Interview with Wargaming.net on fighting fraud in gaming

Elena Emelyanova, Senior Payments Manager at Wargaming, shares her expertise on fighting fraud in gaming while maintaining a frictionless customer experience

With over 200 million users and multiple development studios all over the world, what insights can you share with us regarding fraud challenges across different regions?

Wargaming is an online game developer and publisher. Our games are free-to-play, and our business model is based on micro transactions. The games are created in such a way that there is no possibility to do in-game fraud as such, because one cannot resell the purchased item – we do not do cash out.

With a global market penetration, we are very acquainted with fraudulent behaviour in different regions and countries. The main source of fraud comes from card payments. Initially we were not realising how significant the difference between fraudsters’ behaviour on different territories may be, however, a couple of years of focused analysis can be summarised into the following challenges in general and in particular per region:

• Once you identify a fraud scheme and find a workaround, another one will come quite soon, so keep an eye out;
• Newly released product will suffer the attack anyway, so just be prepared;
• NA region card fraud – mainly coming from specific BINs, there are 1-2 main fraudulent schemes, quite stable, if we can call it like that; in our case this market as a rule is the first to hit with fraudulent peak;
• EU region card fraud – is driven by fraudulent domains in most of the cases, although there are specific countries which show especial creativity in terms of fraudulent behaviour (Romania, Hungary);
• RU region card fraud – is the one who brings the new fraudulent schemes the most and spreads them all over the world. At least one per year we get something new;
• Asia region card fraud - is the last one to hit, however that’s the most dangerous. Once you ease up – you get it. Philippines is the country we are closely looking at;
• There is no way to remove fraud 100%, you can just push it to another market OR to somebody else.

Could you please explain how fraudulent purchases, and virtual currency arbitrage work? Please suggest some best practices on how fraud can be detected in gaming.

As I mentioned previously, our main source of fraud is coming from cards, where we identify 3 types, let’s call them ‘fraudster images’:

1. 100% fraud => those who are making business on fraud;
2. Playing fraudulent users => who do not mind cheating in order to play;
3. Friendly fraud => those who do not have direct intention to cheat.

Such gradation helps us to identify further steps that should be applied to the account. These may be strict sanctions (account block without possibility for reactivation) or a written notice/alert, depending on a case.

In order to identify fraudster images, we use a combination of parameters from in-game and payment activity. The easiest image to identify is the first one – 100% fraud, which is in fact not surprising, because real fraudsters do not play/or pretend to play. The third image is also quite easy to identify, when having at least basic info like domain, IP, playing history, paying history. Our main headache is the second image – playing fraudulent users. Those are still our customers and we want them to stay with us, however we want them to stop cheating, which may be quite challenging in the gaming environment. Thus, the best practice would be to define/ categorise the images of your fraudsters, which will then help you narrow your focus on the most critical.

There is a lot of debate within the industry over the challenge in keeping a balance between frictionless customer experience and strong security after SCA. What strategies should gaming companies implement to overcome this challenge?

That is indeed very true, the question of balance between frictionless payment journey and adding friction for a more secure flow has always been on top, especially for gaming companies. Video games may be drivers of impulsive payments and here the question of friction stands up. Our core rule is ‘the better antifraud solution you have – the more frictionless flow you may provide to your customer’ – i.e. as few steps to fill in as possible before pressing pay button, minimum distractions on the checkout page (ideally just payment fields), and payment in one-click availability. However, keeping in mind the specifics of each region, we prefer to have a dynamic approach by applying more friction on specific markets. For example, we support card payments in one-click everywhere. However, we still ask additionally to enter CVV code in CIS countries as an extra security, contrary to NA region countries, where we do not ask it. With SCA implementation, we definitely expect some decrease in conversion up until people get used to the fact that SCA has been implemented to secure their payments. In any case, we will rely on exemptions, especially Transaction Risk Analysis and whitelisting and we will still be doing our best to keep the convenience-friction balance.

What new fraud prevention technologies are you currently watching?

We are quite happy with the solutions provided by our partners for card fraud prevention and are not actively searching for anything new at the moment. However, with the new technologies coming (which are also used by fraudsters) and new regulations being implemented (such as SCA for example) – we are definitely expecting changes in fraud types and fraudulent behaviour we see now. Thus, we prefer to be in touch with the main antifraud solutions on the market and be aware of the services which exists in order to be prepared.

This interview was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Elena Emelyanova

Elena Emelyanova is a Senior Payments manager at Wargaming. She specialises in ecommerce acquiring and fraud protection globally having a strong understanding of various markets throughout Europe, North/South America, Asia, and CIS. Elena helps Wargaming to optimise the Alternatives and card payments flows all over the world, as well as keeping the fraud level low.

About Wargaming

Wargaming is an award-winning online game developer and publisher headquartered in Nicosia, Cyprus. Operating since 1998, Wargaming has grown to become one of the leaders in the gaming industry with 4500+ employees and offices spread all over the world. Over 200 million players enjoy Wargaming’s titles across all major gaming platforms.