I’ve been fighting fraud for more than 15 years and before I joined my first video game company, I’d thought I’d figured it out. Fraud was nearly always about making money in the fastest way possible for the fraudster, and it was generally divided in to two categories: true fraud and friendly fraud. True fraud is fraud with the intent to steal money or to knowingly defraud a merchant, like a guy who steals a stranger’s credit card number and goes on a spending spree. Friendly fraud is fraud that usually happens without criminal intent, such as when a husband uses his wife’s credit card and then the wife doesn’t recognize the charge on her statement and requests a chargeback.
As anti-fraud professionals, we try to stop the true fraud with different technological tools like machine learning, velocity checking and user authentication, all to verify that the customer is who they say they are. The goal is to track and prevent behavior that is outside normal purchasing activity. For example, if someone is trying to put through ten transactions on the same card in five minutes, that’s a clear red flag. In many companies, even allowing two transactions on the same card in a matter of hours can be too much. Those patterns are, in most cases, fraud, and the criminal is probably testing a card to see if it works. That’s just common sense, right? I used to think so too, before I started working in video games seven years ago. .
Friendly fraud is harder to prevent since this fraud is very likely is a normal transaction. Frankly, we shouldn’t even call it fraud since in most cases no one is trying to harm the merchant or commit a crime. Most of the time the chargeback is a mistake on the cardholder’s part. Unfortunately, the rules applied by the credit card networks mean that any complaint like this that’s made by the consumer is still considered fraud and the merchant is blamed. That is why we still call it fraud. This type of fraud is often prevented through better communication with the consumer, and by making sure the text on websites is clear and understandable to the consumer. You can use some pattern recognition and trust indicators, as well, such as how often the person normally purchases or if they are logging in from the same places when they make a purchase. So while friendly fraud is different in motive from true fraud, there can be some overlap in the tools we use to fight it.
Now we get to video games. This world is different when it comes to fraud, and it’s where my common-sense fraud approach was first challenged. Let’s break down some of the differences in payments and fraud across the video game space.
Children Play While Parents Pay
The first unique challenge in video games is that the credit card statement is often the only communication the video game company has directly with the cardholder. Often the player is a child, and the cardholder is a parent. Yes, this sometimes happens outside of games, but nowhere near as often.
Some big obstacles can arise here. The email receipt is usually sent to the game account email address, which is often not the cardholder/parent’s email. This is especially true if it’s a kids game. The child/player gets to the payment gate, arrives at the card entry page and asks mom or dad for the payment info or uses saved payment info already in the system. The parent enters their information and goes off to do something else. They may not even understand what they just bought. This is why it’s important to make sure the descriptor on the credit card statement is the video game name and not, as is often the case, the corporation’s name. Think about it: when a kid references a game, they say, “I’m playing Super Crazy Party Kickboxing Badgers in Hats!” not “I’m playing the latest game produced by Acme Game Productions, Inc!”
Tackling in-game fraud
A second major way that video games differ in fraud fighting is that often, fraud is part of the game itself. I said earlier that most true fraud is motivated by stealing money, so our anti-fraud common sense is looking for that, but what’s really motivating fraudsters is profit. Profit doesn’t have to be money when it comes to gaming. In video games, profit can be in-game benefits, like weapons or power boosts, or it can be success at the game and the bragging rights that come with it.
The guys doing this kind of fraud are some of the smartest people around, and in general, they actually like the game very much. They want to succeed at it by whatever means necessary. Perhaps they want to “beat” the game so they can show off to their friends, or they may try to cheat or hack the system to get to a better game rank or position or to get a more powerful weapon. If you, as the anti-fraud agent, aren’t thinking like these guys do, you’ll totally miss these common video game motivations for fraud.
Fraud in video game currencies
A third way that video games differ from other verticals is that they often use a virtual currency. This is a new concept to many who aren’t in the gaming space, but it’s expanding to other spaces quickly. In a normal card-not-present transaction, we get a lot of payment data to help us stop fraud. For gaming companies, this is true at the point of the credit card transaction, but often the money from the payment is immediately converted into virtual currency, which is spent in the game. At that point you don’t have the payment or other data anymore, and what happens to the currency is tougher to track.
Each individual virtual purchase made with in-game “gold” can almost never be tracked back to the initial in-real-life (IRL in gamer speak) monetary purchase. It can even get more complicated. Some games let players earn free virtual currency instead of having to buy it with real-life money, so the pot of gold in-game is now a mix of purchased and earned virtual spending power. But wait, how about another obstacle? Some games let players use virtual currency to send gifts to friends or other players in the game or even just send the currency outright to someone else. Tracking these transactions can be a nightmare.
Every second counts in video games
Last, conversion rates can affect the gaming space differently than other verticals. Conversion rates are always important to all businesses and when you delay a transaction even by a few hundred milliseconds it can lower the conversion rate. In a regular purchase when you are buying a physical item online, it’s usually acceptable if you must wait half a second for the order to go through. However, for a gamer that half-second delay could mean life or death in their virtual world. This creates a unique problem for fighting fraud in gaming. As a gaming anti-fraud professional, you cannot delay the transaction even by a few hundred milliseconds even if that normally helps to prevent some fraudulent transactions in other payments spaces.
Fighting video game fraud can be fun
Now that we’ve looked at some of the unique issues that arise in fighting fraud for the gaming space, you may feel a bit like David in “WarGames,” the only winning move is not to play. But don’t despair! Fighting fraud in video games still shares a lot of similarities to fighting fraud in other verticals. Where it differs tends to be with the motivations of the fraudsters and the gamification of the currency and rewards. These add a complex dimension to fraud fighting, but if you remember what is keeping the bad guys coming, you can shore up your defenses and fight them off. A little bit of strategy, a little bit of brute force and a little bit of love for the gaming experience is what makes fighting fraud in video games so rewarding. So, ready to queue up? GLHF (Good luck, have fun)!