Online gaming – the practice of playing video or gambling games over the internet – has increased significantly in recent years, particularly since the pandemic, which forced many people to turn to digital methods of entertainment.
According to Statista, there were an estimated 1.13 billion online gamers worldwide in 2023, with global online gaming revenues reaching around USD 26.14 billion. An industry this big isn't without its challenges, one of them being online gaming fraud. That's any type of illicit activity on gaming platforms aimed at manipulating outcomes, defrauding players for financial gain, or causing reputational damage.
For gaming industry professionals and any business involved in selling games, preventing and detecting internet gaming fraud is imperative to a) keep gamers safe, b) avoid financial losses and reputational damage and c) boost business growth.
Read on to learn about the devastating effects of online fraud on gaming businesses. You'll also discover some of the best methods of prevention and detection.
Types of online gaming fraud
Online fraud in the gaming industry takes many forms. Below, we explain some of the most common scams.
Multiple account fraud
Multiple account fraud is where a fraudster creates and uses multiple accounts for the same game to appear as different players. By doing this, the fraudster can manipulate game results to force genuine players out of the game and increase their chances of winning.
This type of fraud is often used in online gambling. A fraudster might use an emulator or virtual machine to create multiple accounts to take advantage of signup bonuses. It's also used in head-to-head games, where the fraudster owns both player accounts and uses one to lose deliberately, guaranteeing that the other wins.
Friendly fraud chargebacks
Friendly chargeback fraud occurs when customers dispute a legitimate digital charge with their bank and request a refund. This can happen when customers forget about a purchase they've made or misunderstand the terms and conditions of a service and face charges they're not expecting. It's also common after impulse buying when customers change their minds and request refunds.
Friendly fraud chargebacks are costly for businesses, as they lose the original transaction payment and incur administrative costs and fees for returning the funds. Multiple parties are involved, including the issuing bank, acquiring bank, and payment gateway. Businesses that have a high number of chargebacks may receive penalties—or even account termination—from payment processors.
Chargebacks911 compiled a report to demonstrate just how much businesses lose due to chargeback fraud – one frightening statistic included (from LexisNexis) is that merchants lose around $3.75 for every $1 lost to chargebacks.
Credit card fraud
In online gaming, 'true' credit card fraud occurs when a person's card details are stolen and used illegally to create new accounts, add credit to existing accounts, and make in-game purchases. These accounts are sometimes sold to trading sites, resulting in more revenue for the fraudster.
This type of fraud can also result in friendly fraud chargebacks as customers dispute unauthorised transactions with their bank or payment provider.
Bonus abuse
Bonus abuse is linked to multiple account fraud and accounts for 50% of all fraud cases in the gambling industry. It involves using several accounts to take advantage of new customer signup offers, in-game rewards, re-engagement offers, and referral programmes.
An example is when players sign up for numerous online casinos to collect welcome bonuses. They play a few low-risk games to meet the minimum requirements of such bonuses, withdraw their winnings, and move on to the next site.
Bonus abuse leads to gambling sites removing offers or offering lower bonuses, which can deter legitimate gamers from signing up and engaging, resulting in missed revenue. This type of fraud is also tightly regulated, and gaming platforms can face hefty fines if they don't have systems in place to monitor and prevent it.
Account takeovers
An account takeover is when a cybercriminal hacks into someone's account using stolen credentials or automation software that continuously tries different password combinations until it eventually cracks the code (also called credential stuffing). Account takeover fraud is widespread and is expected to grow to $16.8 billion by 2025.
Once a hacker has 'taken over' an account, they may sell the original owner's in-game items for gaming currency or other resources, sell the account to someone else, or use the victim's sensitive account information for different forms of identity theft.
Affiliate fraud
The gaming industry often uses affiliate partners to promote its services and attract customers. Affiliate fraud is a type of third-party fraud that occurs when affiliates use dishonest methods to increase their commissions.
For example, they may create fake accounts and add deposits so that the gaming provider pays out rewards to players who don't exist. They can use bots to rack up clicks on their affiliate links (click fraud). They may also abuse pay-per-click (PPC) or pay-per-lead (PPL) campaigns. Like the other methods here, affiliate fraud causes great financial losses to the gaming industry.
Effects of online games fraud on businesses
Online gaming fraud is devastating for businesses in the industry. It causes financial loss, damaged reputation and goodwill, not to mention legal issues...
Financial loss
Financial loss occurs directly and indirectly as a result of online gaming fraud. One of the leading causes is chargebacks, where customers falsely or unknowingly claim that a transaction is unauthorised. In this situation, gaming vendors lose the revenue and virtual services provided to the player and incur extra charges for processing the refund.
Indirect financial losses involve affected players leaving the platform because their accounts have been hacked or taken over, or they've moved on to another provider to collect bonuses. Businesses also end up wasting money on advertising and collecting bad leads.
Damaged reputation
When genuine players are affected by online gaming scams like account takeovers and payment fraud, they may lose trust in the gaming site and stop using it. Word spreads quickly, so brand reputation is then at stake.
Additionally, payment processors consider online gambling platforms high-risk, so if there's a spike in chargebacks, they can be banned. This has a knock-on effect on players, who will see fewer options for making deposits.
Legal issues
In addition to potentially having their accounts terminated by payment processors, gaming companies and gambling sites can become involved in all sorts of legal issues should there be any reports of money laundering.
