By Suresh Dakshina
Recently, online games have experienced a rash of fraud-related incidents. Specifically, Facebook allegedly allowed and encouraged friendly fraud with games it hosts, and the wildly popular online game Fortnite has been used by criminals as a platform for a variety of fraudulent activities. As it turns out, online game are targeted by cybercriminals because of the nature of the payment systems within these games, which give easy opportunities for a variety of fraud practices, including account takeovers, friendly fraud, card testing and true fraud that can result in a crippling number of chargeback claims.
Some users have the most basic password credentials, and those accounts are easy targets for hackers. As a result, the real account holders see that their in-game credits are being used and purchases are being made, which then turn into chargeback disputes. This is a major reason why you see chargebacks on the rise for these kinds of systems.
Preventing account takeovers: Right now many games, including Fortnite, offer two-factor authentication, but unless it is mandatory, a large number of account users will chose convenience over security and use single-factor authentication. Normally, companies want to make it easier to login and play, so they often only require eight digit passwords, which can be hacked in minutes by any professional hacker. So requiring 12 to 16 character passwords and two-factor authentication will be positive steps to reduce account takeover fraud.
Friendly fraud is a result of children using their parents' credit cards to make unauthorized online purchases, which result in purchases for which the parents then make chargeback claims. Friendly fraud also occurs when cardholders are well aware of the transactions and yet file disputes with their issuing banks to scam the merchants. The dark side of friendly fraud is that software tools and artificial intelligence are not capable of predicting human emotions and intentions when a transaction happens online.
Preventing friendly fraud: Creating a blacklist database to filter the bad players will help gaming companies reduce their friendly fraud chargebacks. It has been estimated that those who perpetrate friendly fraud will repeat such frauds at least three times if merchants do not take any action in preventing them in the future. Also, internal issues such as poor customer service or deceptive practices can lead to friendly fraud chargebacks. Merchants must analyze these chargebacks closer to know their root cause.
Online games are particularly good targets for card testing fraud because so many in-game purchases are in very small amounts – one- or two-dollar increments. Typically, a thief gains access to a stolen credit card number, or thousands of them, and then begins making test purchases. These are small, incremental purchases at first, but they grow into much more expensive, costly ones once the fraudster knows the stolen cards are valid. Each of these charges, big or small, can become a chargeback filed by the credit card's real owner.
Combating card testing: One way to prevent card testing is to have a fraud prevention tool in place. A good tool can do a velocity check, it can put a restriction on the number of instances that a transaction can come from a particular IP, and it can see how many cards are being used on a single account. This will help block those accounts and prevent card testing from happening.
This is where a credit card is stolen, the card is used to build up a game account and then the account is sold on an online trading site. When the real cardholder discovers these charges, the cardholder will be able to file a chargeback dispute. The criminals can sell the accounts for much less than the amount they charged to the card because it is all profit to them, and the harm falls on the card owner and online game publisher.
Fighting true fraud: One of the best ways to fight this kind of fraud is to have fraud filters and use external tools such as a Payment Card Industry-compliant payment gateway. It should come with fraud screening features, as well as Address Verification System (AVS) and Credit Verification Value (CVV) matching. This is one area where gaming companies are failing because they turn off these filters by default. Having the AVS and CVV will require the card owner provide an address and CVV. This will help cut into identity theft since criminals are likely to only have part of this information.
Because of the volume of virtual, in-game transactions, publishers accept some level of chargebacks, even fraudulent chargebacks, as a cost of doing business. That shouldn't be the case because there are ways for online game publishers to take on chargebacks and fraudsters that preserve their revenue flow and customer experience.
Suresh Dakshina is the president of Chargeback Gurus. A pioneer in data analytics and industry-specific risk management, he is a certified ecommerce fraud prevention specialist and Certified Payments Professional. He understands first-hand the challenges that business owners face, especially when it comes to chargebacks and fraud. Contact him at firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next