Experimental Game Dev Interviews — The First Game Dev Podcast Ever
RSS icon Home icon
  • Using Iovation to Prevent Game Abuse

    Posted on October 11th, 2009 IndieGamePod No comments

    Darren from Iovation discusses game fraud and abuse

    You can download the podcast here…
    http://www.indiegamepod.com/podcasts/cc-iovation-interview-final.mp3

    Or listen to it here…


    Show Notes:
    Interviewer: I’m here at Casual Connect and with me today is a special guest. How about you introduce yourself?

    Hi, I’m Darren Glad. I’m the application architect for Iovation.

    Interviewer: What is Iovation?

    Darren: Iovation provides a service for games and websites to help them fight fraud and abuse.

    Interviewer: Exactly, is this just credit card checks or what exactly is it, and how would a game use this service?

    Darren: Well, actually it’s not credit card checks. We consider fraud just another kind of abuse on a website. We handle it all the same way. We do that with device recognition and device reputation. We provide a global database of devices, and we track their reputation so we can tell you, when you send us a transaction, what that device has been up to.

    Interviewer: Can you give me specific examples of how game users service to eliminate fraud or a better experience for other games or game players.

    Darren: Yeah, it’s very easy. Before they let the user log in or use a part of their game or service, they check with us and find out what their reputation is. If, for example, they are concerned about chat abusers, they can send us a transaction, find out whether or not we’ve seen them commit chat abuse on their site or anybody else’s site, and they can decide how to act on it.

    We do the same thing with fraud. Maybe, before a financial transaction you check with us, and we’ll tell you whether or not they’ve committed some kind of fraud on your site or somebody else’s site.

    Interviewer: How is this different than, let’s just say that you find someone and they’re being a grief on your MMO and you just block their IP. How is this better? How is this more effective?

    Darren: Oh, it’s much more effective. We actually collect quite a bit of information about the device. We analyze that in real time, and we come up with a profile. It’s much more sophisticated than just tracking IP addresses. IP addresses are very easy to spoof; anonymous proxies, you can set it up and spoof your IP address in just a few minutes. Just search for anonymous proxy on Google, you’ll find lots of ways to do it.

    So, we have to track a lot more information than just the IP address. We build this profile, and we analyze it, and we decide whether we’ve seen that device before and whether or not that device has a reputation.

    Interviewer: Basically, then, MMOs can use your service to enforce, maybe, one player per customer kind of thing. Is that possible?

    Darren: Sure, they can do things like… If they want to block an account and they actually want to block the user, we can tell them whether or not the account has been blocked on that device, and they can stop confirmation then. So, you can’t have the repeat offender come in. You close their account down. If they come back and do the same offense with a new account, we can help you stop that.

    Interviewer: Are there any other things that MMOs use your service for besides what we’ve already talked about? You know, are there any other issues that you can help in terms of making sure that the player experience is better for MMOs?

    Darren: Basically, what they use it for is they integrate it at different points in their site in their application to make a better user experience at all levels.

    Interviewer: Does the application have to be a downloadable? Can it be Flash? Can it be a web service?

    Darren: It can be just a web service without any download at all. And then, also, there is a downloadable part that you can add that provides a much better device recognition.

    Interviewer: How long does it take then for a team, or a small development team, to actually implement this system in their service or their game?

    Darren: In actual development time it’s very short. So, the hard part is finding a good time to actually add it, but for a web integration we’re talking about just a few lines of code.

    Interviewer: In terms of pricing, can small teams develop it? Should they wait until they become a big MMO? How can people get started?

    Darren: It’s actually pretty important to consider it sooner rather than later because there’s that time when you go from being just a small game to being a huge game, and sometimes that happens overnight. When you become a huge game, you are very popular and you end up with some kind of an abuse problem. It happens to everybody. It’s good to have a plan to mitigate that, whatever that solution might be. I would hope that it would be us.

    Interviewer: Can you talk more about some specific categories; what they are and how what developers should be looking for.

    Darren: Yeah, in addition to fraud and just general site abuse, we also offer categories for tracking gold farmers which would be specific to MMOs. It would allow you to stop users from gold farming on your application and also creating new accounts in farming gold with the new accounts as well.

    Interviewer: You know, is gold farming an issue if you’re not able to sell the coins outside of the game?

    Darren: Oh, sure. I mean, it’s just like any other abuse. People use their gold to abuse the game in all sorts of ways, and they can sell the gold outside of the game for monetary value.

    Interviewer: And you were talking about how there are actually complicated rings, and so your system can detect all those things?

    Darren: Oh, absolutely. It seems like gold farming is almost always run by a ring. It can be a very expensive operation so they go the cheap way farming gold and then sell it on other websites. We’re able, too, by tracking device account associations and website associations, we allow you to block the entire ring because typically they reuse devices and reuse accounts all the time. We track all of that. So you block one, you block them all.

    Interviewer: Thank you very much.

    Leave a reply