How to stop payment fraudsters from winning
1 / 15
Overview: Online Gaming
Is In Hyperdrive − So Is
In 2020, the gaming industry saw explosive growth as the COVID pandemic dramatically changed people’s lifestyles and entertainment choices.
As retail, sports and social venues closed, gaming filled the gap. The market doubled almost overnight as both players and revenue skyrocketed. On the dark side, fraudsters also came along for the ride.
*ACI internal data
2020 saw a 100% growth in gaming.
2021 has seen a 152% rise in fraud*.
2 / 15
Security is now one of the biggest challenges facing the gaming industry
Payment fraudsters are actively targeting the booming, but relatively security-immature, gaming industry to go after quick, easy money. Friendly fraud is also rising as children and young adults fuel micropayments (and chargebacks) with their parents’ cards and stored payment details, as spontaneous gamers try to back-track on in-game purchases they regret.
It’s not all fun and games
The desire to monetize experiences and reduce player friction is leaving gaming merchants wide open to payments fraud.
As chargebacks rise, merchants are feeling the impact on their profit margins. They are actively looking for ways to reduce risk and protect revenue while keeping games easily accessible to legitimate players.
This eBook helps you fight back
- Six traits that make gaming vulnerable
- Seven common forms of gaming payments fraud
- Top tips to keep your fraud strategy on track
- Why it pays to keep payment options open
3 / 15
1. Gaming Is A High-Risk Sector
Wherever items and services are bought and sold, there is a risk of payments fraud. What makes your gaming business more vulnerable than other retail and entertainment sectors?
New ways to monetize, a shift to mobile experiences and an explosion of alternative payments are creating more opportunities for payments fraud.
4 / 15
The size of the prize is hard for fraudsters to resist
Within the entertainment sector, gaming is by far the largest revenue generator outperforming both box office and music.
Popularity and opportunity
By 2023, there will be more than three billion gamers in the world. Although they cover all demographics and ages, the young are particularly at risk. Due to COVID, they’re also spending more time online and downloading more games on their mobile devices. This creates a wealth of opportunity for fraudsters to access and intercept their payment details.
Attitudes to experience and risk
To protect their business from fraud, gaming companies need to authenticate players to ensure their identity and payment card ownership. However, gaming companies worry that increased authentication will introduce friction into the payments experience, and as such, may be reluctant to compromise a great gaming experience for a significantly safer one.
The global gaming market will hit $175 billion
5 / 15
Six things that make gaming a prime target for payment fraudsters:
The gaming market size is global; it spans from children to adults and includes digitally connected individuals.
Diverse gamer behavior
Behaviors vary as a result of both end-user demand and particular games. Consider atypical activity driven by the game design, including sharing, bartering, etc.
57%1 of gaming revenue comes from mobile apps. 62% of attempted payments fraud attacks in 2020 were via mobile2. Fraud is easier as mobile provides much less end-user detail than consoles.
Younger gamers are especially vulnerable to fraud as they unwittingly overspend. Gamers like to win − they can become the bad actors that attack your games.
Checkout UX versus security
Most game businesses use low-friction authentication. Consumers see gaming as a low financial risk, and as a result, tend to use less secure passwords.
Group chats about how to cheat, target gamers and override game security are regular features on social platforms and are popular with threat actors.
6 / 15
2. Fraudsters’ Favorite Hits
Cyberattacks such as malware, ransomware and distributed denial-of-service (DDoS) involve disrupting markets, selling passwords and other personal information in volume, or stealing and pirating licensing or copyright.
Payments fraud, however, relates specifically to activities that involve falsely creating, diverting or withholding payments.
Imagine finding out your credit card has taken a big hit from in-game purchases that you did not authorize. Upon logging into your game account, you see the upgrades and loot that you purchased have been transferred to another player’s account.
7 / 15
Seven common methods of attack:
1. Account takeover (ATO)
Scammers use phony friend requests or fake links to steal users’ personal data and payment details from gaming apps. ATO fraud grew 114% in 20201, and the trend shows no signs of slowing down.
2. Family, friendly or first-party fraud
Typically this involves reversed and disputed payments and chargebacks. It occurs when a legitimate transaction is disputed by the card owner to avoid paying.
3. Secondary sell-on
Juniper Research estimates the value of in-game items listed on secondary markets in 2019 was $16.7B. Nefarious players can purchase these items with a stolen payment card and sell them to other gamers.
4. In-app purchase fraud
Over the last few years, in-app purchases and loot box models have become increasingly common. Nearly half of gamers (47%)2 spend money while playing. There is now a black market for loot boxes.
With high volumes of low value transactions, gaming platforms are often targeted by fraudsters to test cards before selling them.
6. Real money trading (RMT)
Some gamers exchange real money for virtual in-game goods, services and even cheats on unofficial sites. This leaves them vulnerable to fraudsters who take their money and run.
