The more deeply the virtual world becomes intertwined with the real one, the more sophisticated the methods of online fraudsters become. It would be foolish to doubt that this would affect the gaming industry as well. After all, it’s one of the largest sectors of the internet today, a place where huge sums of money circulate.
Multibillion business – but vulnerable
In 2017, the gaming industry market amounted to 108.9 billion US dollars, and, according to analysts of the gaming world, by 2020 it will reach 128.5 billion. The gaming industry has come a long way, from simple games to building entire virtual worlds.
Without a doubt, it has become a prominent part of modern culture; it often influences other parts – and is itself subject to influences. Iconic games are created based on the plots of iconic blockbusters, or vice versa; computer tables and keyboards are designed and manufactured specifically for gamers – and so on. The size of this market can be estimated by its turnover. But, of course, the most significant cash flows are in the gambling sector of the gaming industry, where games are the closest in principle and in practice to their prototypes in the real world.
Payment providers expend enormous resources on developing increasingly advanced technologies to minimize the risk of fraudulent transactions. The virtual gambling business is among the top five industries most subject to the risk of fraud, as there are ample ways to manipulate transactions.
“As old as the world…”
Traditionally, this type of criminal seizure of money is called “fraud”. But, on the other hand, fraud is a much broader concept. It can refer to any fraud (not necessarily directly aimed at stealing money) in the area of information technology – for example, a breach of personal data from servers that enriches the fraudsters. Unauthorized use of information resources is fraud. It is also the theft of money using the details of someone else’s bank card. It’s clear that the lion’s share of fraud is carried out online, but today we are talking about online fraud related to the gaming industry.
Online fraudsters’ ingenuity is limitless. There is even a global “darknet” where they communicate within large communities, exchange data, information and, of course, new methods for stealing money from gamers, game designers and brokers.
Two seconds for the “shot”
What are the most important things for gamers and payment companies – which are, of course, also included in the gaming system – to know? Experts warn that for a gamer the risk of being subjected to fraud is highest when he opens an account for payment, without which it is often not possible to participate in many games. Forty-eight percent of fraud cases occur at the moment of payment.
However, as it is always and everywhere, an attacker inevitably uses the personal data of clients, which can be the cause of trouble. Therefore, the most important thing to remember is data safety. Identity theft is the most common type of online fraud. Actually, it’s most commonly where the fraud starts.
You’d be surprised, but in the global internet space, personal data are stolen every two seconds. For example, according to online polling company Harris Poll, in 2018, about 60 million Americans became victims of identity theft. In autumn 2018, an international scandal broke out when a data leak of 30 million Facebook users occurred. In September and October of the same year, data from more than 565,000 British Airways clients were stolen.
They don’t need your card … or you, either
Theft of personal data occurs when hackers discover weaknesses in the data protection system of customers of a particular online game. When this happens, fraudsters can change the gamer’s account information, say, the user’s password, then seize the account, create a new one with the name of the victim and quickly make an online purchase of the “card-not-present” operation type.
There are also more sophisticated fraud methods. One of these is to create multiple accounts in certain games like poker if we are talking about an online casino, where there are several participants at the same time at a virtual table. The fraudster plays for several virtual people at once, using several accounts (there are real money accounts for each of them). As a result he gets an advantage over honest gamers, for example, in the first deposit bonus offerings. And then, due to the accumulated bonuses, the game is skewed in favor of the fraudster. Online casinos warn about such dishonest practices, but the fight against them has yielded mixed results.
In private poker games, when there are two participants at the same table, money laundering from one account to another is common. One gamer deposits money from a stolen account and deliberately loses to his partner, so that this partner can withdraw the money from the game account. In other words, he loses nothing because he doesn’t spend anything from his own pocket at all. But then it gets even more interesting.
The fraudster offers a lucky guy the chance to win it back: and the lucky guy makes a bet with his own money. And then the fraudster tries to get this money. Online casinos warn: to prevent money laundering, it is necessary that the bank accounts be the same for deposits and withdrawals of winnings.
Bots as fraudsters
Online fraud is growing as bots are used more widely in games (a bot, short for robot, is a special program). In online gambling, attackers use bots to steal passwords and personal data from millions of users at once. According to ThreatMetrix, the number of automated attacks in the gaming industry is growing at an alarming rate: over 60% of daily gaming traffic is generated by bots and scripts.
Every day it is becoming increasingly difficult to distinguish real users from fake players. Fraudsters use automation and the data of real people stolen earlier to search for new victims. Several years ago, the company Yahoo! reported two major data breaches resulting in the leaking of the email addresses, birth dates, passwords and phone numbers of more than 1.5 billion users into the internet. How exactly these data were used – one can only guess.
Chargeback as a way to “play back”
At the same time, the client himself can act as an attacker. This is the so-called chargeback fraud, the most “friendly” type of fraud. It is initiated by the cardholder himself. The true motivation in this case is simple: a person succumbed to excitement, lost a significant sum of money – and, by creating a chargeback, tries to “play back”.
It can be referred to as a friendly fraud scheme. In the case of a “clean fraud”, the attacker seeks to ensure that all his actions go unnoticed; here he is in plain sight and explains the need for a chargeback by the fact that the service was carried out “improperly” or that he “had suspicions” that the casino was playing a dishonest game.
Family fraud can be thought of as a variant of the development of this idea. In this case, the client declares that his family members have used his card, as a result of which a certain amount of money has disappeared from the card.