Within the last few years, the free-to-play (F2P) game model has become the standard for mobile and global games. F2P gives players the opportunity to experience games without paying upfront.

Unfortunately, the wide reach of F2P games gives fraudsters a wide net of targets to exploit. In this article, I’ll cover how fraudsters abuse F2P games and how you can fight back.

What is F2P?

The F2P model allows users to play a game without requiring an up-front purchase. This model allows users to get a taste of the game’s content, such as starting a level or getting a free character, then presents the option of buying additional items, powers or other types of content.

In the past few years, F2P has been leveraged by multiplayer games, such as Fornite, to mobile games like Candy Crush Saga. While the free nature of these games is ideal for attracting new players, it also presents fraudsters an easy way to extend their reach.

How Fraudsters Abuse Gamers

F2P fraud occurs when unsuspecting gamers give their personal information away or their accounts are taken over. Oftentimes players assume everything that goes on within the game is secure, even if it’s happening between users.

Because free-to-play games have fewer barriers to entry, they can attract people who don’t have experience with games. This expansion of gaming means that users may not be security literate or aware of how fraudsters use games to scam unsuspecting players.

Gamers looking to gain an edge in their game may see and click on a chat message offering ways to get new items or a deal on in-game upgrades. If it seems too good to be true, it usually is. This chat message will link gamers to forms that ask for their personal information. With personal information in hand, fraudsters can attempt to reset passwords to sell the account or buy new items that they can resell.

Alternately, third-party marketplaces for items and services can be leveraged by gamers looking to buy their way to the top. Users who are looking to interact with these black markets may circumvent game security by giving up account credentials to a third-party.

Once account credentials are compromised fraudsters can abuse the account and start using it as a tool for fraudulent schemes.

Taking the Fight to Gaming Fraudsters

Every organization needs tools to plan for account takeovers and find ways to stop fraudulent charges. Here are a few tactics that you can use to prevent fraud in your F2P games:

Beef up your security: Asking users to verify their identities when logging in on a new device is bare minimum protection. Requiring two-step authentication or security questions provides a higher level of security. To stop fraudsters Valve requires users to use two-step authentication to access item trading.

Monitor chat & third party links: Fraudsters push phishing schemes through chat messages, comments on articles, and in forum posts. Detecting outgoing links and warning users of phishing schemes is a low cost way of preventing fraud.

Transaction risk assessment: Once an account is compromised, a fraudster can process a lot of transactions and attempt to sell either the account on third party sites. Transaction risk assessment solutions can give you a clearer idea if accounts have been taken over and allow organizations to stop fraudulent transactions.

The F2P model of games is here to stay and fraudsters will continue to probe for weak points to exploit.

With some education and the right fraud prevention tools you can protect your users and make it ‘Game Over’ for fraudsters.

Follow Emailage on LinkedIn and Twitter (@emailage)

Click here to discover how to get secure, intelligent risk assessment using an email address.