Today’s sophisticated cybercriminal is, for lack of a better phrase, not your father’s fraudster.  Much like the technology they use to perpetrate online fraud and abuse, fraudsters are constantly evolving, working around the clock to develop new strategies and tactics that undermine even the most advanced fraud defenses.

Once known for their aspirations of gaining international fame and notoriety, online criminals are now focused on something much more tangible – your money.  And lots of it.  Their schemes are much more calculated and look more like money-making online business models than hackers trying to wreck havoc across the Internet.

While Massively Multiplayer Online Gaming (MMO) sites continue to beef up their fraud detection capabilities to combat a wide spectrum of online fraud and abuse that includes credit card chargebacks, stolen virtual assets, gold farming and account takeover, the biggest threat today is fraudsters working together to create fraud rings and share information on how they can defraud MMOs and their legitimate players.

Unfortunately, we’ve reached a point in time when acquiring stolen credit card information over the Internet is as easy as purchasing a Starbuck’s gift card.  With the simple click of a mouse, fraudsters can easily and affordably purchase details on hundreds of stolen credit cards to create new online accounts to commit online fraud and abuse.  And while adding more tools and techniques to an existing fraud fighting arsenal may help reduce fraud and abuse, a online gaming site that doesn’t have the ability to identify fraudsters within their network who are hiding behind multiple identities and accounts, will continue to experience increased levels of fraud and abuse.

Why MMOs Continue to Struggle with Online Fraud

Today, the threshold for new account creation is much too low for online gaming sites to solve the problem of blocking accounts identified with fraud and stopping repeat offenders.  Once a fraudster has been identified and blocked from further transactions, there’s nothing to keep them from simply coming right back on the same computer using different personal or account information to create a brand new account and repeat the same undesired behavior.

Another problem, and perhaps the biggest contributor to why MMOs continue to struggle with online fraud and abuse, is most current risk-scoring systems are primarily based on the financial and personal data supplied by the fraudster.

Successfully combating online fraud and abuse requires information about the source of a transaction.  This data can take the form of financial information, identity information, and device information.  Unfortunately, most online gaming sites still rely almost solely on financial and identity information when doing analysis, leaving out the most important element in organized fraud – the fraudster’s PC. 

A fraud management system that doesn’t include device information not only limiting its ability to fully protect its network from some of the industry’s biggest fraud problems, it creates huge operational inefficiencies and profit leaks that go well beyond simple fraud loss, impacting a Web site’s reputation, potential revenue, and ultimately, business growth. 

The Power of Device Reputation

Using device identification to establish the reputation of a device allows fraud managers to go straight to the source of where the fraud originated.  Wouldn’t it be nice to know that the device used to create a new account has a history of identity theft or gold farming?  Not only can MMOs see if a computer has been previously used to commit chargeback fraud, they can identify other in-game problems like spam distribution and harassment of other legitimate players that were previously invisible to them.  The ability to identify a fraudulent device can pay huge dividends in stopping online fraud and prevent organized fraud rings from victimizing online gaming sites repeatedly.

Furthermore, sharing device information with other gaming sites allows MMOs to become more organized – just like the fraudsters – and allows them to identify computers that been associated with fraudulent or abusive activities either at their site or at a peer’s site.

Any good fraud management process must take advantage of both the information supplied by the customer, as well as the information collected independent of customer interaction.  Adding device reputation into the mix provides that mechanism to round out the best practice fraud management processes.  Having greater insight into the history of devices within a network not only reduces the overall fraud problem, but as online transactions continue to increase, it helps reduce the number of transactions that need to be reviewed, saving valuable time, resources, and associated overhead expenses.

The bottom line is online fraud and abuse management is a process about quickly identifying positive transactions, negative transactions, and flagging others for review.  Including device information into the overall fraud management process augments existing fraud detection techniques by accurately identifying a fraudster’s computer and providing online gaming sites with an additional layer of defense to effectively combat advanced forms of online fraud and abuse.

###

Scott Olson is vice president of marketing for iovation, a fraud management company based in Portland, Oregon.