Using Threatmetrix to Prevent Game Abuse

Alisdair, from Threat Metrix, talks about their service to help prevent abuse in your games

You can download the podcast here…
http://www.indiegamepod.com/podcasts/cc-threatmetrix-interview.mp3

Or listen to it here…

Show Notes:
Interviewer: I’m here at Casual Connect and with me today is a special guest. How about you introduce yourself?

Alisdair: Hi, this is Alisdair Faulkner, VP of products for ThreatMetrix. We’re a company located in Palo Alto, California.

Interviewer: What is ThreatMetrix about?

Alisdair: ThreatMetrix stops fraud and abuse in games. We do that primarily by looking at the device in the transaction rather than the user credentials.

Interviewer: You know, if a small development team is running a MMO or some of these social games or some of these Flash MMOs, how can they use your service to ensure the integrity and the quality of service for their MMO for their players?

Alisdair: That’s a really good question. One of the key things is to make sure that the user experience in their game is valuable to them. And so, what ThreatMetrix does is by looking at a device if you have issues with abuse, one of the things you’ll do is block, typically, trying to stop it. The challenge of that is that someone can just go in your profile, use your proxy, change your IP address and come back.

The other problem you find is that you will be attacked with scripting. That’s another issue that a lot of people have in terms of their game and protecting the game mechanics. The third problem is when you get to a point of monetization, either accepting credit cards or coins, is that game developers are going to find themselves being faced with things like chargeback and how now that you’ve got the money how do you keep the money.

So, at ThreatMetrix what we do is we provide some simple APIs, some embedded tags that go into your web-based game which enables you to query us and give us a call and say, “Should we trust this device?” If they are creating a new account, has this computer been associated with multiple different accounts in a short period of time on your side or globally across other sites that are using our service?

At a point of a credit card transaction, are they doing that transaction from behind a proxy? Is their IP address pretending to be in the U. S. but is actually located in Vietnam? So, by having the technology which we call device identification as an additional piece of service for your game, you are going to find that you are going to be able to protect your users and also protect your bottom line.

Interviewer: How easy then is it to implement this API, and how can people get started?

Alisdair: ThreatMetrix is very easy to start. We have a transaction model where you don’t have to get signed into a contract. Typically, you just put some tags at key points in the game or transaction so one might be on the details page at checkout. It might be on the new account registration page, and that’s just when that loads it’s loaded for [?] and you use that to query our API. We return results in real time. By the time someone clicks on to join or log in, you can query us and we’ll give you a score back and the reasons why you may not want to trust the complete attributes of the device.

For example, one of the things we check is if someone signs up and says they’re using a browser which is IE riding on Windows, but if we profile the device engine and it tells you that it’s a Linux computer, that’s going to raise flags for you. And that’s also going to be very important for detecting things like bots and scripts, things like that.

Interviewer: Can you talk about how your service can prevent against bots and all that other scripting rings and stuff like that.

Alisdair: Yeah, right. So, gold farming, obviously… One of the things that you do, when you take out the device or when I say take out the device, if you can identify some device even though they might be connecting from behind multiple IP addresses. China is a big issue there because of the great firewall of China. One of the things it allows you to do is see a glossy face on that device.

They might change their name. They might change their log in. The IP address might change, but because we can identify that device you can red flag it. We can use that to make sure that we are detecting someone.

The other issue also is if you can detect collusion. If you have two different people buying and selling transactions in a game and you can say, look out they are coming from the same geography or the same computers. That’s also very, very valuable information.

Interviewer: You know, with collusion though, if you have a per transaction model, how does a developer use your service in a way that is affordable for them but also is able to detect all of these issues that could constantly pop up?

Alisdair: Great. That’s a really good question. ThreatMetrix is integrated so one of the things if you’re starting out as a development team is getting along. The first thing you are going to be interested in is monetization. So, one of the questions I would ask is if people are doing monetization through either your Gateway or your offers.

For example, there are companies like Offer Pal and Super Rewards. Are they using device identification as part of that solution, device identification being technologies that ThreatMetrix does. They also have the ability to just work with us if they wish on the per transaction model. I recommend starting where it is easy to see the benefits, so credit card transactions or the offer to see how much that is having an impact on reducing your fraud.

When other organizations that are really concerned about their brand and the user experience, maybe, they’ve grown into the hundreds of thousands of millions of users, then new account registrations and even log ins would be definitely worthwhile doing.

Interviewer: What’s the most popular use of ThreatMetrix? What’s the most popular service you offer that MMO developers do use to make sure that their experience is good?

Alisdair: So, definitely we have very large social gaming networks, people with millions and millions of users. Protecting the user experience and new account registration is very important, so while there may not even be a credit card transaction involved, making sure that they protect the user that fund games, they can screen people. It tends to be a very popular use of us.

And then, of course, you’ve got to use the converter of monetization at the credit card transaction, so we work with companies like Cyber Source who integrate us into their decision managing products. That’s also a very popular way that people get to take advantage of ThreatMetrix and device identification.

Interviewer: Where can developers find out more information about the service?

Alisdair: Contact us on our website, threatmetrix.com. That’s t-h-r-e-a-t-m-e-t-r-i-x.com. Send us an email or give us a call and we’ll be glad to talk to you.

Interviewer: Thank you very much.