Fraudsters attempt to obtain sensitive information such as passwords or credit card numbers by setting traps for gamers. In-game phishing is common with massive multiplayer online (MMO) gamers.
8 / 15
3. The Warning Signs
Left unchecked, payments fraud can cost your business dearly.
Financial loss includes fines, compliance restrictions and higher fees imposed by card issuers if chargeback ratios are excessive. There is also the loss of reputation, loyalty and acquisition fueled by bad publicity.
Gaming companies who regularly experience high fraud and chargeback rates may also find that issuers are less willing to approve their authorization requests, feeding ‘soft declines’ and creating roadblocks and poor conversion.
Gaming merchants must ensure that efforts to guard against fraudsters don’t detrimentally impact honest players or compromise their experience.
9 / 15
Suspicious behaviors don’t necessarily equal fraud.
By gaining insight into player behavior, you can avoid blocking legitimate traffic, improve acceptance rates and increase revenues. 87% of gaming payment transactions are accompanied by data on previous activity1. Used wisely, this can help reduce friction and insult rates.
Three data-clues that could indicate payments fraud:
1. Unusual spending
Velocity and spend levels not typical of a gamer’s purchase patterns could mean that they’re not who they say they are.
2. Abnormal behavior
A different access device with an unusual digital fingerprint can expose a different user in a different location, or even a bot.
3. A blank history
28% of all fraud attempts are from people with no previous recorded history with the gaming company2. They are three times more likely to attempt fraud than customers with at least one day’s transactional history.
1 ACI transaction data
2 ACI transaction data
of gaming payment
accompanied by data on
10 / 15
4. Top Tips To Stay Safe
Want to know how to minimize risk without compromising experience? Here are nine tips to keep your fraud strategy on track:
1. Combine fraud management with proven payment tools
From strong customer authentication (SCA) and biometrics to encryption, tokenization and 3D-Secure, there are many tools to keep your payments secure and compliant. Make sure yours are up to date and optimized.
2. Consider a multi-acquirer strategy
The more allies, choices and fraud strategies you have on your side, the better.
Using more than one acquirer lets you build better safeguards with easier compliance, greater resilience and lower costs. It can also boost conversion − one of ACI’s online gaming customers boosted conversion by 42% using* multiple acquirers.
* ACI transaction data
11 / 15
3. Maximize margins with an acquirer-agnostic gateway
Employ a payments orchestration strategy with multiple acquirers and leverage connections (to cross-border and local acquirers and to alternative payment methods) to build a best of breed, ultra-secure payments platform.
4. Mix up fraud strategies for new customers and those with account changes
Check them out by using different strategies which utilize different features, authentication and verification methods.
5. Get more out of analytics
Machine learning helps automate processes and can be tailored by region, product, channel or any number of combinations. Build rules based on complex customer profiling to maintain approval rates to ensure conversion.
6. Use real-time fraud screening
Making real-time calls pre- and post-authorization will drive up fraud screening accuracy.
7. Access silent mode rules and third-party checks
Orchestrate your fraud setup with silent mode rules that ensure alerts and controls are in place, and costs are optimized. Prioritization is given to payments acceptance while still maintaining visibility of emerging trends and potential risk.
8. ‘Fingerprint’ users to minimize friction
To prevent ATO fraud, profiling tools and device fingerprinting can help identify changes in behavior, location or devices, which might be a signal of fraudulent activity, including differentiating between humans and bots.
9. Remove ill-gotten gains and educate friendly fraudsters
Prevent second-market fraud by working with marketplace leaders and social apps to educate gamers and to ensure there is no value to the resold currency or items.
12 / 15
1. No fraudster is the same.
No solution is either.
There is no single magic bullet that will remove payments fraud entirely. The best ammunition is not a one-size-fits-all approach, but a bespoke gaming solution tailored to your market, audience, payment methods and transaction patterns that focuses on the highest approval rates at the lowest cost.
2. Lock fraudsters out, but avoid being locked in.
Because of the many different types of payments and purchases in gaming, it is best to use payment partners that allow you to implement an individual approach for each product, region, payment type, risk level or market, for any combination of each.
Opt for agnostic platforms that let you manage a myriad of payment partners so you can build a best-of-breed platform that includes fraud, as well as other performance KPIs.
3. Make ACI your secret weapon.
Partnering with dedicated payments optimization experts, who are already working with other gaming companies, ensures the highest acceptance rates, lowest friction and chargeback rates at the lowest cost.
Establishing a close relationship with your local ACI fraud and payment optimization specialist will not only unlock experience borne by ACI’s global reach, but also help you keep your finger on the pulse with expert analytics as fraud trends mutate and genuine patterns emerge in an ever-volatile world.
14 / 15