In honor of International Fraud Week, Fact Finder Forensics is continuing to explore fraud in an effort to raise awareness and fight this global issue. Today we are discussing how criminals are able to exploit current video game platforms to filter illicit funds. Technology has long offered multiple channels for fraudulent activity, but what may come as a surprise is the rapid expansion of money laundering through online video games.
Though many online video games are free to play, game publishers create in-game purchases if players want to obtain rare virtual merchandise. It’s not unusual for avid online gamers to spend money on their favorite video game as they work to level up their character or collect exclusive items—especially since it is incredibly popular to acquire in-demand merchandise and sell them to other players for profit.
This practice is known as “gold farming” and is commonplace in large multi-player online video game platforms. However, criminal activity becomes possible because of it. In-game items suddenly have real-life monetary value and cybercriminals are taking full advantage of this virtual marketplace. Submitting false timesheets to pay themselves or someone else more than they earned
Gamers may use prepaid gift cards or credit cards to pay for in-game currency and to purchase rare weapons, characters, clothing, and more. Players will usually spend less than $200 on video game merchandise at a time. These relatively small “microtransactions” aren’t out of the ordinary on crowded video game platforms, creating a new avenue for cybercriminals to launder money that is difficult to detect.
The ease of transferring in-game currency coupled with the industry’s unregulated status has allowed money laundering to flourish on crowded online gaming platforms, particularly in multi- player games. Cybercriminals can easily blend in and get lost in massive multi-player worlds as they funnel money through seemingly normal in-game microtransactions.
Online gaming is especially attractive for fraudulent activity because there is a lack of customer identification, no monitoring of financial activities, and insufficient reporting and response for suspicious transactions.
Gaming the System: How Do Criminals Launder Money Through Video Games?
Criminals will start by downloading a free-to-play online video game using a phone, tablet, or PC. Next, they will either create a new account or hack an existing account to further encrypt their identity.
The cybercriminal will then channel the proceeds of their illegal activity—often stolen credit card information or money from other illicit activities—into the game and convert the money to the in game currency. Under the guise of normal play, they will make a series of microtransactions with the in-game currency, purchasing rare weapons, character apparel, and more to create a lucrative, sellable character.
Money laundering usually follows three steps: placement, layering, and integration. Online video games have become an ideal cover to carry out these steps since other traditional channels have become too well-examined. First, the illicit funds are funneled into the game. Once placed, the money is layered through multiple microtransactions in an effort to lose the original source. Finally, the laundered money is integrated back into real world currency through a sale.
Cybercriminals will either sell their stash of in-game currency or their powered-up characters at discounted prices on gray market exchange websites (e.g. Player Auction, G2G, IGVault). With the lack of regulation in the online gaming world, it has so far proven to be an effective method for cybercriminals to cleanse fraudulent gains without intense scrutiny.
Video games with in-game purchasing and trading continue to launch—meaning illicit activity will continue to thrive in these virtual marketplaces. As of yet, there are no clear regulations or expectations within the video game industry on what should be done to identify and prevent criminal activity on their platforms.
After all, buying in-game items with stolen credit card information is no different than a purchase of goods with a stolen credit card. The responsibility for detecting the fraudulent activity remains with the payment processing company, not the video game platform. However, it is clear that the entire video game industry needs to concentrate on creating effective guidelines and clear protocols for microtransactions in an effort to reduce criminal activity.