There's never been a more exciting time to be in the gaming space. Retailers, publishers and platforms alike are seeing activity and sales booming as more and more people play — it's estimated there are up to three billion active gamers worldwide.
And the momentum is increasing. The industry is predicted to grow almost 30% between 2020 and 2023. The console segment alone will grow nearly 20% by 2022, spurred on by the launch of the next-generation systems.
However, when revenue rises, fraud often also increases. And fraudsters are increasingly seeing the potential to target gamers, using a variety of scams to illicitly profit from the growth of the industry.
More than ever, gaming companies need to adapt their strategy to walking the tightrope between fighting fraud and optimizing payments acceptance.
How fraud is hitting the gaming world
Fraudsters aren't discriminatory in who they target so long as there's profit to be made. With its popularity, the gaming space has historically been very exposed to fraud. Here are some common types of fraud witnessed:
- Friendly fraud: so-called 'friendly' fraud — also known as family fraud, or first-party fraud — occurs when a customer disputes a legitimate transaction due to confusion or because they know they can simply claim fraud to avoid paying. Their reason for doing so might be a family member making a purchase without them knowing, descriptor confusion or simply regretting a purchase made in the heat of the moment.
- Card testing attacks: also called ‘carding’, is when fraudsters rapidly test a large number of cards with low-value digital goods purchases to see which cards can be sold and/or used for typically higher-value purchases. Gaming merchants are often targeted by ‘card testers’ due to the lower average ticket size of purchases.
- Phishing attempts: phishing is a fraudulent activity of attempting to obtain sensitive information such as passwords or credit card numbers by setting traps. In-game phishing is common and mass multiplayer online (MMO) gamers are often targeted.
- Real money trading: real money trading (RMT) is the exchange of real money for virtual, in-game goods and services. RMT is a mechanism often used by fraudsters to take the real money from unsuspecting players and then never deliver the goods or services.
- Account takeovers: account takeover attacks occur when a cybercriminal obtains personal information — usernames, passwords, email addresses — with the intention of illegally logging into the victim’s account. For example, players of games like EVE Online are often targeted due to the high-value digital assets they accumulate.
How fraud prevention can impact revenue
To protect their business from fraud, gaming companies need to authenticate players, especially when they go through the payment process. This is to make sure that they are who they say they are and that they’re the real owner of the card being used.
Not taking enough fraud prevention measures can directly impact the bottom line. There’s the potential financial loss from the fraudulent activity, but also the longer-term reputational damage. The schemes, such as Visa and Mastercard, will impose fines and other compliance-related restrictions if a merchant’s fraud and/or chargeback ratios go above a certain threshold. Sometimes merchants will have to move to processors that work with high-risk merchants and charge higher fees, which adds to the cost of card acceptance. In a worst-case scenario, high levels of fraud could result in loss of card acceptance.
Merchants must demonstrate to issuers and others in the payment ecosystem that they know their customers and that they’re competent at flagging and stopping payment fraud. Gaming companies who develop a reputation for high fraud and chargeback rates may find issuers are less willing to approve their authorization requests and see more ‘soft declines’, effectively requesting more information before taking an authorization decision.
Protecting your business from fraud is a difficult balancing act: ‘over-protecting' your business can indeed impact your revenue.
False declines cost online merchants in the US, UK, Germany, and France a staggering $20.3 billion at the checkout each year. And our research finds that a large proportion – $12.7 billion to be precise – goes directly to their competitors.
False declines are legitimate credit card transactions that get incorrectly declined by the merchant because they appear suspicious. False declines are a consequence of card-not-present fraud and the overzealous – yet vital – automated fraud detection tools that are designed to mitigate it – sometimes shutting down valid transactions as well as fraudulent ones.
The cost of false declines can be severe, resulting in lost revenue — not only from the initial declined sale but the repercussions that can have — the incident may result in a loss of trust, forcing the gamer to take their future business elsewhere. The subsequent damage to the brand reputation may prove irrevocable, resulting in sustained financial loss for the gaming company.
These numbers also don’t consider the time, cost, and marketing effort spent to get the player onto the platform ready to spend money. Nor do they consider the cost of lost sales or the possible harmful long-term impact on the brand. Declining the payment of a legitimate customer is one of the most expensive mistakes that can be made.
Revenue protection and customer experience are the priority
Gaming merchants must ensure their efforts to guard against fraudsters don’t detrimentally impact honest players. Suspicious behaviors don’t necessarily equal fraud. Trust is key. Those involved in the payment chain — issuers, processors, gateways, acquirers — as well as gamers need to trust your business and brand. Transparency and data are key to building this trust.
Some of the practical steps companies can take include benchmarking authorization rates and fraud ratios. This allows you to put your performance in context. How do these KPIs compare with industry peers? Are you at risk of triggering card scheme compliance thresholds? Lean on your gaming payment processing solution to provide support with data. But also, with insights into what those with solid performance are doing that you’re not.
Being clear about your risk appetite allows you to make decisions consistent with your core business objectives. Some businesses set very low fraud-to-sales rate targets. They challenge the majority of transactions with various authentication methods, choosing to lose some customers due to increased payment friction. Others aim to make the payment flow as frictionless as possible. They identify fraudulent transactions behind the scenes via methods other than authentication, contending with a certain amount of fraud.
With gaming set to continue on an upward trend, the increase in fraud can be seen as an endogenous and predictable phenomenon. There is a balance to be found between fraud prevention and payment optimization, and merchants agree that customer experience and revenue protection are the priority.