The pandemic has been a shot in the arm for some industries, but it has been particularly advantageous for gaming, what with people having been forced to stay indoors and find ways and means of amusing themselves at home.
The Indian online gaming sector reached a value of $1.027 billion in 2020, a growth of over 17 per cent from $543 million in 2016, according to the EY-All India Gaming Federation (AIGF) report, Online gaming in India — The GST conundrum.
By 2023, the sector is expected to reach a value of $2 billion, in terms of fees earned, while the number of online gamers in India is projected to grow from 360 million in 2020 to 510 million in 2022. The 400-plus gaming startups in operation are also accelerating the growth of the sector.
However, with the increased interest in and popularity of gaming, the risk of cyber attacks and fraud has also gone up.
From account takeovers to phishing, using bots to rigging gameplay and stealing financial data, online gaming companies are having to deal with a range of fraud today. Some are using third-party tools to tackle the problem, while others have built the capability to attack and weed out fraud in-house.
Take, for example, the fantasy sports platform Dream11, arguably India’s most-loved platform in the genre. However, with a user base of more than 100 million, and user concurrency of over 5.5 million, Dream11 clearly has the potential to be misused.
To deal with the problem, the company has built an in-house fraud detection system called FENCE (Fairplay Ensuring Network Chain Entity). “It is powered by a graph database that’s responsible for processing and maintaining all models and heuristics so that Fair Play Violations are detected timely and efficiently,” the firm said in a blog post.
Built to capture multiple fraudulent techniques and mental shortcuts (heuristics), FENCE uses complex database technology at the backend, including services like Gremlin, which enable the running of complex experiments on these databases.
The commonest fraud on the platform is the use of multiple accounts. “A major kind of Fair Play Violation is the creation of multiple or duplicate accounts by a user to abuse referral or promotional cash bonus schemes. While we are incentivising our users to introduce their friends to our platform, a handful of users misuse these schemes by creating duplicate accounts to avail the benefits repeatedly. In such cases, we need to identify and map these multiple accounts to a single person,” Dream11 explained in the post.
Similarly, Rooter, a game streaming and e-sports platform backed by Paytm and Anthill Ventures, among others, uses analytical tools to identify and weed out suspicious behaviour.
“We use analytical tools like Amazon Web Services (AWS) Redshift to process logs of all interactions on the app. Automated jobs using frameworks such as AWS Athena are constantly running to analyse user inputs and suspicious activity is flagged the second it arises,” says Piyush Kumar, Rooter’s founder and chief executive officer.
Redshift is a data warehousing service that helps customers process large amounts of data.
Rooter also uses the Akamai Web Application Protector to protect and track suspicious activity in its servers. “Any attack pattern is automatically identified by Akamai and either an alert is raised or the user is automatically blocked, depending on the severity of the issue,” says Kumar.
The Akamai Web Application Protector is a complete set of applications designed to protect online applications and assets from different kinds of attacks.
There are also firms such as fraud detection and prevention company mFilterIt, whose Online Communities Integrity Suite (OCIS) helps its clients manage online communities to build trustworthy and real engagements with fans and other community members.
mFilterIt’s estimates that 17-18 per cent of fraud spends are incurred on managing communities in India. The company claims that OCIS helps it save up to 10-15 per cent in managing online communities.
Common frauds across different kinds of businesses include bot signups, fake offers and coupons, fake engagements and account takeovers.
Amit Relan, mFilterIt’s co-founder and director, notes that one of the first ways of detecting fraud or suspicious behaviour is to monitor device IDs, Internet Protocol (IP) addresses and players’ locations on a gaming platform.
“The IP address for a user like you and me, logged into a mobile or WiFi network, would belong to a specific pool of IP addresses. If you suddenly see the IP addresses coming from an AWS data centre or a GoDaddy data centre, that raises a red flag,” he says.
Relan adds that gaming fraud differs from fraud in other areas because the nature of games, devices and platforms differs widely in gaming. “And gaming platforms are struggling to get the right distribution channel, because half the time it is done through APKs (Android application package),” he said.
Most other applications, like e-commerce, have more established and mature distribution channels via official websites and apps.
APKs, on the other hand, allow users to download an app without going to an operating system play store like Google Play. For example, when Chinese apps were banned in India last year, many users downloaded them using APKs. However, APKs can be a security risk, since software updates often do not get installed on them.