Millions of consumers around the globe are turning to online games during the COVID-19 pandemic, and cybercriminals are springing into action with schemes to target them. Recent data shows that thwarted attempts to get one security solution’s users to visit malicious, video game-themed websites rose 54 percent from January to April. The research also noted a 40 percent increase compared to February in the number of blocked attempts to guide users to phishing websites for one of the most-visited gaming platforms.
Online gambling compliance experts are also predicting that cybercrime will sharply rise in the coming months. A recent survey revealed that 93 percent of United Kingdom gaming compliance managers anticipate growing numbers of chargebacks and fraud as the pandemic prods consumers to access online services. Eighty-eight percent of surveyed managers expect the health crisis to increase the threat of financial fraud in regulated industries, including online gambling.
The following Deep Dive examines how fraudsters’ schemes target gamers as well as how data breaches enable bad actors to commit account takeover (ATO) fraud. It also examines how using biometric identification to build secure gaming platforms can deter malicious acts.
Why Online Gaming Appeals To Fraudsters
Gaming platforms were facing increasing instances of fraud before the pandemic began. A recent report showed that schemes against such platforms rose 30 percent in Q1 2020 over the previous quarter. Attacks launched via newly registered accounts drove most of the uptick, having increased more than 70 percent. The data concluded that fraudsters were initiating attacks of varying complexity to steal payment information, take over accounts and even pilfer and sell video game assets.
The unprecedented rise in online gaming during the COVID-19 crisis is creating an ideal climate for fraudsters looking to launch scams. Telecommunications giant Verizon found that consumers’ time spent playing video games in a single day rose 102 percent during the week ending April 2 compared with a usual day, for example, and online video game platform Steam reported 24.5 million members using the service on April 4. Online gambling is also picking up, with the market predicted to be worth $102.9 billion in the U.S. by 2025 and to experience an 11.5 percent compound annual growth rate (CAGR) globally from 2020 to 2027.
Cybercriminals are eager to capitalize on the virtual gaming industry’s increasing popularity, using tactics that include creating phony versions of popular online games that compromise users’ smartphones or computers once downloaded. Other bad actors rely on phishing, in which potential victims receive links that direct them to fake login pages and ask them to input their account details. Some schemes can jeopardize gamers’ digital wallets, allowing fraudsters to access virtual credit or real currency.
Another technique targeting popular gaming apps is device flashing, which occurs when cybercriminals change device identifiers to avoid making others suspicious of multiple accounts operating on the same system. The criminals can then broker the sale of personal information, engage in mobile ad fraud and take part in other illicit activities without raising alarms.
Fraudsters are finding increasingly sophisticated ways to commit crimes as the gaming industry becomes larger and more complex. Video game developer and distribution firm Valve Corp. said in October 2019 that it was halting the sale and trade of “container keys,” which could be purchased or bartered on the company’s Steam platform and used to snag in-game items and rewards for its Counter-Strike: Global Offensive game. Valve announced last fall that almost all key trading was “believed to be fraud-sourced.”
ATOs and other forms of fraud are also afflicting the online gambling industry. Scammers use phony friend requests or fake links to steal users’ personal and payment details, then sell them on the dark web or use them for their own nefarious deeds. Even schemes that do not directly imperil users’ data can have negative consequences for platforms, such as distributed denial-of-service (DDoS) attacks, which lead to rapid increases in site traffic that can stall players’ load times and make them lose interest or turn to competing services. Gaming platforms looking to cater to the influx of new customers during the pandemic must, therefore, rely on identification solutions that can verify legitimate users and lock out fraudsters.
Fighting Back Against Gaming Fraud
Biometric identification is one form of authentication that can deter fraudsters from stealing sensitive personal and financial information, and many companies are looking to adopt such security approaches. The technology uses individuals’ unique biometric credentials, such as their fingerprints or facial scans, to verify their identities before allowing them to log on to platforms. The inherence of such data makes it much more challenging for fraudsters to break into systems that employ these measures.
Gaming and gambling websites can also use biometric tools to verify potential players’ ages during onboarding, and the sector has been evaluating how best to leverage the technology to do so. These methods could be especially useful for online age-verification processes, as biometric measures are highly accurate and difficult to fake.
Online gaming and gambling services are growing more popular as consumers look for safe, remote entertainment experiences during the COVID-19 pandemic. Fraudsters have noticed this shift and are targeting these platforms, but operators can turn to advanced verification solutions such as biometrics to more seamlessly distinguish between legitimate users and bad actors looking to game the system.