By Kevin Gosschalk, CEO of Arkose Labs
Video games have evolved significantly over the past few decades. Once upon a time, the Atari 2600 was the pinnacle of gaming technology and large, bulky hardware was a necessity. Today, gamers have access to a plethora of powerful consoles with 4K video quality and photo-realistic graphics, and smartphones and ultra-fast streaming services make gaming anywhere, anytime possible.
Gaming has also evolved to no longer be a singular, self-contained experience. Most of today’s video games attract thousands or even millions of players from around the world. To foster spirited engagement and competition amongst players, these online platforms include intricate in-game economies, social structures and world-building possibilities, as well as the ability to buy and sell digital goods.
A Ripe Landscape for Fraud
Approximately 700 million people around the world play video games online. And for many, gaming doesn’t even involve their own direct participation: People aged 18-25 are spending 77% more time watching online games on platforms such as Twitch than they are watching traditional sports on television. This explosion in online gaming popularity is impressive, however it’s unfortunately been noticed by fraudsters. What’s more, the rapid adoption of free-to-play games, many of which have millions of daily active users, has also created ample opportunities for fraud.
Transactions on online gaming platforms grew 30% in Q1 of 2020 according to data from the Arkose Labs network, and at the same time there was a 23% rise in attacks against gaming networks. Even more concerning, attacks against gaming networks have only continued to rise since the beginning of COVID-19 related lockdowns. With fraudsters looking to benefit from elevated online activity, nearly one third (29%) of all online gaming traffic is now an attack. This trend will likely continue even after lockdowns are lifted as more people permanently shift to remote work.
Key Attack Vectors to Monitor
With easy access to fraud toolkits, plentiful amounts of stolen user data and cost-effective human resources, fraudsters are currently operating under ideal conditions to carry out large-scale fraud. Additionally, the complexity and intricacy of online gaming ecosystems offer fraudsters a variety of areas to exploit and monetize, including:
- In-Game Assets: In-game currency or items can be stolen or amassed at scale via hundreds of bot-powered accounts. For example, fraudsters can set up fake new accounts to initiate and complete bot-driven gaming sessions in order to collect in-game currency. In-game assets can also be used to disrupt the gaming environment and ruin the experience for legitimate users of the platform, and fraudulent accounts can further take advantage of promotional offers at scale.
- Account Takeover and Reselling: Online gaming faces distinct challenges around account takeover attacks. Attackers break into accounts to steal payment
credentials, resell in-game assets and even resell the account to provide a way of bypassing the true cost of purchasing a game.
- Payment Fraud: Attackers are always on the hunt to steal payment credentials of legitimate users and can monetize stolen credentials gaming platforms. These platforms have virtual stores where customers can buy new games to download and then play, and many games feature in-game microtransactions.
- Profiles and Messaging: Fraudsters can create fake profiles to send spam and malicious messages to legitimate users. They can also downvote videos or other user-created content. Sometimes, this isn’t even done for monetary gain but rather for the sole purpose of “griefing,” or harassing and targeting players online.
- Game Outcomes: Collusive play can allow fraudsters to manipulate the outcomes of real, live video games by using a series of associated accounts. This can lead to massive fraud losses, not to mention frustration and disappointment for trusted users who are trying to enjoy the game.
A More Nuanced, Layered Approach to Security is Essential
To stand a chance at combating ever-rising levels of fraud — and in particular protect their most vulnerable users, i.e. children — gaming companies must employ a more nuanced, layered approach to security. As one of the most highly trafficked industries that’s only continuing to increase in popularity, it’s critical that gaming companies don’t get overwhelmed by volume and prioritize future-proofing their business so they can evolve and adapt to meet any threat, both now and in the years to come.
Gaming companies need robust fraud prevention measures in place which work holistically across web, mobile and games consoles – as well as protecting APIs from bot traffic posing as a legitimate human. They need to go beyond protecting accounts from sign-up abuse, account takeover and payment fraud, but ensure the entire in-game experience is safeguarded from bots and malicious humans. However, in a sphere where user experience is so integral, achieving this in a way that enhances the overall UX for good users is the true measure of success.