October 20, 2017
October 16, 2017
Posted October 4, 2016
Due to its rapid growth in popularity, fraudsters and cybercriminals are targeting the online gaming and gambling sector with increasing aggression. Analysis of transaction data and attack vectors from the ThreatMetrix Digital Identity Network for this industry has revealed key trends affecting this sector, which we are discussing at this week’s Securing Online Gaming event in London.
Attack of the Machines
Gaming companies are under increasing attack from fraudsters using automated bots and scripts to test the validity of credentials acquired from the dark web. Each time a network is breached; for example the huge attack on Yahoo, which leaked 500 million records, the web is flooded with stolen identity data. Fraudsters looking to utilise this stolen data are running massive identity testing sessions through automated attacks, which overwhelm system and network resources.
ThreatMetrix is seeing huge spikes in the number of these automated attacks hitting the gaming sector. At key attack peaks, over 60% of daily gaming traffic is coming from bots or scripts. For online providers the challenge becomes detecting the good customers from the mass of bad transactions – rather than the other way round.
41% of gaming transactions seen by ThreatMetrix are now coming from mobile, and this is rising as consumers move to the convenience of a mobile app, particularly for real-time / in-game betting. There are lower attack rates on mobile transactions versus desktop – meaning this can provide a more secure environment. However, online gaming is seeing much higher levels of mobile transactions that are rejected as fraudulent, compared with other industries. Mobile gaming and gambling is increasingly being targeted. Providers must ensure that they have anti-fraud measures in place that can successfully protect transactions across all platforms, and that can track the same users as they switch seamlessly between connected devices.
Cross-Border Online Gaming and Betting
Online gaming companies enjoy a very international customer base due to the nature of their offering. While there are some local operators, for many companies the cross-border volume can be as high as 50% – which is dramatically higher than the all-industry global average of 16% (Q2 2016). Despite the prevalence of cross-border transactions in this segment, they are still considered riskier, with the number of transactions rejected as fraudulent being 75% higher for cross-border traffic versus domestic in the ThreatMetrix Network.
There are differences in attack methods between cross-border and domestic, with device spoofing being the primary attack vector for domestic transactions, whereas identity spoofing is the number one vector for cross-border. Cross-border transactions also see elevated IP spoofing attacks compared to domestic.
Online gaming and gambling companies who are keen to reap the profits of an international customer base, must deploy context-based fraud management solutions that take the full context of the transaction into account, including geo-location and differing attack vectors. This way they can secure against cross-border attacks, whilst avoiding elevated rejection rates that unnecessarily turn away good overseas customers.
As gamblers increasingly leverage the ease, flexibility and real-time connectivity of online gaming on connected devices, the onus is on organisations to maintain the integrity of their gaming platform and reduce the risk of fraudulent transactions. This relies on effective and real-time detection of potential problem gamblers and fraudsters as they transact.