Gaming giant Roblox is facing a class-action lawsuit over possible money laundering after it came to light that over 300 Roblox players are using in-game currency to purchase bogus in-game goods. The activity suggests that these players are transferring money (under the radar) to others within the platform.
Preventing online gaming industry fraud
Here are four of the best preventative measures that can help prevent online gaming fraud. Many of the big online game companies are already using them.
1. User authentication
User authentication or verification is the process of checking and validating user identities to prove they are genuine. Robust user authentication procedures can thwart fraudsters who try to hack into accounts or steal login credentials.
The most secure method is multi or two-factor authentication. This is when two or more methods are used to determine user identity. Typically, along with a username and password, players are prompted to enter a unique PIN code sent to their device via email, an SMS verification service or a third-party authenticator app.
Verifying ID documents accurately is also essential. Ensure your technology can determine whether players upload fake, computer-generated images instead of actual photos of their ID. Also, consider installing CAPTCHA, a computer-based challenge and response test designed to ward off bots.
2. Strong game security
Individual games and gaming platforms also need to be secure to prevent chances of fraud. Cybercriminals are always looking for vulnerabilities in gaming platforms to get access to and steal sensitive user information that they can either sell or use for various cybercrimes. You can deter this activity by installing a firewall and SSL encryption and regularly updating software and security patches. It also helps to educate players on how to keep their accounts secure and play games online safely.
3. Payment verification
Payment verification is vital for checking that payment is being made by the actual cardholder and not a scammer. This not only keeps user accounts safe but can also help reduce chargebacks.
Payment verification can be done via the cardholder's CVV code or an AVS check, where the billing address provided in a transaction is compared with the issuing bank's address information. (Some banks, such as Santander, also send payment verification notifications to customers, asking them to approve transactions via their smartphone fingerprint ID, facial recognition or an OTP code.)
4. Data enrichment processes
According to Experian, data enrichment is "the process of incorporating new updates and information into an organisation’s existing database to improve accuracy and add missing information." It's all about building on your existing data to make better business decisions and improve customer relationships.
Data enrichment can give gaming companies a deeper understanding of users and their online behaviours. Monitoring user behaviours, e.g., the frequency of logins, device fingerprints, IP addresses, and email profiles, can help prevent fraud, again ensuring users are genuine and their accounts are secure.
Detection of online gaming industry fraud
Methods of internet gaming fraud detection include choosing the right eCommerce provider, utilising AI and machine learning, regularly monitoring user activity and strong verification processes. We break these down in detail below.
Choose a reliable eCommerce provider
All gaming platforms need an eCommerce arm to take payments and offer in-game purchases. Choosing a reliable provider to protect players from payment fraud is essential. When doing research, check the following:
Their experience in the industry.
Whether they're certified to the Payment Card Industry Data Security Standard (PCI-DSS).
The frequency of risk assessments.
What technologies are in place for flagging suspicious transactions.
Regularly monitor for suspicious activity
Use monitoring tools or fraud detection software to identify any suspicious activity on the gaming platform, for example, individual players who are winning more frequently than usual or user logins from a different device. Notify individual users if the latter happens and prompt them to change their password to secure their account.
Use AI to enhance intelligence and safeguard players
AI is increasingly used in the gaming industry to differentiate fraudsters from legitimate players and detect multiple account fraud, credential stuffing and account takeovers.
Messente's anti-fraud specialist Karl Kalvik explains why: "AI offers huge benefits for gaming providers. It can analyse new player accounts, carry out device intelligence, learn normal player behaviour patterns and detect any unusual deviations in real-time that may indicate fraudulent activity. It's a vigilance tool, identifying and safeguarding against unusual activity and helping provide a secure environment for players."
Employ machine learning (ML) to detect fraud
The fast evolution of internet gaming fraud has made it imperative for gaming vendors to be equipped and up-to-date with AI and machine learning technologies. (Machine learning is a type of computer science. It uses data and algorithms to enable AI to learn and improve its accuracy.)
Machine learning algorithms can detect anomalies in normal behaviour, helping gaming providers spot suspicious attributes sooner so they can become proactive rather than reactive in the fight against fraud.
Strong KYC verification process
KYC stands for 'Know Your Customer.' It is a set of standards that protects businesses in the financial and digital security sectors from fraud, money laundering, corruption, and other crimes. KYC involves establishing and verifying customers' identities and understanding the nature of customers' activities.
KYC can help make online games safer by properly verifying player identities before allowing them to use the gaming platform. For example, it requires all players to provide valid ID documents, like a government-issued passport. KYC helps detect and prevent identity theft and multiple account fraud.
Understanding how fraudsters operate
Finally, it's essential to have a good understanding of how fraud occurs in the online gaming world—especially as fraudsters are very clever at finding new loopholes and methods of exploitation. Staying on top of industry news and trends can help businesses formulate strategies and policies designed to prevent and protect against gaming fraud.
The battle against internet gaming fraud
Online gaming and gambling fraud is devasting for the gaming industry, not just for platforms and providers but also for genuine players who just want to enjoy this form of entertainment.
Fortunately, there are some steps to take to prevent and detect the most common types of fraud, including:
Ensuring robust user authentication processes are in place.
Investing in good gaming security and keeping software updated.
Carrying out payment verification and data enrichment.
Using a reliable eCommerce provider.
Using AI and machine learning to monitor and detect suspicious user activity.
Further reading: learn more about account takeovers and tips for prevention.
