The secret to securing online gaming is being able to tell human players from virtual ones.
The online gaming industry has a unique set of security challenges that other e-businesses don’t have to worry about. Unlike e-businesses which are based on the sale of goods, online gaming, whether it’s pay-for-play card games or traditional betting, is by nature more erratic in terms of the flow of money – making it a tempting target for fraud.
It’s an industry that’s booming, too, generating billions of dollars from players worldwide. Technology, both on the desktop and on mobile devices, has been the driving force behind the phenomenal growth. Unfortunately, while it’s easier to play than ever before, the new technology also lets more organized cyber criminals defraud poker sites and their good players. Fraudsters can circumvent traditional detection so despite the gaming industries best efforts, fraudulent deposits, cheating and collusion, chargebacks and money laundering persists. Cheating at cards has a long and infamous history. Is it any wonder that we see it happen in the virtual world, too?
This is not to say that the online gaming industry is a wild west in terms of security – it’s not. It’s a mature market raking in huge revenues. And because statistics are at the heart of gaming, they’ve also developed incredibly sophisticated data analysis tools that can determine with high accuracy if, for example, a six-player poker hand is being gamed by one person with multiple accounts. But that just looks at one point in the player’s history. Why settle for a snapshot when you can see it all play out from beginning to end?
Looking at the snapshot, analyzing the game as its played, is one tool in the arsenal. But there’s another security layer that can be added to it, one that observes the players before the game starts and even across the lifetime of the player. Building complex models of behavior is the secret weapon about to sweep online security – a real game changer that will show the difference between a flesh and blood player from the sock puppet accounts and the scam artists.
Every human being has unique behaviors and habits that are dead giveaways, but the gaming industry isn’t interested in learning what a player’s tells are. Behavior-based security is more interested in how they hold their device, how they type and whether they use a mouse or a trackpad when playing. It’s these non-identifying but wholly unique behaviors that combined create a player profile that can’t be spoofed and can’t be fooled.
What does fraud look like for the online gaming industry? Credit card fraud turns up, of course, with stolen cards being used to set up or fund betting, and in some cases being used by a single player running several accounts in the same game so they can purposefully lose on the stolen card and funnel that money into the scammers personal account which can be cashed out later. A single user running multiple accounts fill a six-player room save for one other player, almost guaranteeing that they will win or multiple accounts may just be used to cash in on new user promotions that match start up deposits or give bonuses for completing a set number of games.
When scams happen, it’s not just the company that takes the hit when the game ends. The good users that find themselves defrauded won’t stay to play another hand. Customer retention is a huge issue in an industry where what’s offered changes little from site to site. If a site becomes known for fraud, there is little a company can do but undertake a costly rebrand and relaunch.
Because of the nature of the game, setting up a user account for online gaming is more involved than setting up an account for an e-commerce website. A first round of registration needs to confirm things like the user’s birthday and they typically run checks against personally identifying information, possibly even requiring scanned documents. But with the prevalence of data breaches flooding the market with exactly these kind of credentials, these checks are of limited use. If personally identifiable information can be faked or stolen, what’s left for companies to use? Behavior.
Not only that, but behavior-based fraud detection goes deeper than just figuring out which account has a human being on the end, and which are one of an array of puppets. Behavior-based security methods will also tell you if an account has been stolen from its owner or if a new account is being made by a customer with past gaming difficulties. Behavior can even be leveraged into predicting a budding gaming addition by comparing the behavior of past addicts against current users and taking necessary steps, stopping chargeback complaints, also known as first fraud, from players who have gone overboard.
The takeaway of what behavior-based security can offer the online gaming industry manifold: a reduction of losses from fraud exposure due to chargebacks, increasing efficiency by blocking fraudulent accounts at account creation, reducing the review process, and growing player trust and satisfaction without interrupting the user experience. There’s too much money on the table to leave it to chance. By knowing which of your players are real and which are virtual before the game even starts puts the odds, finally, in your favor.