Latest News
As eSports become more popular, time for the industry to get real about security
Police in Ukraine recently seized 3,800 PlayStation 4 consoles, which currently retail for around 290 each, and found to their surprise that the operation wasn’t mining cryptocurrency as they assumed but was in fact being used to generate content packs for FIFA Ultimate Team, a popular game mode in the FIFA football series.
The raid and its results underline a fact that may escape more traditionally minded members of the gaming community: eSports is a major industry, and like any industry it is susceptible to fraud. The fact that the games themselves take place virtually is irrelevant to fraudsters who can use the familiar toolkit of multi-accounting, bonus abuse and affiliate fraud to earn thousands.
With many sports teams unable to play throughout much of 2020 and 2021, eSports grew massively. League Championship Series (LCS), one of the largest eSports leagues, became the third most viewed professional sports league amongst 18-34 year olds in the U.S and has retained its corporate sponsors at a time when other leagues were shut down. Success stories like these are blunted by how pervasive eSports fraud is,
So, what kinds of fraud are taking place in eSports, what is it costing eSports organizations and what can be done to stop it?
What kinds of fraud are possible in eSports?
eSports attracts very similar types of fraud to regular sports betting, including:
- Bonus Abuse: Like other sports betting companies, eSports companies often give sign-up bonuses such as free bets to new players. By coding automated systems, a fraudster can sign up to hundreds of accounts and use the free bets to win real money. This can cost gaming companies up to 15% of their revenue.
- Multi-accounting: Similarly, a fraudster can use multiple accounts to perform other types of fraud, such as matched betting, ‘smurfing’ or arbitrage of affiliate fraud.
- Affiliate Fraud: Those eSports betting organizations that draw in some of their new players from affiliates are vulnerable to affiliate fraud in which an affiliate creates fake accounts to gain the pay-out.
- Account takeover: Using lists of passwords from data breaches, keyloggers or phishing a fraudster can gain access to a player’s account and drain their funds.
- Chargeback fraud: A player, who may be a legitimate gamer and not a professional fraudster, initiates a chargeback on a transaction. This is common in gaming when gamblers regret a bad bet and claim that their account was hacked.
The costs of eSports fraud
Fraud costs have a way of snowballing, with each $1 lost through fraud actually costing companies $3. The above techniques are hardly equivalent to the major data breaches of major banking and tech companies that cost on average $3.86 million, but the constant barrage of low-level frauds can soon drain your company’s security budget. Aside from the cost of the fraud itself, there are a number of hidden costs such as:
- Chargeback losses: Investigating and disputing chargebacks will take up your risk team’s time, leaving them little time for more valuable activities. More worryingly, a company with a large number of chargebacks is likely to find it difficult securing credit or loans. Visa and Mastercard’s resolution processes are making things even more difficult for merchants, so you are likely to lose even more.
- Affiliate budget waste: You could be paying for useless clicks from bot networks rather than legitimate customers, wasting your marketing budget and reducing overall ROI.
- Reputational damage: Once word of mouth spreads about customers losing the entire bank accounts to account takeovers it will not be long until players start deserting your site.
- Regulatory fines: The regulations around eSports are not as stringent as with other sports betting, but it will not be long before they catch up. With the industry growing it will not be long before countries put regulations in place to protect players, and without stringent security your company could be fined.
The solutions
You will notice that the majority of the types of fraud common in eSports have to do with fake accounts. These are easy for fraudsters to create using the wealth of publicly available data and leaked information, but fortunately artificial intelligence-based tools have been developed that allow companies to spot synthetic identities.
Through device fingerprinting, email profiling and IP analysis a complete picture of a new signup to your site can be created, allowing software to spot the tell-tale signs of a hastily created account. For example, it could find that an email address does not match any social accounts, or that they use VPNs and data centers to conceal their IP address.
Of course, a sophisticated fraudster could create a convincing fake identity, especially with the wealth of information available from data dumps, so modern technology can also spot the use of pre-paid credit cards or even the speed with which information is entered, which could indicate it is being filled in automatically by a script.
By combining data points from a large and ever-growing set a system can determine whether it is likely that any given new account is fraudulent. For the many cases in which it will not be fully clear whether an account is authentic or not adaptive Know Your Customer checks can be used – customers with several red flags will be given full tests to determine their identity whereas other customers will have less obtrusive tests for a smoother site experience.
eSports has gone from a niche concern to an Olympic sport in a few short years, and that success is going to attract fraud, so it is vital for the industry to pre-emptively defend against fraud by adopting the very highest levels of security.
To learn more, visit: https://seon.io/