Recently there has been a rash of fraud related incidents with online games, specifically, Facebook allegedly allowed and encouraged friendly fraud with games it hosts, and the wildly popular online game, Fortnite, has been used by criminals as a platform for a variety of fraudulent activities.
As it turns out, online game are targeted by cybercriminals because of the nature of the payment systems within these games that give easy opportunities for a variety of fraud practices, including account takeovers, friendly fraud, card testing and true fraud that can result in a crippling number of chargeback claims.
Some of their users have the most basic password credentials, and those accounts are easy targets for hackers. As a result the real account holder sees that their in-game credits are being used and purchases are being made, which then turn into chargeback disputes. This is a major reason why you see chargebacks on the rise for these kinds of systems.
Preventing Account Takeovers: Right now many games, including Fortnite, offer the option for two-factor authentication, but unless it is mandatory, a large number of account users will chose convenience over security and use single-factor authentication. Normally, companies want to make it easier to login and play, so they often only require eight digit passwords, which can be hacked in minutes by any professional hacker. So requiring 12-16 character passwords and two-factor authentication will be positive steps to reduce account takeover fraud.
Friendly fraud is a result of children using their parents credit cards to make unauthorized online purchases, which result in purchases that the parent then make chargeback claims. Friendly fraud also occurs when the cardholder is well aware of the transaction and yet files a dispute with their issuing bank to scam the merchant. The dark side of friendly fraud is that software tools and AI are not evolved to predict human emotions and their intentions when a transaction happens online.
Preventing Friendly Fraud: Creating a blacklist database to filter the bad players will help gaming companies reduce their friendly fraud chargebacks. It has been estimated that friendly fraud will be repeated at least 3 times if merchants do not take any action in preventing them in the future. Also, internal issues such as poor customer service or deceptive practices can lead to friendly fraud chargebacks. Merchants must analyze these chargebacks closer to know the root cause of chargebacks.
Online games are particularly good targets for card testing fraud because so many of its in-game purchases are in very small amounts – one or two dollar increments. Typically, a thief gains access to a stolen credit card number, or thousands of them, they then begin making test purchases. These are small, incremental purchases at first, but then grow into much more expensive, costly ones once the fraudster knows they’re possible. Each of these charges, big or small, can become a chargeback filed by the credit card’s real owner.
Combating Card Testing: One of the ways to prevent card testing is to have a fraud prevention tool in place. A good tool can do a velocity check and it can put a restriction on the number of instances that a transaction can come from a particular IP and see how many cards are being used on a single account. This will help block those accounts, and prevent card testing from happening.
This is where a credit card is stolen, the card is used to build up a game account, then the account is sold on an online trading site. When the real card holder discovers these charges, they will be able to file a chargeback dispute. The criminals can sell the accounts for much less than the amount they charged to the card because it is all profit to them, and the harm falls on the card owner and online game publisher.
Fighting True Fraud: One of the best ways to fight this kind of fraud is to have fraud filters and use external tools such as a PCI-compliant payment gateway. It should come with fraud screening features, as well as AVS and CVV matching. This is one area where gaming companies are failing because they turn off these filters by default. Having the AVS and CVV will require the card owner provide an address and CVV. This will help cut into identity theft since criminals are likely to only have part of this information.
Because of the volume of virtual, in-game transactions, publishers accept some level of chargebacks, even fraudulent chargebacks, as a cost of doing business. That shouldn’t be the case because there are ways for online game publishers to take on chargebacks and fraudsters that preserves their revenue flow and customer experience.
To help online game publishers fight chargebacks, Chargeback Gurus has released a guide, Why Chargebacks are No Longer a Cost of Doing Business, that provides a roadmap for business on how to avoid chargebacks effectively and significantly improve their bottom line. The guide is free to download.
About Suresh Dakshina
Suresh Dakshina is the President of Chargeback Gurus. A pioneer in data analytics and industry-specific risk management, he is a certified e-commerce fraud prevention specialist and Certified Payments Professional. He understands first-hand the challenges that business owners face, especially when it comes to chargebacks and fraud.