Within the last few years, the free-to-play (F2P) game model has become the standard for mobile and global games. F2P gives players the opportunity to experience games without paying upfront. Unfortunately, the wide reach of F2P games gives fraudsters a wide net of targets to exploit. Learn how fraudsters abuse F2P games and how you can prevent it.

What is F2P?

The F2P model allows users to play a game without requiring an up-front purchase. This model allows users to get a taste of the game’s content, such as starting a level or getting a free character, and then presents the option of buying power or content. F2P has been leveraged by multiplayer games, such as League of Legends, to mobile games, like Candy Crush. While the free nature of these games is ideal for attracting new players, it is also an easy way for fraudsters to extend their reach.

How Fraudsters Abuse Gamers

F2P fraud occurs when unsuspecting gamers give their personal information away or their accounts are taken over. Oftentimes players assume everything that goes on within the game is secure, even if it’s happening between users. Because free-to-play games have fewer barriers to entry they can attract people who don’t have experience with games. This expansion of gaming means that users may not be security literate or aware of how fraudsters use games.

Gamers looking to gain an edge in their game may click on a chat message about ways to get new items or a deal on in-game upgrades. This chat message will link gamers to forms that ask for their personal information. With personal information in hand, fraudsters can attempt to reset passwords to sell the account or buy new items that they can resell.

Alternatively third-party marketplaces for items and services can be leveraged by gamers looking to buy their way to the top. Users who are looking to interact with these black markets, may circumvent game security by giving up account credentials to a third-party. Once account credentials are compromised fraudsters can abuse the account and start using it as a tool for fraudulent schemes.

Combatting Gaming Fraudsters

Every organization needs tools to plan for account takeovers and find ways to stop fraudulent charges. Here are a few tactics that you can use to prevent fraud in your F2P games:

  • Add Security Features: Asking users to verify their identities when logging in on a new device is bare minimum protection. Requiring two-step authentication or security questions provides a higher level of security. To stop fraudsters Valve requires users to use two-step authentication to access item trading.
  • Monitor Chat and Third Party Links: Fraudsters push phishing schemes through chat messages, comments on articles, and in forum posts. Detecting outgoing links and warning users of phishing schemes is a low cost way of preventing fraud.
  • Leverage Risk Assessment: Once an account is compromised, a fraudster can process a lot of transactions and attempt to sell either the account on third party sites. Risk Assessment solutions can give you a clearer idea if accounts have been taken over and allow organizations to stop fraudulent transactions.

The F2P model of games is here to stay and fraudsters are taking advantage of it. Through education and the right fraud prevention tools you can protect your users and stop the fraudsters.

The swiss cheese model of fraud prevention is a risk management model to help stop all fraud instances.