The first question about MMO fraud is whether there is a real currency resale market. If there is a way to create cash directly or over on eBay, there will be real fraud attempts to use stolen credit cards to create cash.
Even though there is no actual “cost of goods” for virtual goods, MMOGs need to worry about fraud (as measured by credit card chargebacks) because if your chargebacks get over 1% for a protracted period, Visa, Mastercard and Amex will remove you as an accepted merchant. This will dramatically effect your ability to monetize your users.
Game operators need to worry about not just real fraudsters, but also “friendly fraud”; real players who really did buy the goods, but just don’t want to pay:
On the back end, many MMOs have a very hard time tying their chargebacks to the actual accounts and shutting those accounts off. That means that customers have learned that they can chargeback their transactions to get credit or money back and often still play next month. We actually see this happen around Thanksgiving as chargeback volume spikes so that people have more Christmas spending money.
It is relatively easy to reduce fraud rates by making gross business rules that block whole classes of potential customers that fall into higher risk categories. But in a business where your cost of goods is zero, the opportunity cost of “false positives”, where you turn away many good customers in order to stop a small number of bad customers, is very high. As Hoffman notes:
…we have noticed across all our gaming clients when it comes to fraud is that the 1% chargeback rate is really a marketing budget.
Having your chargebacks too low often means you aren’t being aggressive enough on the customer acquisition side. One of the real side benefits of a large customer base is that the denominator in your chargeback rate is quite large and offset by very safe and trustworthy transactions.
Those two processes create a virtuous cycle that allows you to push hard to sign new customers up if you have someone like Vindicia really watching the chargebacks on the back end.
In general, there are two ways of managing fraud:
1. User based approaches (such as Vindicia’s) look to identify both good actors and bad actors across multiple virtual goods merchants, creating a network of trust. These approaches lend themselves to being outsourced to an expert third party.
2. Behavioral approaches look to correlate certain “in game” behavior with likely fraud (e.g. a new player with a level one character who attempts to buy an expensive high level item within 5 minutes of registering). These approaches typically need to be handled on a game by game basis.
The best operators of virtual goods businesses apply both approaches.