Skip to main content

What does that high score cost you? Why one in five gamers falls victim to fraud

Fortnite vbucks scam warning fraud
Image used with permission by copyright holder

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

The threats in games are many, whether it’s a world-ending boss monster or an army of the undead. But there are real-world dangers we face when playing games too. Thanks to the way subscription models and microtransactions dominate the way games are purchased these days, hackers, cheaters, and trolls have more tools than ever to take advantage of gamers.

Financial fraud has become an issue in gaming like never before, and it’s having a lasting impact on how games are being made and played.

Everyone knows a victim

A new study from payment solutions company ACI Worldwide and gaming research firm, Newzoo, discovered that as many as one in five gamers have been a victim of payment fraud in popular games. One in three gamers go out of their way to avoid paying for anything in games, simply because they are concerned about the risk involved.

That’s a disturbing number of people who have been affected by the financial fraud that modern day gaming makes possible.

Andy McDonald
Andy McDonald, Vice President of Merchant Payments at ACI Worldwide Image used with permission by copyright holder

“With the rise of micro-transactions and consumers demanding a seamless gaming experience, game publishers increasingly want to store payment information to ensure the next purchase is just one click/tap away,” Andy McDonald, Vice President of Merchant Payments at ACI Worldwide told Digital Trends. “A gaming company that has payment credentials on file makes an attractive target for hackers – and data breaches are one concern.”

As McDonald notes, the accessibility of digital wallets and the tokenization of card data has made protection against breaches a bit easier. But there’s a larger problem that game companies have far fewer tools to combat it with.

“The bigger danger comes from the growing number of scams and ‘phishing’ attempts that are aimed at luring gamers into parting with sensitive data and payment credentials,” said McDonald.

“When a player goes to make a deposit on a gaming site, Paysafe ensures that the payment is secure … “

As with email, there is an enormous audience of potential victims to target in gaming. The Newzoo and ACI study discovered that of the 2,000 gamers polled, some 50 percent of console and PC gamers spend money on in-game purchases. That number increased to 75 percent of mobile players. Although there is a sizable portion of gamers who are concerned enough about fraud to prevent them from investing heavily in games, or at all, fraudsters are finding enough of a market for their scams that it’s proving profitable.

That near 20-percent victim rate suggests that the problem has become pervasive within the industry.

Bring in the professionals

To try and combat financial fraud in gaming, developers are turning to professional organizations to protect their games and gamers.

Paysafecash brings cash online!

“Making fraud prevention a priority […] typically means working with a third-party vendor that provides comprehensive enterprise fraud detection and prevention,” McDonald explained. “Real-time, multi-tiered solutions are becoming the norm, and dedicated risk analysts can help gaming companies to constantly tweak their fraud strategy as new threats emerge.”

Some security companies, such as Paysafe, want to remove the direct financial link between gamers’ credentials and the games. Its Paysafecard, which acts like a prepaid debit card, has been accepted as a payment option on Steam since 2010, and can today be used to pay for content in games like Final Fantasy XIV, League of Legends, or in Wargaming.net titles like World of Warships.

Just as popular games can create a potential for fraud, popular payment providers can also become fodder for fraudsters.

“When a player goes to make a deposit on a gaming site, Paysafe ensures that the payment is secure using its many risk and fraud prevention tools including velocity, geo-location and computer fingerprinting among others,” Paysafe EVP of business development, Neil Erlick told Digital Trends. “Paysafe indemnifies the merchant, so that there are no associated chargebacks and conducts your customer (KYC) checks to confirm the player’s identity.”

A unified, singular payment provider across multiple titles makes it easier for gamers to trust the financial service to safeguard their information too. The ACI and Newzoo study found that trust was the biggest consideration gamers had in whether they put money into a game or not. While enjoyment of the game might encourage their interest in doing so, most gamers would only follow through with that if they trusted the company behind it.

McDonald championed the idea of collaboration and unification of payment models between providers, suggesting such a “consortium approach” could help better identify potential fraud by profiling gamers and the types of payments they make.

Paysafe Card can be used to pay for virtual goods in games like Final Fantasy XIV and League of Legends. Image used with permission by copyright holder

But just as popular games can create a potential for fraud within those expansive player bases, popular payment providers can themselves become fodder for fraudsters.

Scamming doesn’t change

A quick search for anything much related to Paysafecards quickly turfs up a number of tutorials and guides on how to “hack” them or artificially increase the balance on them without paying. If such flaws in the card system existed, they would effectively invalidate it as a legitimate way to pay for anything, whether in games or not.

As Erlick highlights, there’s nothing legitimate about them.

Neil Erlick, Executive Vice President of Business Development at Paysafe Image used with permission by copyright holder

“Software or websites claiming to be able to hack Paysafecard PINs, or to be able to increase the balance on Paysafecard PINs with downloadable software, are always scams,” he said. “Criminals use such methods in an attempt to access the balance of Paysafecard PINs. For this reason, we make it very clear on our website, and through other communications, that customers should never enter Paysafecard PINs into such software or on such websites.”

Despite these claims, videos that purport to make such hacks possible have tens of thousands of views, suggesting that a good number of gamers may have put themselves at risk of financial fraud. ACI’s McDonald highlighted too, that phony giveaways have become a major way for fraudsters to target gamers.

“Gamers have all come across ‘giveaways’ – whether it’s gems, coins, bucks or a free copy of the latest DLC,” he said. “All you need to do is ‘download the app’ or ‘sign-up’ through entering personal details. But if it seems too good to be true, it’s probably a fraud.”

Protecting yourself

As with the return of spam, there is some heart to be taken in the fact that scams and phishing are such prevalent methods of financial fraud in gaming: It allows gamers themselves to fight back against it, as long as they’re aware.

For both Erlick and McDonald, the best first step gamers can take in protecting themselves from financial fraud is sticking to established marketplaces. Reputable companies with longstanding reputations are unlikely to provide ready access to scammers and fraudsters.

two-step verification ps4 playstation 2fa
Image used with permission by copyright holder

Reducing the number of platforms where financial details are stored can also make it far harder for nefarious groups to get hold of your details.

Even age old advice like strong, unique passwords can play a major role too. Changing them regularly prevents repeated instances of fraud and two-factor or biometric authentication makes it harder still.

While microtransactions themselves might feel like interruptions to the gaming experience, there’s nothing more jarring to an realizing you’ve been had. Taking steps to avoid that, while tiresome, are well worth it.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more