Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gamasutra: The Art & Business of Making Gamesspacer
arrowPress Releases
If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Monitor, Analyze, Block: The Anti-Fraud Trifecta

by Marko Oksanen on 04/30/14 03:11:00 pm   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.


As any developer knows, the mobile game economy is like a virtual version of the “Wild West.” There are huge opportunities and loose rules as rapid growth outpaces the industry’s ability to enforce restrictions. It’s an exciting landscape, but one that attracts its fair share of bandits. Fraudsters - mobile gamers who use bots, scripts, and proxies to avoid in-game purchases, or who hack into games’ code to skip levels - are becoming a widespread problem that affects developers.

Fraud fractures the mobile gaming industry’s value-chain, compromising app developers’ reputations, skewing traffic metrics, and inflating the value of in-game virtual currency. In short, it’s an issue that developers are looking to combat.    

The good news is that it’s well within our reach to limit fraud in mobile games – even fraud that extends beyond the advertising realm. Taking action is the most important first step in protecting your game and monetization strategy. Unsure where to start? Here is a three-pronged, anti-fraud strategy recommended for all developers:

Monitor, Analyze, Block: The Anti-Fraud Trifecta

1. Monitoring: While protecting your game from fraud is most effective when all stakeholders - publishers, platforms, ad networks, and payment providers – contribute, you can have a huge individual impact as a developer. A good place to start is to use a high-quality monitoring system that keep tabs on your traffic and prevents users from creating fake accounts.

Good monitoring systems detect suspicious traffic using a variety of indicators: user information, third-party scoring information, country, IP, ISP, language, and device attributes and specifics. Systems should be designed in such a way that suspicious but legitimate users are also detected. A certain number of false positives are a sign of a monitoring system that’s loose enough to detect suspicious behavior, whereas zero false positives might indicate that the wrong triggers are being measured.

Also ensure that your partners, such as ad networks and payment providers, are informed of your measures so that they can adjust on their end, as well.

2. Manual analysis & blocking: Fraud protection will always require some manual effort. Good monitoring systems should point out suspicious traffic automatically, but manual analysis on a regular basis will reveal fraudulent behavioral patterns that can then be used to design more advanced blocking rules.

Analysis can even give insight into the behavior of special user segments like whales or power users, whose large-transaction, high-frequency behavioral patterns might appear similar to those of fraudsters.

3. Automatic blocking: Automatic blocking rules are time-effective and convenient – that is, if the blocking rules are based on solid data. Smart blocking rules are based on prior analysis and designed to identify and block fraudulent users who employ bots or scripts.

Automatic blocking system should treat users differently based on their level of suspicion, implementing additional protection rules to especially suspicious users. These rules should also block fraud as late as possible in the transaction process. Fraudsters who can immediately gauge whether their attempts at fraud are successful are more likely to continue attempting fraud, while fraudulent users who are forced to wait for a response are less likely to invest time in adjusting their bots or scripts and reattempting.

A fraud protection system based on the synergies of monitoring, analysis, and blocking won’t only pinpoint fraud, but also minimize users’ inclination to commit it in the first place. By implementing preventive mechanisms throughout the user flow of your game, cheating the system becomes evermore difficult and time-consuming. Having your users play your game the way you intended – and enjoy the experience – might just become the new result. 

Related Jobs

Insomniac Games
Insomniac Games — Burbank, California, United States

Technical Artist - Pipeline
Insomniac Games
Insomniac Games — Burbank, California, United States

Engine Programmer
Legends of Learning
Legends of Learning — Baltimore, Maryland, United States

Senior Gameplay Engineer - $160k - Remote OK
Bytro Labs GmbH
Bytro Labs GmbH — Hamburg, Germany

Senior Product Owner / Live-Ops Owner (f/m/x)

Loading Comments

loader image