iovation interviewed at Casual Connect on Protecting MMOs from Fraud
November 4th, 2009 by Max Anhoury
Darin Glatt, application architect with iovation, was interviewed by the Chroma Coders Game Development Club at Casual Connect Seattle. Darin shares information on iovation’s online fraud protection service used by many leading MMOs.
Interviewer: I’m here at Casual Connect and with me today is a special guest. Would you please introduce yourself?
Darin: Hi, I’m Darin Glatt. I’m the application architect for iovation.
Interviewer: What is iovation?
Darin: iovation provides a service for games and websites to help them fight fraud and abuse.
Interviewer: Is this credit card checks or what exactly is it? And how would a game use this service?
Darin: Well, actually it’s not credit card checks. We consider fraud just another kind of abuse on a website. We handle it all the same way. We do that with device recognition and device reputation. We provide a global database of devices, and we track their reputations so we can tell you, when you send us a transaction, what that device has been up to.
Interviewer: Can you give me specific examples of how games use this service to eliminate fraud for a better experience for the legitimate players?
Darin: Yeah, it’s very easy. Before they let the user log in or use a part of their game or service, they check with us and find out what the computer’s reputation is. For example, if they are concerned about chat abusers, they can send us a transaction, find out whether or not we’ve seen them commit chat abuse on their site or anybody else’s site, and they can decide how to act on it.
We do the same thing with fraud. Before a financial transaction you can check with us, and we’ll tell you whether or not they’ve committed some kind of fraud on your site or somebody else’s site.
Interviewer: How is this different than, let’s just say that you find someone and they’re being “a grief” on your MMO and you just block their IP. How is this better? How is this more effective?
Darin: Oh, it’s much more effective. We actually collect quite a lot of information about the device. We analyze that in real time, and we come up with a profile. It’s much more sophisticated than just tracking IP addresses. IP addresses are very easy to spoof; anonymous proxies, you can set it up and spoof your IP address in just a few minutes. Just search for anonymous proxy on Google, you’ll find lots of ways to do it. We have to track a lot more information than just the IP address. We build this profile, and we analyze it, and we decide whether we’ve seen that device before and whether or not that device has a reputation.
Interviewer: Basically, then, MMOs can use your service to enforce, maybe, one player per customer kind of thing. Is that possible?
Darin: Sure, if they want to block an account and block the user, we can tell them whether or not the account has been blocked on that device, and they can stop account confirmation then. You close down their account. If they try to come back and do the same offense with a new account, we can help you stop that.
Interviewer: Are there any other things that MMOs use your service for besides what we’ve already talked about? Are there other issues that you can help with in terms of making sure that the player experience is better for MMOs?
Darin: Basically, what they use it for is integrating at different points in their site or in their application to create a better user experience at all levels.
Interviewer: Does the application have to be a downloadable? Can it be Flash? Can it be a web service?
Darin: It can be just a web service without any download at all. There is also a downloadable version that clients can add for even stronger device recognition.
Interviewer: How long does it take for a team, or a small development team, to implement this system in their service or their game?
Darin: In actual development time it’s very short. The hard part is finding a good time to actually add it, but for a web integration, we’re talking about just a few lines of code.
Interviewer: In terms of pricing, can small teams develop it? Should they wait until they become a big MMO? How can people get started?
Darin: It’s important to consider it sooner rather than later because there’s that time when you go from being just a small game to being a huge game, and sometimes that happens overnight. When you become a huge game, you are very popular and you end up with some kind of an abuse problem. It happens to everybody. It’s good to have a plan to mitigate that, whatever that solution might be. I would hope that it would be iovation.
Interviewer: Can you talk more about some specific categories; what they are and what developers should be looking for?
Darin: Yes, in addition to fraud and general site abuse, we also offer categories for tracking gold farmers which would be specific to MMOs. It would allow you to stop users from gold farming on your application and also from creating new accounts and farming gold with the new accounts as well.
Interviewer: Is gold farming an issue if you’re not able to sell the coins outside of the game?
Darin: Oh, sure. It’s just like any other abuse. People use their gold to abuse the game in all sorts of ways, and they can sell the gold outside of the game for monetary value.
Interviewer: You were talking about how there are actually complicated rings, and so your system can detect all those things?
Darin: Oh, absolutely. It seems like gold farming is almost always run by a ring. It can be a very expensive operation so they go the cheap way farming gold and then sell it on other websites. By tracking device-to-account associations and website associations, iovation allows you to block the entire ring because typically they reuse devices and accounts all of the time. We track all of that. So you block one, you block them all.
Interviewer: Thank you very much.
For real-world examples using device reputation to fight online gaming fraud and abuse, you might enjoy these two case studies:
- Ntreev USA Tackles Chargebacks and Terms of Service Violations with Device Reputation
- BattleClinic’s Chris Condon Shares Strategy on Preventing Gaming Fraud and Chargebacks
