It’s a great time to be a developer. Nowadays, literally anyone can develop an indie game if they set their mind to it, and no one has to abide by the traditional business model of selling a game for ‘X’ amount of money. Monetized games are one of several new business models indie developers can choose, and using this method, players can purchase in-game currency, items, and the like. It’s an especially great model to use when developers want to include new items into the game’s world as well, as it ensures that as long as the developer continues to support the game, the world can continue to grow to the delight of players around the world.
Yet, monetized games also have a dark side to them. According to the 2013 Online Fraud Report released annually by CyberSource, online merchants lost $3.5 billion to online fraud in 2012 alone. For several years, this number has been around this total as well, meaning online fraud is serious business. And if a wide array of fraudulent activity continues to take place within your indie game? You are at risk for not only losing a ton of money in the process, but driving your players from making any in-game purchases in the process.
So what can you do? First, you need to implement a fraud detection system that will ensure every purchase made within your game is protected. Unfortunately, this type of system can take a while to be implemented correctly, so what can you do in the meantime? It’s simple: take these warning signs of fraudulent activity to heart, investigate further once you see these ‘red flags,’ and do your part to stop the fraudster from taking part in fraudulent activity ever again.
Look at the email address
Does the email address contain three or more numbers? Never mind email address that read something like, ‘firstname.lastname@example.org,’ I’m talking about email address that look something like this: ‘email@example.com.’ What’s so suspicious about email address with so many numbers in the name? Because they are likely disposable email addresses, and because nearly every game that offers in-app purchases requires players to sign up for the game in order to make purchases, fraudsters are going to sign up for throwaway email addresses.
If you think about it, it makes sense: in the event that their activities are caught, a temporary email address will make it more difficult for them to be found versus if they had used their own personal email address. And why should you pay attention to email addresses with a slew of numbers? Because when signing up for a disposable email address, numbers are usually assigned to the email address randomly as it’s the easiest way to ensure nobody ever has the same email address twice.
Should you be suspicious of every purchase that is made with a temporary email address? Possibly, yet that does not mean every purchase made with a temporary email address is going to be fraudulent. In addition, you need to watch for other signs that point to a purchase being fraudulent such as…
Suspicious IP address
If the throwaway email address seemed suspicious, check the IP address belonging to the individual that used the email address to discover if it is a blacklisted IP address. You can check an IP address using a wealth of DNSBL services (the most popular ones can be found here), and if one of the IP addresses shows up as being a blacklisted IP address? You can almost be assured that the individual is taking part in fraudulent activity.
Moreover, compare credit card transactions that are made from an IP address that is different from the country in which the card was issues. For example, if someone is using a credit card issued in the U.S. to make purchases, yet the IP address stems from Jamaica, something suspicious is going on.
Multiple transactions over a short period of time
If you have noticed that multiple transactions of one particular item have been made over a short period of time, this is one of the most apparent ‘red flags’ for fraud that you will ever find. Chances are extremely high that the individual on the other end is purchasing multiple items from stolen credit cards, debit cards, compromised PayPal accounts, and the like, to which they are going to sell the purchased items at a discounted price to others players.
This adds another element to the damage your game can be hit with. Not only is someone making transactions in-game with stolen information, but they are also selling items to other players and are making a profit that you will never see. Thus, you need to do your part to ban someone that is doing this immediately.
Pay attention to the billing information
Fraudsters purchase items quickly, then move onto another alias. However, if you have noticed that someone has multiple zip codes, multiple credit/debit cards, and e-wallet information on their records, then something suspicious is going on and you need to investigate. It is very possible that a fraudster is making a wealth of big purchases in a short period of time from stolen credentials, and if this happens you need to put a stop to it.
What can you do when you notice fraudulent activity?
When you suspect fraudulent activity has taken place, you need to contact the institution associated with the type of payment that is being made. For example, if the potential fraudulent payment is being made via American Express or PayPal, contact the institution, explain the situation to them, and from there the two of you can discover if the information provided during the purchasing of the in-game item matches the information associated with the credit/debit card, e-wallet, etc. If it doesn’t, the institution will likely contact the individual that owns the card/account, and from there they can issue the money back to them.
On your end, you need to ban the IP address associated with the fraudulent activity and deactivate the account belonging to the individual. If possible, deactivate the in-game item (s) that was purchased fraudulently as well. Fraud is a growing concern when it comes to monetized games, but by following a few simple steps while your game is implementing a fraud detection system, you are going to save innocent people a ton of headache and most importantly, their hard-earned money isn’t stolen from them any longer.