March 15, 2019
World of Hurt: The High Stakes Game of Location Spoofing
Posted September 25, 2018
Dear Internet: Is it true that the $100 million prize money for Epic Games’ “Fortnite: Battle Royale” is tempting players from around the world to spoof their locations to increase their chance of winning?
Asking for a friend.
Just kidding, of course. But if data captured in the new Q2 2018 Gaming & Gambling Report from ThreatMetrix is any indication, it’s no laughing matter.
As it turns out, deception of all kinds is becoming a major problem for an industry expected to be worth $1 trillion by 2022, as criminals get ever more adept at taking over customer accounts in order to drain them of funds, loyalty points, power-ups or virtual currencies. But now, there’s a new dynamic at play.
The report captures data on 91 million gaming and gambling transactions within the ThreatMetrix Digital Identity Network from April through June, and can be seen as a reliable barometer of global cybercrime patterns. The report finds that identity spoofing is the most prevalent attack vector, a trend fueled by the volume of stolen data available to cybercriminals in the wake of major security breaches. Identity spoofing is quickly being joined by another key attack vector hitting the industry: location spoofing.
Not just for the reasons you may think, however—and that could be the wild card in operators’ game plans.
Fraud for the Fun of it
Real time detection of high-risk or fraudulent behavior and identity spoofing has become increasingly complex in gaming and gambling.
From dealing with collusive play and self-excluders, to detecting fraudsters using stolen payment information or hacking into existing accounts, operators require insight into the true digital identity of users to verify trusted customers.
As if all the stolen login credentials and identity spoofing weren’t enough, in the second quarter, location spoofing became the fastest growing attack vector in the space—increasing 257% year-on-year. Thanks to the availability of a number of more sophisticated location spoofing tools, this particular attack modality has grown in prevalence as fraudsters attempt to disguise their true location to launder money.
This is no small issue for a sector that enjoys a truly global customer base, with more than 2 billion gamers worldwide. Today, 58% of the industry’s traffic is cross-border. What’s more, operators are working within a rapidly evolving regulatory landscape—including stringent new anti-money laundering laws—making the verification of the true location of a transacting gamer a vital component in authenticating identity.
The problem: These days, the “fraudsters” aren’t always lone wolves or far-flung cybercrime networks, and they aren’t always out to steal or launder money. Instead, many are just regular people who want to pay good money for the chance to play. And doing so means they’ve got to get past increasingly rigid regional restrictions. Case in point: China.
Betting Against the House
In China, government scrutiny of the industry has led to Tencent—the world’s largest online gaming company—to announce it is shutting down its popular “Texas Everyday Hold ’em” poker game effective September 25.
Played within the company’s WeChat messaging app by a sizable chunk of its 1 billion users, the demise of “Hold ’em” is just the latest setback in the tough hand Tencent has been dealt this year.
According to CNNtech, Tencent has seen its stock plunge 35% since January, wiping out roughly $200 billion in market value, because of growing concerns over the state of gaming and gambling in its home market.
As it happens, Chinese authorities are cracking down on numerous different gaming formats, and Tencent just keeps getting caught in their crosshairs.
Thanks to the country’s “anti-addiction drive,” Tencent launched a new registration system for its game “Honor of Kings,” which now requires real names for authentication through the country’s public security database.
This past summer, China also announced plans to limit the number of new online and mobile games, and actively restrict the amount of time kids spend playing on electronic devices.
Gambling on Deception
China is not alone in its regulatory fervor. The same can be said for any number of countries around the world—especially those facing real issues with problem gamblers.
In Australia, for instance, 1 in 12 citizens gamble online, and the country suffers the highest gambling losses per capita in the world. Here and elsewhere, gambling operators must be vigilant against addicts and self-excluders who can also leverage stolen identity credentials and spoofed locations to gain access to games.
All of which means a growing number of players around the world may turn to VPNs and IP spoofing to mask their true locations in order to participate in gaming and gambling on the world stage.
Whether an operator’s business plans call for it to observe a nation’s restrictions, or to allow players to circumvent them, digital identity-based user verification and authentication solutions become all the more important.
Players on the Move
There is, of course, one other important consideration in all of this. The mobile channel now accounts for 71% of all gaming and gambling transactions, growing 45% year-on-year. That makes global travel another location-based challenge operators must navigate.
Put it all together, and it sort of makes “Fortnite” seem like child’s play.
To learn more, download a copy of the Q2 2018 Gaming & Gambling Report from ThreatMetrix.