Online Gaming Frauds – Part1″
“On-line Gaming Frauds – PART-1”
Published ©2010-2013 Dr. Mark D .Lurie/RSI (all rights reserved)
Published ©2014 Dr. Mark D. Lurie/RSI (all rights reserved)
Another area or serious frauds that businesses and consumers alike fall prey to, is internet on-line gaming fraud (e.g. Massive (or Massively) Multi-Player Online Role Playing Games, commonly referred to as “MMORPG”). This is mistakenly thought of as “on-line gambling” frauds, but actually is totally un-related and in its own classification.
It involves tens of millions of subscribers and hundreds-upon-hundreds of internet gaming operators. It is a multi-billion dollar operation globally, from the United States to Asia. On-line gaming is comprised of virtual worlds and environments which include, fantasy, accurate historical scenarios, science fiction, fantasy, dungeons-and-dragons related venues, flying games, naval games, first-person-shooters and so-on that allow interaction between players on a “real-time” basis.
From individual players or small groups of six players questing through dungeons, or flying in combat, to thousands engaged in epic battles and events, on-line gaming is a massive global enterprise.
By some standards it is considered an addiction and in some countries individuals will commit more that 25% of their monthly income to indulge playing them. There have been individuals who have even died from “overplaying them” non-stop. On the other hand they can be extremely enjoyable, a blast to play with other people and a place where you can develop virtual-to-real-live friends.
The Personal Computer (PC) is usually the choice of game platform to interface with on-line gaming operators (based upon ACN Statistical Analysis Report of 2013 and the NSIA Internet Gaming Users Report of 2012/2013); however other platforms have also adapted to on-line gaming such as Microsoft’s X-Box, Sony’s PlayStation, etc.
There are presently two (2) classifications of regular on-line gaming operations with several hybrids:
Free-to-Play (F2P) – F2P allows individuals to sign up and play their choice of game. However, there are many, many items that are available through an on-line store (e.g. on-line boutique, cash shop, cash store, item store, etc.) that can be bought with a special type of virtual currency (e.g. script name of that the game adapted) that has to be bought with “real” currency (e.g. United Stated Dollars (USD), British Pounds, Francs, Yen, etc.).
The purpose of these items purchased in the game shops allows a more enjoyable game play, an edge in being able to level (advance) faster, fight stronger, live longer and even to personalize their own character(s) (sometimes called “avatars or alter-egos”) with applicable clothing and personal effects.
Since there is no subscription fee to play, the game operator is totally dependent upon sales generated from the on-line store. This requires them to use the most favored method of financial transactions, that being credit cards, game cards (bought at many retail stores and outlets) and gift cards (also acquired at retail stores, outlets and even markets).
Game operators do utilize other methods from wire transfer, checks, money orders, PayPal®, pre-paid cards and the like, but credit card purchases (e.g. Visa®, MasterCard®, etc.) make up the bulk of the revenue generators.
Such F2P games would include examples such as Perfect World and Perfect World International, KAL, Last Chaos, Maple Story, and hundreds of others.
Pay-to-Play (P2P) – P2P requires that players pay a ”subscription” fee that has typical ranges from $4.95USD to $14.95USD per month (or more). Subscriptions, in many cases, can be paid on a monthly, quarterly, semi-annual and annual basis, sometimes with discounts offered for longer subscriptions purchases at the time of purchase.
In the past, there is no virtual store or boutique where players could buy items to enhance their characters in game; however many of the P2P operations have been taken advantage of the opportunities and financial gains by adding limited “virtual” items that could be bought in a virtual store that would usually not give any advantages and be for cosmetic purposes for players characters.
That has substantially changed in the past four (4) years. P2P gaming sites have added virtual currency and items into on-line stores which now go further than just cosmetic purposes and is a precursor for a fully-stocked on-line store whereupon the P2P game changes over to Free-to-Play. This has now become the most common practice since the profitability of the on-line store is been proven with its introduction as a real revenue generator.
Regardless of whether or not P2P game operators utilize the virtual store concept or not, all subscriptions are paid via credit card or by other methods from wire transfer, checks, money orders, pre-paid cards and the like. Credit card subscriptions were the primary methods of revenue acquisition.
