shout today and see how our Collective Intelligence Platform can keep the good people in and the bad people out.