Behavioral biometrics helps spot the bad apples before they spoil the game

November 25, 2015 - 

This is a guest post by Ryan Wilk, vice president of customer success at NuData Security.

The online gaming industry is heating up. According to Statista.com, it brought in more than $41 billion worldwide this year. Technology, both on the desktop and on mobile devices, has been the driving force behind the phenomenal growth. Unfortunately, while it’s easier to play than ever before, the new technology also lets more organized cyber criminals defraud poker sites and their good players. Fraudsters can circumvent traditional detection, so despite the gaming industries best efforts, fraudulent deposits, cheating and collusion, chargebacks and money laundering persist. With most e-commerce sites, there are certain predictable shopping patterns throughout the year that businesses can rely on. This is not the case in the online gaming industry, however, which experiences an inconsistent revenue flow. That makes the industry more susceptible to fraudulent activity.

Online gaming sites are only too aware of their allure to fraudsters, so they have developed incredibly sophisticated data analysis tools that can determine with high accuracy if, for example, a six-player poker hand is being gamed by one person with multiple accounts. But that just looks at one point in the player’s history. Why settle for a snapshot when you can see it all play out from beginning to end?

The snapshot approach of detecting fraud is one method, but there is much more to the fraud-fighting picture. There’s another security layer that can be added to it, one that observes the players before the game starts and even across the lifetime of the player. Building complex models of behavior is the secret weapon about to sweep online security – a real game changer that will show the difference between a flesh-and-blood player and the sock puppet accounts of the scam artists.

Behavior-based security is focused on how players hold their device, how they type and whether they use a mouse or a track pad when playing. It’s these non-identifying but wholly unique behaviors that combined create a player profile that can’t be spoofed.

Fraud is perpetrated in a variety of ways in online gaming. Some cyber criminals use stolen credit cards to set up or fund betting, and in some cases are used by a single player running several accounts in the same game so they can purposefully lose on the stolen card and funnel that money into the scammer’s personal account, which can be cashed out later. A single user running multiple accounts fills a six-player room except for one other player, almost guaranteeing that the fraudster will win. Additionally, multiple accounts may just be used to cash in on new user promotions that match start-up deposits or give bonuses for completing a set number of games.

Fraud is a crime with multiple victims. In addition to the individuals whose credit cards have been stolen, the gaming site loses money as well. So do the good users who find themselves defrauded and won’t stay to play another hand. Customer retention is a huge issue in an industry where what’s offered changes little from site to site. If a site becomes known for fraud, there is not much a company can do but undertake a costly rebrand and relaunch.

Everyone understands that online gaming is a bit of a risky business, requiring a stringent account set-up policy. A first round of registration needs to confirm things like the user’s birthday, and gaming sites typically run checks against personally identifying information, possibly even requiring scanned documents. But with the prevalence of data breaches flooding the market with exactly these kinds of credentials, such checks are of limited use. If personally identifiable information can be faked or stolen, what’s left for companies to use? Behavior.

That’s because fraud detection based on behavioral biometrics goes beyond merely determining which account has a human being on the end, and which are one of an array of puppets. Behavior-based security methods will also tell you if an account has been stolen from its owner or if a new account is being created by a customer with past gaming difficulties. Behavior can even be leveraged to predict a budding gaming addiction by comparing the behavior of past addicts against current users and take necessary steps – stopping chargeback complaints, also known as first fraud, from players who have gone overboard.

As you can see, fraudsters aren’t reserved about stealing money any way they can. In response, online gaming sites need to go after them with gusto. This means a multi-layered approach that not only observes table play but also what’s going on behind the scenes. Behavioral biometrics provide an incredibly effective and unspoofable method for fraud detection. Being able to spot the bad guys at every point along the spectrum protects gaming sites from fraudulent account creation, chargebacks and reputation damage.

DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Leave a Comment

comments

About Ryan Wilk

Ryan Wilk is the vice president of customer success for NuData Security. Previously, he was manager of Trust and Safety at StubHub and spent eight years with Universal Parks & Resorts in various e-commerce roles. NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest ecommerce and Web properties around the globe.