Examples of such P2P games (present and past) would be Everquest™ and Everquest II™, World of Warcraft™, Vanguard™, Tera™, Star Wars Knights of the Old Republic™, Diablo III™, EVE Online™, Final Fantasy XIV™, Defiance™, etc. However, many of these games have gone F2P and yes, of these have gone F2P and have incorporated very sophisticated on-line game shops.
One has to remember that regardless of the initial game being P2P or F2P, the entire argument of charges is to justify the initial/ongoing cost(s) of producing the game (which runs into the millions of real dollars); the maintaining of the game (e.g. repairing glitches, exploits, broken links within the game, hacks, etc.); and the development and maintaining of “new” game content (including, but not limited to add-ons to add new playable content, expand the playability of the game, new quests, literally expanding the game play to keep the players interested and the like).
This is an obvious requirement since the game has to be paid for which requires hiring and maintaining many staffing members, from developers and programmers, to graphic animated artists and voice-over contracts.
The staffing requirements of game making is like the number of people you see in the credits at the end of a movie, just different in the sense of the nature of the media and the fact of playability versus viewing an on-screen movie.
Most gaming people do not view the credits of the game itself, but they are there and there are hundreds of people that are responsible for the creation and production of most on-line games.
They don’t work for free and they require salaries. They also may (hopefully) receive a small royalty for each and every game sold (or membership bought), but when it comes to on-line game stores, the rules change dramatically.
Both F2P and P2P operations have a common denominator that being the primary use of customer credit cards for the purposes of payment, whether it be for an on-going subscription fee or for virtual cash purchases used to buy in-game items.
The degree of credit card fraud is astronomical and in many cases exceeds 35%+. The sadder fact is on-line gaming operators treat this percentage as “acceptable operating losses” especially that of F2P game operations. From their position, the amount of monies realized is large enough to make such a loss “acceptable.”
In the case of P2P games operations, they have the ability to block or terminate accounts until a legitimate payment is received, which gives a bit of an advantage over F2P operations. However, there are other areas of fraud that can be found in both F2P and P2P environments. These include, but are not limited to:
• Hacking of the operators’ on-line game program, using means such as, but not limited to; reverse-engineering, embedded modules, modifications of existing code and the like.
• Exploits (weaknesses in the existing game program) allowing players that are aware of such weaknesses to take advantage of them. This could include, but not be limited to; unreasonable drops / multiple drops of extremely expensive items or equipment that could be sold in the on-line economy causing on-line game economy instability, activities that could cause a portion or the entire on-line game to crash, and exploits allowing individuals to hack into other character accounts.
• Individuals hacking into existing accounts not belonging to them for the purposes of stealing items and currency to be sold on-line for virtual money, or even real currency.
• Gold / currency farming, which is sold by outside individuals / companies who literally “farm” in the game for the purposes of selling it for a profit for real currency
• Illegal sale of accounts with characters
• Hacking other players accounts by creating counterfeit emails notifying legitimate game players that there is something wrong with their account (e.g. there are dozens of “excuses” given), where they are asked for their user name, password, secret hint word, credit card information, the list goes on an on, and amazingly many actually respond.
It takes minutes to strip an account of its holdings, virtual currency, items, etc., and attempting to recover it is usually futile. Companies are constantly being notified of this happening and just do not have the time and resources to play investigator. They are more interested in global hacks that affect ALL accounts, which has taken place over the past few years. Some of these hacks have even “downed” (e.g. shutdown) all services of some on-line game companies such as Sony.
Another illegal operation are 3rd party individuals and companies that use credit cards for the payment such as “farmed gold” (or whatever virtual currency the game calls it), and are supposed to then deliver the product in-game to a player who made the purchase with REAL currency bought by credit card.
Gold farming operations utilize websites, some of them very sophisticated operations offering a selection of virtual game currencies for different games.
Gold farming is also one of the largest fraudulent operations which can recruit dozens of people who do nothing but play-and-farm gold.
