In the world of online gaming, everything happens fast: purchases are fulfilled instantaneously, bets are placed quickly, and through it all, customers expect their gameplay to continue without a hitch. Whether it’s online gambling or a multiplayer role-playing game, the stakes are high. It’s easy to see why games attract fraudsters.
How do businesses fight back while keeping their customers happy? We chatted with Danièle Thillmann, Senior VP of Fraud and Payments at Green Man Gaming. Danièle reveals how businesses can confront the unique challenges of a digital vertical. Armed with years of experience in the gaming world, Danièle shares how gaming companies make a tricky and crucial decision: which fraud prevention solution to use.
Evan: Welcome to Trust and Safety in Numbers presented by Sift Science. I’m your host, Evan Ramzipoor. Fraud in the gaming industry may not get a lot of press but it’s a serious problem. There are about 2.2 billion gamers in the world, yes, it’s billion with a b, and 47% of them spend money while playing. So we have about a billion people interacting with an online service spending money and expecting that service to process their transactions instantaneously. It’s almost a fraudster’s dream come true. But in order to succeed, fraudsters still have to meet some pretty formidable resistance on the fraud front lines. People like Daniele Thillmann, senior vice president of fraud and payments at Green Man Gaming. I’m sitting down with Daniele to get a snapshot of how an online gaming company fights fraud. But first, let’s warm up with a quick fraud fact.
Did you know that fraud in the gaming industry more than doubled between 2016 and 2017? To learn more, check out “It’s all fun and games until someone gets hacked” on the Sift Science blog. Now on to the interview.
Daniele, tell me about yourself. What do you do and what does Green Man Gaming do?
Daniele: Great! So I’ll tell you about Green Man Gaming first. We’re an ecommerce store and also a community platform. So primarily, we sell digital video games around the world on many different platforms and then, our community offers discussion about games and news about games, game tracking data, basically it’s supposed to be a destination for the gamers to come and chat and find out anything new or talk about their achievements, etc. So it’s quite an interesting place to look around if you are a gamer.
In addition to that, we also have a publishing arm which I don’t think a lot of people know. It’s a very challenging thing to do if you are a young developer studio, perhaps and, you know, you don’t have the right experience or connections or opportunities. We help these guys and help them navigate through a challenging marketplace. And for me, I have been at Green Man Gaming since 2013 and I look after fraud prevention, payments and customer service and prior to that, I worked in a number of fraud and payments roles in ecommerce, retail and the gambling sector.
Evan: What unique challenges do you face in the digital vertical?
Daniele: Physical goods merchants have the luxury of holding their orders for a limited amount of time before fulfilling it and dispatching it to the customer, which is great and I used to do that in a previous role. So it gives you at least an hour or two to do all your checks and make sure you’re happy with the order. Sometimes, you might not even take the payment until you’ve carried out your checks, whereas in our world, in a digital space, customers expect their order to be fulfilled within seconds of paying. Literally, our customers will go crazy if they weren’t shown their key, you know, 60 seconds after checking out. So we have to approve or decline in real time and fraudsters know and exploit this. When it comes to fraud prevention, the speed of delivery is definitely an extra challenge for us in our vertical and this also leads to our store being more susceptible to automated fraud attempts. Fraudsters are using automated tools or bots to place hundreds of orders within minutes and if you don’t detect this quickly, you can incur very large losses in a short space and time.
Evan: Okay. So it’s hard to overstate how damaging these bots could be. You know all that time you spend thinking about scalability? Fraudsters are thinking about it too. They’re increasingly relying on bots to commit fraud at scale. This has been particularly true for content fraud. You might recall the scandal that hit the Federal Communications Commission when they opened their site to comments about net neutrality. The FCC site was flooded with content fraud created by bots and even sites like Google Maps are being constantly inundated with fraud powered by bots.
Daniele: When you don’t have a review queue, like we don’t at the moment, you tend to earn a side of caution. With every fraud set up, good customers end up being caught in your fraud spinning process anyway. However, this rate might be slightly higher in the digital world.
Evan: This is no joke. When you have a rigorous fraud prevention strategy and hopefully you do, good customers can end up as collateral damage. About 33 million Americans had an honest transaction blocked by an ecommerce site in 2016 and businesses that blocked honest customers, they lost about $118 billion.
Daniele: Many studies I’ve read have actually shown that digital merchants, because they can’t sideline orders, they don’t question about and then often end up declining them. So for us, that means constant review, staying close to our approval and rejection rates and keeping a really close eye on fraud, making adjustments constantly.
Evan: What kinds of fraud do you typically see in your vertical?
Daniele: We predominantly see good old fashion payment fraud. Stolen cards being used or identities, entire identities being used rather these days, with matching names, addresses, CVC codes. We also occasionally see account takeover attempts.
Evan: Green Man Gaming isn’t alone in that. The rise of account takeover hasn’t spared the gaming industry. Back in 2015, a hacking group posted about 1800 Minecraft user names and passwords online, allowing anyone to use those credentials to commit account takeover. All they had to do was log in as the original user and download the game. Another hacking group commits about 77,000 account takeovers on the Steam digital distribution platform every month.
Daniele: Surprisingly, we don’t have a huge amount of friendly fraud. I hear from my peers in the gaming industry that this can be quite a big issue but we don’t seem to see that. So we study about solid game keys and we rarely have people with buyers remorse or unhappy with the product types of complaints.
Evan: Walk me through how a company like Green Man Gaming goes about choosing a fraud prevention solution.
Daniele: We haven’t had to choose one in a very long time. We’ve been with Sift Science for quite a few years now. Critical elements to the selection process at the time were the ability of the company to grow with us and operate at scale. We also particularly look for a business that showed us that they were going to continue to evolve and adjust their product. Fraud evolves all the time. Then the fraudsters use different methods, they have different ways of attacking your site, so our tools have to as well. I didn’t want to end up somewhere where fraudsters would be many steps ahead of us and we we’d be feeling helpless to do something about it. So it was important to find a provider that could demonstrate from the start that they’re keen to learn from their merchants and address their pain points with the products they offer and that they wouldn’t just sort of stall at one point and just not grow themselves. And of course, on a practical side, there were the usual RFP processes and trial periods, during which we assess the products and this helped us make the our final decision.
Evan: Can you talk about some of the pros and cons involved in using machine learning-based approaches versus rules-based approaches to fight fraud in the digital vertical?
Daniele: Yes. So we use a combination of tools at Green Man Gaming. Machine learning with Sift Science and a rules-based fraud prevention system with another provider and the combination works [inaudible 00:06:58] actually. We use both of them for what they’re best at. So rules help us stop sudden fraud attacks mostly that come out of nowhere and would otherwise cost us financially, whereas machine learning helps us a huge amount not to block good business. So we also have disregarding fraud obviously, but the main element and the most eye opening element was that we were enabling revenue through the use of machine learning. Since we started using Sift Science, we’ve seen a big drop in our false declines which is just fantastic. Machine learning is able to pick up on so many subtle nuances in the user’s behavior on the site, the credentials they give us, the speed at which they type or check out, it’s really impressive. So machine learning of course also learns from what you are teaching it. So it adjusts based on the information it’s being fed, whereas in a rules-based system, you have to do this yourself, monitor, measure, adjust, it’s a never ending cycle. So this has been very time consuming in the past for our team. It’s basically so much easier with machine learning. It helps you stay up to date with the fraudsters so to speak because you’re teaching the system new fraud trends, new methods almost in real time.
Evan: Thanks for joining me on Trust and Safety in Numbers. Until next time, stay vigilant, fraud fighters!