Avoiding Regulation: Why the Video Game Industry Must Develop Cybersecurity Standards Before Lawmakers Intervene
In-game fraud, account takeover, and identity theft are happening every day in online PC, console, and mobile games, leaving both consumers and publishers to bear the brunt of the damages. Despite the proliferating threats, video game publishers are having a difficult time embracing the reality that their industry has become a primary target for cyber attack. In the United States, if such attacks continue, history suggests that the government will eventually step in to pass regulations to protect consumers.
This whitepaper outlines the current cybersecurity threat landscape of the video game industry; explores historic government intervention in similar industries plagued by online fraud and crime; considers what regulation would mean for the video game industry; and provides practical solutions for preventing well-intentioned, but likely adverse, governmental regulations from coming to fruition.
To receive the complete white paper, please use the request form below.
Following the Money: Video Games as a Target for Cyber Attack
Video games, and the ways that we play and pay for them, have changed significantly in the span of a decade.
They have evolved from static, single player, offline games to dynamic, multiplayer, online experiences with virtual economies that interface with the global ‘real money’ economy. Overall, the evolution of the online video game business model has been beneficial for players and lucrative for developers and publishers. Yet, financial success often comes with unintended consequences. For the online video game industry, those unintended consequences have emerged in the form of cyber attacks. While fraud and abuse have existed in games since they first came online, attacks perpetrated by hackers, fraudsters and cheaters now plaguing the industry are soaring in sophistication and frequency. This whitepaper aims to explain the origins of cyber risk and threats to video games; establish background on the industry’s responses to it; and provide tips and best practices for publishers to protect the integrity of the gaming experience in the era of cyber threats.
To receive the complete white paper, please use the request form below.
How Video Game Account Takeover Cost One Publisher a Loyal Player
Account takeover is one of the most serious problems facing online video game publishers today. Game accounts hold valuable personal and financial (i.e. credit card) information, but also hold virtual items and virtual currency that have been bought or earned in-game by the player who owns the account. Like bank and eCommerce accounts that also hold value, game accounts are locked behind a username, password, and other login controls. With the video game industry’s rapidly changing business model, online video game accounts are increasingly a target for account hacking and takeover. This Use Case tells the true story of an account takeover in a popular MMO, describes the costs and consequences for the publisher and the player, and describes how Panopticon Labs’ Watchtower tool uses anomaly detection and behavioral analytics to detect account takeover before it’s too late.
Modern Day Money Laundering: How Hackers and Fraudsters are Exploiting Online Video Games to Make Millions
Today, when assessing an online video game’s overall risk profile, credit card fraud and associated chargebacks rank highly among publishers as major causes of financial loss. As a consequence, significant attention and resources are devoted to stopping credit card fraud, chargebacks, and fees that, on average, cost the merchant an additional $2.40 for every $1 of losses. Credit card fraud is perpetrated through hacking existing player accounts and using the connected credit cards to purchase virtual currency. With the rise of free-to-play games, however, fraudsters can also purchase lists of stolen credit card account numbers on the dark web, create hundreds or thousands of free-to-play game accounts, and purchase virtual items and currency using those stolen card numbers without ever having to “hack” into anything. In both instances, after the virtual items are purchased using stolen cards, they are sold to other players for real money in an online gray market for a fraction of a publisher’s official price, which negatively impacts the game’s revenue.
How Criminals are Profiting from Cheaters and Destroying Games
Cheating in video games primarily occurs through hacking, or modifying the game client. Video game hacks are readily available for free or sale online, and enable botting, including auto-leveling and goldfarming, and straight-up cheating. Automation (i.e. botting) hacks facilitate around-the-clock game play designed to quickly level up characters or amass in-game virtual items and currency, a process known as gold farming. Virtual items earned this way can be used to make a character more powerful, or can be sold for real-world money on the online gray market. In addition to botting, hacking the game client allows cheaters to get around core rules and controls designed to keep games fair for all players. This use case illustrates how cheating hacks can negatively impact a successful game, and introduces Panopticon Labs’ Watchtower tool as a proactive option to identify and stop cheaters before they destroy the game.
Video Game Bots Target Publisher Revenue and Destroy Player Experience
In order to stock the online gray market for virtual items and currency, enterprising cyber criminals often use scripts that automate gameplay, allowing a “bot” to play 24-7 and level up quickly, ultimately maximizing the collection of valuable virtual items and currency.
At best, bots are merely annoying to legitimate players. At worst, they severely hinder both in-game experiences and gameplay itself. Many gamers value the social and cooperative aspect of games, so a nonresponsive “player” repeating the same action over and over again without end and getting in the way as you try to navigate the world has no positive benefits to a game. Beyond the damage that bots can do with a game’s reputation with and experience for players, they frequently result in real money damages to the publisher — revenue lost to the gray market, increased staff time combating bots, server costs to host all of these fake players, and more.
The 5 Ws of Analytics Based, In-Game Fraud Detection
Online video games are favored targets for financially-motivated cybercriminals as the global games market reached nearly $100 billion in 2016 with no signs of slowing down. This fraud and abuse can diminish in-game revenues, hurt players’ experiences, and even affect the long-term viability of the virtual world and the developer’s IP.
The good news is that bad guys’ activities leave a noticeable trail in the form of behavioral indicators that can be modeled to predict future events. The bad news is that many games are not logging the right data to make use of modern, analytics-based fraud prevention techniques. This report was developed to help video game publishers and developers ensure that they are logging the proper data in order to effectively combat in-game fraud and abuse.