Countries, such as China, Korea, Philippines and Malaysia have some of the largest and most sophisticated gold farming operations; however it is not exclusive to any specific country or region. In some cases, actual (REAL) small town “real” economies, specifically in S.E. Asia, are totally driven by the gold-farming company’s employment of many of the town’s residence individuals.
Moreover, there are companies totally dedicated to farming on-line game currencies which produce REAL revenue in the millions as a result of farming virtual on-line gaming currencies.
One of the things that gold farming does to games is disrupts the actual virtual economy of the game, throwing into chaos, or creating an on-line economy which no longer functions realistically. Sometimes not at all.
There has been much discussion about whether or not this is truly a fraud, but from the perspective of the on-line game operator, as mentioned beforehand, it severely alters the on-line game economy at a minimum. This has a direct effect on F2P games, as well as disrupts economies in P2P on-line game operations as well.
• Selling on-line game equipment that was previously farmed.
Such operations are on a much smaller level than gold farming.
Many of the on-line game items take several weeks, or months to acquire (or are extremely rare), and will bring a hefty price in the virtual market places of on line games.
However, many on-line gaming operations have been able to circumvent this problem by making such items which “drop” attuned only to the player that the drop goes to making it “untradeable and unsellable.” The downside to this is that players that acquire such items cannot sell them in the legal virtual marketplace.
• Power-leveling players’ characters (taking a game character on behalf of the original owner, and leveling the character to a specific level for a negotiated fee).The end result (if successful) is being able to have a high level character without doing the work or spending the required time to level the character up normally.
The power-leveling company requires all the identity information on the character including passwords, codes, address information and the like. This create a “triple fraud potential”
- First, the company is losing revenues by accelerated leveling (e.g. less items bought, less game play committed to).
- Second, the actual owner of the character may have their character never returned after they pay a substantial fee for the power leveling. They may be able to recover it from the credit card company which they used.
- Power-leveling a level 1 character to a specific level is usually not considered a risk for the character’s owner, but if someone had a level 50-60 character, and wanted to max the level of it, the risk is substantial and unrecoverable (except possibly for the original fee paid for the power leveling).
- Third, the credit card companies would be losing revenues by having to honor their stated warranty policies, even though the charge by the customer may have been for an improper or unacceptable charge.
- Credit card companies have “thresholds” which restrict pursuit of fraudulent / questionable charges. It is a matter of costs vs. results.
The typical real currency sales (e.g. United States Dollars, Yen, etc.) in F2P games range from USD 20.00 to USD 50.00 per week. There are also many higher and more frequent purchasing customers, but fraud operations target the lower amount strictly because of the sheer volume of sales.
Credit card companies just won’t pursue such low-volume frauds and prefer to write the off. This known fact creates a very safe environment for the fraudsters.
It is a known fact, that most F2P games incur a 30-37% loss factor in illegal or fraudulent sales from their virtual stores / boutiques. This is an “established acceptable loss ratio” (EALR). It also represents millions upon millions of dollars of REAL CURRENCY siphoned off by a very profitable fraud operation.
• Hacking into the virtual store and stealing items and products which are sold for virtual currency or real currency.
• Hacking into the client database to acquire identity information on account holders for the purposes of identity theft and future frauds.
There have been several known disasters in the on-line gaming industry where client accounts were hacked including credit card information. It resulted in millions of dollars of identity theft cases, pillaged accounts and substantial credit card frauds. In Korea alone, a two day fraud resulted in over a $3,500,000.00USD fraud that took place in less than 24 hours and was untraceable. The last known actual revenue fraud, that took place in 2013, was over $11,400,000.00USD and also was untraceable.
• Hacking into the company operations to attack the revenue flow, usually between the source of collection and the clearing house operation.
In summary, on-line gaming frauds can not only damage customers and the on-line gaming operation, but that of the credit card companies utilized for the purchase of subscriptions of items from virtual shops and boutiques.
The virtual economy of on-line games is a true economic science and operates very similar to a real economy. The key to balancing on-line game economies is very complex and requires constant monitoring and attention.
Chaos of such economies, in some cases, can destroy an on-line game operation within weeks or days.
