1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Avoid Mobile App Fraud

Discussion in 'Mobile Marketing' started by keenmobi, May 12, 2017.

  1. keenmobi

    keenmobi Jr. VIP Jr. VIP

    Joined:
    Mar 24, 2017
    Messages:
    113
    Likes Received:
    8
    Gender:
    Female
    Mobile games represent the fastest growing segment (compared to the previous year, it increased by 21% due to the penetration of smartphones into the emerging markets and the successful "free" model of free-to-play games with built-in purchases). Reports show that users willingly pay for VIP status, virtual items to speed up the game or even win, with an average cost of $ 50 per user per game.

    With such a market recovery, it is not surprising that online criminals also penetrated the ecosystem and created a thriving elicit market of in-game virtual goods. How do they do it? Below are described several techniques of intruders.


    SIBYLLA ATTACKS THROUGH PROXY SERVERS


    Sibylla Attacks - a network attack in which one of the nodes can have several identifiers, thereby disrupting the system. Proxies provided by cloud services allow online criminals to significantly increase their operations and bypass the reputation-based detection systems. In the context of mobile gaming fraud, they also allow attackers to use several fake identification numbers, simulating a presence in several geographic locations depending on where the servers are located.

    These fake ID numbers are used to take advantage by means of promotions in games with rare or limited virtual goods, for example, those that are only available in certain regions or in a limited daily amount.

    They are also used for arbitrage transactions with virtual currencies: by pretending to be present in different countries, the burglar buys virtual goods in one place (with weaker currency), sells in another (with a stronger currency), and appropriates the difference in price.


    BROKERS OF BUILT-IN PURCHASES


    Some mobile games do not allow the exchange of virtual items between users. In this case, the goods cannot be resold.


    Without suffering defeat, online scammers apply a different approach to such types of games and markets for virtual goods. They announce about tempting 25% or more discounts, that players will give their access requisitions to someone else for making virtual goods purchases on such terms. Sellers will even remind you to change your password after the transaction is completed, in order to “avoid unwanted problems”.

    FAKE OR STOLEN CREDIT CARDS



    No one would have risked in this business if the profit in the price was not so tempting. So let’s return to the source of financial fraud and the headache of recent years - forged or stolen (because of data leaks) credit cards.


    In contrast to store purchases that can be protected by EMV technology (an international standard for bankcard operations with a chip), mobile game developers have a very limited set of methods for verifying in-game transactions without the physical presence of a payment card.

    Existing approaches rely on systems based on production rules or controlled learning models that can only respond to known attack patterns.

    Even more complicated by the fact that the intermediary in the in-game transactions are usually mobile payment platforms, such as Apple Pay or Android Pay, so that applications do not have access to transaction details in order to distinguish between legitimate purchases and illegal ones.

    THE REAL PRICE OF IN-GAME FRAUD

    Why does all this matter for mobile games? Because virtual items do not really "cost" anything, but in fact, this means that there is a huge amount of money lost due to unrealized income.


    It is estimated that for each legal virtual item sold, there are 7.5 virtual items lost due to fraud.

    However, the biggest problem for games is the negative impact on the user experience. When fraudulent in-game purchases spoil the economy of the game and allow some players to use an unfair advantage, this spoils the game to other users. With such competition, games cannot afford to lose users.


    CONCLUSION: This is only a small part of the fraudulent techniques encountered in mobile games.As mobile applications rely more and more on built-in "virtual" purchases, they should be ready to repel fraudsters. The loss of virtual items has a huge negative impact, as on the growth of users, and on the company's profits.
     
  2. theappguru

    theappguru Newbie

    Joined:
    Apr 17, 2014
    Messages:
    29
    Likes Received:
    1
    Interesting and educative piece ;)

    Are you the author ?