The online gaming and esports community has grown to shocking heights in recent years, topping 1 billion in individual streamers per month in 2020. In fact, online gaming has become one of the largest sports in the world in terms of viewership and universities are now even offering full-ride scholarships for their Esport teams. With popularity and widespread adoption continuing to soar, so have the dollars generated. Revenue produced by online gamers hit $159 billion in 2020 and is projected to exceed $200 billion by 2023. While a booming gaming industry opens many doors for businesses, it also spells trouble in the form of growing fraud threats.
With online gaming’s ascendancy comes a flood of fraudsters looking to take advantage of the industry’s low payment barriers and wide access to sensitive information. Cloud accessibility and a lack of know-your-customer (KYC) implementations make gaming platforms particularly vulnerable to a variety of fraudulent schemes. Some established services even allow savvy fraudsters to trade in-game currencies for real-world funds, putting a price tag on account takeovers and similar threats. Mitigating fraud in online gaming requires powerful solutions and comprehensive planning.
Types of fraud
Unfortunately, the Computer Fraud and Abuse Act (CFAA) enacted in the US in 1986 currently does not address all forms of online fraud. The CFAA is also limited to the US in scope, allowing criminal rings distributed across multiple territories to engage in unethical activities.
This regulatory oversight coupled with an increase in online gaming has led to a sudden uptick in account takeovers and fraudulent chargebacks.
As online gaming users’ numbers swell, the potential for fraudsters to pull off account takeover attacks en masse also grows. Leveraging techniques such as credential stuffing, in which thousands of credential combinations purchased on the dark web are tried sequentially, attackers are able to quickly gain access to large numbers of accounts.
Once a fraudster has breached a user’s account, they can exploit all of the information it contains. This may mean selling off the user’s in-game items or selling the account entirely. In cases where payment details and other sensitive information are accessible through a compromised account, attackers may sell this data on the dark web or use it for more advanced identity theft practices.
Chargebacks offer some protection to consumers when they encounter fraudulent merchants, allowing them to recover lost funds through bank or payment platform intervention. However, chargebacks can also be taken advantage of by otherwise legitimate customers and even used as a tool by criminals.
Customers may leverage chargebacks to recover their funds at the first opportunity, instead of contacting the merchant first– a form of “friendly fraud”. Cybercriminals could do the same with multiple accounts after deriving other benefits from a given gaming platform.
Expansion to “Sweatshops”
By leveraging the flexibility of actual human agents through the use of online “sweatshops”, criminals can bypass simpler security methods meant to stop bots. This makes it possible for many small actions to be handled by large numbers of very low-wage workers.
From credential stuffing for account takeovers to spam email sending for more effective phishing, sweatshop workers make online criminality harder to detect and much more difficult to stop.
How to Prevent It
With in-game assets now fetching a collective valuation of over $50 billion, the amount of fraud rampant in the gaming industry is likely to continue rising. Human-driven attacks have begun to grow in prevalence as fraudsters develop new ways to commit online crimes. For now, preventing online fraud as early as possible is the best approach for businesses in the gaming industry. That starts with the implementation of ID authentication measures that work.
Foolproof ID verification weeds out the worst offenders, incorporating additional authentication challenges as needed to protect sensitive information. However, the software must also be designed to function seamlessly to avoid degrading the user experience. That’s where Intellicheck comes in.
Intellicheck offers an ID verification solution designed to work at scale. ID verification is handled in less than a second with 99.9 percent accuracy using a combination of text decryption, facial matching, and liveness detection. This ensures results can be trusted and sophisticated fakes can be sleuthed out with ease.
Trusted by more than 30,000 retailers and 50 law enforcement agencies in the US, Intellicheck can verify identity documents faster than any other solution ensuring users’ safety without disrupting the experience.