Disruption of real cash revenue flows is guaranteed at a minimum, and bringing things under control, mitigating damage caused through claims and client-churn (loss of client loyalty and clients leaving) is exceptionally difficult.
Finally on-line gaming operations are an excellent sanctuary for money laundering, which combining all the gaming locations globally, is both exceptionally large and extremely difficult to address / resolve presently.
We are not talking about millions of real revenue that becomes unaccountable for, but billions. Again, the on-line gaming industry, GLOBALLY, deals with BILLIONS of real revenue dollars annually.
Most transactions are so fast-moving and are comprised of such large volumes of transactions; it makes validation of them almost impossible. Add into the equation the international reach of these games (e.g. where subscribers and players can be anywhere as well as “clearing houses” that can be both off-shore as well as very temporary in nature.
Clearing houses (e.g. commonly called credit card clearing houses, or electronic payment clearing houses) have not been under the typical scrutiny as the banking and financial institutions have been over the prior decades; however it is interesting to note that such clearing houses may be subsidiaries or divisions of actual financial and banking institutions.
Keeping them at arm’s length (e.g. segregation of duties which is supposed to be a “good procedure”) has worked very well for them not to receive the same scrutiny as visible financial institutions.
The foreign locations of domestic clearing houses makes them even harder to audit, let alone regulate, and many such facilities that are off-shore are sheltered under numerous shell-corporations and LLCs to where tracing them truly becomes a needle in a haystack.
Clearing houses make their money by performing the electronic transfer function on behalf of their client (e.g. the F2P or P2P company); performing the physical transfer and reconciliation of the funds acquired; deal with challenges (e.g. claims of over-charges, duplicate customer charges, etc.); and all related administrative paperwork (however limited it would be).
In consideration for performing these services, the clearing house receives a “percentage” based upon a tier level of revenues that go through their facility, similar to direct credit card percentages charged by banks for merchant use of credit card systems (e.g. department stores that receive payment for an item or product which is paid by a credit card). These percentages can be as low as a fraction of a percent, all the way up to 10% or more.
During the era of BCCI (1970-1980+), BCCI charged over 40% for electronic charges received from virtually every continent across the globe from businesses which were moving (laundering) millions of dollars a day, which in reality was pure money laundering by drug cartels (and other highly-questionable entities) to foreign governments which were rotating funds through banks that were in “financial partnership” with many shady and questionable entities / individuals. Yes, a very dark world.
Clearing houses were spawned simply due to the massive increase in electronic money transactions and the sophistication of the capabilities of electronic on-line purchases / money transfers.
The end result were millions of transactions, each day, requiring prompt processing which most financial institutions could not handle the volume of.
Keep in mind, many domestic and international banks use legitimate clearing houses (due to the sheer volume of daily transactions that require processing) that can meet all the financial standards and laws required for operation, but the number of “illegal” clearing houses far-out-weighs the legal ones globally.
At the same time, credit card fraud amounts below seventy-five ($75.00USD) are almost NEVER pursued due to the “cost-versus-results” factor (e.g. diminishing returns).
There is also a darker side in that many on-line gaming companies will intentionally launder millions of dollars through credit card transactions, which in fact the clearing houses assist with (and of course taking their “percentage” as well). This is referred to as “Symbiotic Laundering”.
The Federal Trade Commission, along with Homeland Security, OLAF and many global counterparts are highly concerned with the growing amount of money laundering taking place within this industry; however the amounts and tracing of such real funds is exceptionally difficult to follow, let alone identify the point of destination.
The purpose of such laundering can be used by organized crime to terrorism funding. It is just another method of the adaption of money movement and the methodology that fraud can exploit effectively, and more important, “proactively”.
We will continue with the next chapter of On-Line Gaming Fraud with future articles covering many topics including the discussion of actual cases that were traced and we hope you will find most interesting.
Dr. Mark D. Lurie, CEO, Threat & Fraud Assessment
Note: Names of any and all on-line games as well as any and all credit card companies reflected in this Article are Registered Trademarks of Their Respected Companies/Individuals