Fight Serious Fraud in Your Online Game


Published on

Account sales are a big problem in almost every online service. Gold farming is also an issue for many games. How do you stop them? Should you? One key is to keep your legitimate customers happy and not spend a lot of time hunting down the "bad guys".

There is a lot more that can be done to protect your online game, check out the resources, tools, and articles at

If you are need have questions or comments, send me an email to steve @ with the subject “Game Fraud”.

If you are interested in keeping up with the latest books, articles, and tools from me at Free2Secure send me an email steve @ with the subject “Subscribe”.

Finally, if you have any security questions, issues, or shoot me a note to steve @ with the subject “Help”.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Fight Serious Fraud in Your Online Game

    1. 1. Security eBooks Gold Farmers, Gold Frauding, and Account Sales Steven Davis Fighting serious fraud in Online Games steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    2. 2. Security eBooks This is about Business, not Justice Your goal is to maximize revenue, not ensure that people play the way you want or do what you think is “Right” steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    3. 3. Security eBooks You’ve heard of Cheaters, Gold Farmers, and Pirates? •Don’t wait until after launch to consider them •Implement and test economic systems EARLY and rigorously steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    4. 4. Security eBooks Gold Farmers are not Cheaters • They are playing the game properly with a different Win criteria than you • Lots of YOUR players have different definitions of Winning and Fun – Play with their friends – Not be bored – Be super-powerful – Not have time steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    5. 5. Security eBooks Stock Market, not Auction House item item item item item item item item item item item item Buy Orders item item item item Sell Orders item item item item item item item item item item item item item item item item • For each item, implement a queue of buy and sell orders. Matching orders get executed • Anonymize and decouple buyers from sellers to prevent covert buying using your auction house • Create real market turmoil (potentially) making it potentially riskier to gold farm • Allows efficient intervention by game operator steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    6. 6. Security eBooks Mini-games and real economy games • Mini-games make AI challenge for bots and enliven time-based activities – Can be developed or acquired at low cost • Detailed economic system models – Richer game play gives ordinary players to participate in system – Therefore, players compete with farmers steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    7. 7. Security eBooks Power-leveling and Account Sales • Inherently difficult if not impossible to stop • Best to manage – Educate players to reset passwords and password recovery information – Orderly account recovery in case of theft • Make it easy to exchange characters between accounts • Support escrow transactions steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    8. 8. Security eBooks Ban Banning • Online identity is already weak • Minimal action…. Let troublemakers think they are OK – Heck, as long as they aren’t bugging anyone else, keep them around • Redirect, Minimize, Isolate steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    9. 9. Security eBooks Deep Logging • Log and store game events down to the individual action level • Provide tools for analysis and replay by staff as well as players – Can be used for live replay and broadcasting more efficiently than screen captures • Use signatures if sent to third party player – Use integrity function on server to stop replay or spoofing • Deep Logging combined with Deterministic Game Engines makes game verification MUCH easier • Should include (either for individual entry or derivable): IP, PlayerID, PlatformID, Session, Action, Action Parameters, Platform Time, Server Time, Signature steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    10. 10. Security eBooks Profile • Store periodic snapshots of player profile andSnapshots information – At least for several sessions and over a period of time • Make it easy to restore/rollback a player profile – Don’t investigate problems, fix them – faster, cheaper, happier player • … can even monetize… steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    11. 11. Security eBooks • Use “Free to Play” for security e: ur – Insurance for Account ec ing ity Protection – “Safe Backup” Images 2S tiz ur – Account Locking on Vacation ee ne ec – SMS Verification for Fr o t S Transactions M un – “Extra” Customer Service for c co security incidents A – … even “Protect Your Kids” services steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    12. 12. Security eBooks What next? • Don’t give up! • More security presentations at: • Check out my book “Protecting Games” – Additional information at • You can “win” the security game steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    13. 13. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416