Don’t Let the Fraudsters Win: Take the Right Approach to Safeguarding the Online Gaming World
By Dany Naigeboren, Head of Risk, APAC, Forter
Online gaming has been called “the industry that never sleeps” — not just because avid gamers play late into the night. Around the clock and worldwide, online games are played building connections between people from different countries and cultures. A highly competitive and fast-paced sector, new games and updates are released frequently to keep players engaged. This sense of community brings its own success: PwC predicts the industry will be worth $321 billion by 2026.
In Asia, market research firm Niko Partners predicts brisk growth for the sector despite the challenging economy. In their latest industry report, Niko Partners estimated the number of gamers in Asia-10 (comprising six Southeast Asia countries, Japan, Korea, India and Chinese Taipei) will surpass one billion by 2026. This number is approximately more than half of the total players in the world, according to other industry analysts.
An Ideal Playground for Fraudsters
Being the lucrative market that it is, fraudsters, too, love online gaming. This makes the ecosystem highly susceptible to fraud given the nature of digital goods being an easier, quicker target – less verification, no physical shipping address, ease of reselling items, and user preference for real-time transactions and anonymity.
According to our data, digital goods could face fraud pressure surmounting to as much as 7x more than retail merchants — leading to either very high declines rates — with a lot of friction like 3DS — or high chargeback rates.
In addition, there is a thriving market to enable gamers to exchange and resell items, skins, and even accounts — and payments can be made using virtual credits, which come with bonuses and benefits. All of this is great for gamers, but it also smooths the path for fraudsters.
Finally, gamers who most often go by their gaming handles (no real-world identity) tend to make quick purchases mid-game. The last thing they want is a delay. That means fraud prevention decisions have to be made quickly, putting pressure on fraud teams which can make accuracy more difficult.
Evaluating Your Current Approach to Online Gaming Fraud
All the above risks put tremendous pressure on companies within the online gaming ecosystem to take steps to protect their business from fraudsters. Since fraudsters are experts at taking on the appearance of good customers, for many companies, this means taking a conservative approach to approvals.
Unfortunately, many companies protect their companies by adding delays and frustrations for good users — which isn’t suitable for gamers or the companies in the space. It doesn’t have to be that way.
Fraudsters use stolen payment methods to make gaming purchases, use small dollar purchases for card testing, and leverage stored credit, points, and gift cards within accounts to buy desirable items. Given that consumers across Southeast Asia have access to more than 200 alternative payment systems, including digital currencies, e-wallets, debit cards, bank transfers, and PayPal, there’s huge potential for fraudsters.
To guard against this risk, many companies prefer to avoid risk by setting a high bar for transactions so that only those orders that they are confident are legitimate get through. This is a pragmatic approach to risk management, but it lets in loss from a different direction — rejecting good orders from gamers who do not fit a typical pattern of a good customer.
Why 3DS Is Part of the Answer — But Not in the Way You Think
3DS can seem like the ideal answer to a high-risk problem in the online gaming ecosystem, and, especially in APAC, it’s often the preferred response. The verification mechanism doesn’t add additional burdens for the payments and fraud prevention teams. Customers are accustomed to the process, and when 3DS is used, liability for any resulting loss shifts away from the merchant.
What’s often misunderstood about 3DS is that it shouldn’t be used as a blanket solution for all transaction risks. Different banks have different approaches to 3DS, and a merchant’s use of 3DS should vary accordingly. If you don’t have the in-house resources to analyse which banks require which approach, talk to a company that uses models to tailor your transactions to fit the optimal conversion strategy.
In addition, users have different preferences that should be taken into account. Some users prefer the no-friction experience offered when not using 3DS, and good users should indeed be offered that no-3DS flow rather than using a blanket approach.
Also, ensure you do the heavy lifting of fraud prevention and detection pre-authorisation, not post. What this does is not only provide the bank the best visibility into transactions sent to 3DS, it also filters out fraud as banks are more likely to approve merchants with “cleaner” traffic. You want to give the bank the best chance to say “yes” to your good customers — and your fraud prevention service knows far more about the transaction than the bank does. You can package that knowledge as part of your 3DS payloads so the bank knows when they can confidently approve.
What Can Online Gaming Ecosystem Companies Do?
Focus on the good gamers. They deserve the best, most seamless experience — and you can give it to them.
Use everything you know: You have a wealth of information available even without shipping addresses, so make sure you or your fraud prevention provider is taking advantage of it. Device information, browser data, behavioural analytics, and more are all vital in helping you sort good from bad. Moreover, ensure your system knows that the signs that are suspicious in other industries, such as high velocity, are often typical and even positive signals in online gaming.
Draw on gamers’ whole online presence: If you can’t tell whether this gamer is good or bad, link them to other online transactions and activities. Either via your own internal data, if that’s extensive, or via your payments and fraud partners, who should be able to give you recommendations based on their more comprehensive picture.
Automate decisions as much as possible: This improves the gamers’ real-time experience and means your fraud team is freed up to focus on more strategic and analytical issues. You can do this without sacrificing approval rates — in fact, Forter has found that when our APAC merchants switch to automated approvals, their declines are reduced by up to 70%.
Take payment methods into consideration: When using payment methods such as Apple Pay and Google Wallet, merchants have to pay the company (Apple or Google) when publishing games. This can also be crucial to improve anti-fraud results.
Leverage partnerships: No one can do this alone; that’s how low approval rates happen. Ensure you’re operating as part of a consortium that spans the payments environment.
Online gaming is a high-risk ecosystem, and that’s not something that your company can change. But you can alter your approach to dealing with that reality — and in doing so, improve your approval rates, your customer experience, and your bottom line.