Rise of the Gaming Industry and the Free-to-Play Model
Over the past decade, the gaming industry has seen the rise of a new trend: the free-to-play (F2P) business model. While games released under this model require no upfront cost to play, game developers are making money by giving gamers the option of making in-game purchases to unlock virtual items, abilities, or character outfits and other skins that help them progress through a game. Last year the total gaming market amounted to a staggering total of $120 billion. Of that, more than 70% of it (about $88 billion) came from the F2P platform – surpassing movies, TV and traditional games.
Data Breach Risks
Clearly, the gaming market is growing rapidly. Unfortunately, payment fraud is on the same upward trajectory. The abundance of payment data available in the gaming industry attracted the highest data breach attack rates across all industries in the first half of this year. In total, gaming experienced 26.6% of all data breach attacks. And one in five of the 2.2 billion active gamers experienced payment fraud.
Account Takeover and Payment Fraud in Gaming
One reason payment fraud is rising so quickly in F2P gaming is due to poor password habits that leave accounts with single-click payment experiences vulnerable to payment fraud through account takeover (ATO). Once an identity thief manages to break into an account, they have the ability to change the account’s password, effectively locking out the victim. The identity thief can then proceed to make in-game purchases for items they can resell online for real money.
ATOs like this are especially common in popular games with flourishing digital economies, like Fortnite. The F2P shooter boasts an impressive 80 million active monthly users, with 350 million total registered accounts so far. According to Night Lion Security’s report on the underground gaming market, sellers made as much as $25,000 per week, or $1.2 million per year, on stolen Fortnite account sales.
Protect Your Passwords
Given that a gamer’s payment information is saved for quick in-game transactions, gamers can’t overlook the importance of strengthening their main line of defense against unauthorized transactions: strong passwords with two-factor authentication and the awareness to identify and avoid phishing scams.
