Pages

Tuesday, February 1, 2011

MMORPG's: How To Stop Gold Sellers and Account Hackers

Here's a video that more people need to watch, especially game publishers and developers.

It's a conversation with Jared Psigoda, a leader in the RMT industry. He's also the individual who informed Markeedragon about the new PayPal & Blizzard relationship that's still making the rounds on the net.



He says that Blizzard has certain trends in their ban-waves. Typically, they occur before an expansion pack launches (as a clean sweep) or when they experience poor quarterly financials. He confirms that Blizzard gets a "huge revenue influx" when a ban-wave occurs, due to the sheer number of accounts requiring reactivation (Note: Monthly fees also double-up meaning twice as many "Active Subscriptions"). These accounts make up a huge portion of revenue for Blizzard as there are hundreds of thousands working in the industry.

Does any of this sound familiar? =]

It's certainly nice to have this officially confirmed by another industry professional.

He also talks about a couple other interesting topics, like which games they avoid (since there's no profit to be made) and how most "hackers" gain access to your online gaming account.

Consider first, though, the amount of money developers spend on managing the aftermath of Gold Sellers and Hacked Accounts:

- Investigation teams need training, benefits, and salaries.
- The amount of time spent investigating accounts and confirming that they are gold buyers/sellers. Or confirming cheating, hacking, etc.
- Money spent on hiring and training large quantities of Customer Support personnel (high turn-over environment)
- More Customer Support staff needed for the amount of farming, cheating, hacking, recovery, etc.
- Blizzard even had to change their own Recovery Process, which goes to show how difficult and unmanageable the situation was becoming.
- The more staff you employ, the higher the risk and/or costs of mistakes (e.g. disgruntled employees, injury liability, employee theft.)
- Stolen and hacked accounts lead to massive customer service issues. Not only is it taxing on the customer service departments, but it is also taxing on their customer retention rates.
- You also have to pay the salaries of the managers who manage these teams, and financial services (HR, Facilities, IT, etc) who serve these managers and employees.

A massive money-eating monster has been created that just addresses "clean-up operations" or the chain-reaction and consequences of something that could have been prevented in the first place. There's a word for that: negligence.

All of those issues can be fixed with very simple solutions.

How To Stop Gold Farmers

- RMT (aka secondary sales) thrives on subscription based games, not games that are heavily micro-transaction based.
- RMT is almost exclusively World of Warcraft. Gold farmers and hacked accounts would suffer greatly if WoW were to change it's model.
- If the game is Free to Play or the developer sells items/gold themselves, RMT companies cannot compete with these developers who can print their own money.
- If people stop buying gold, there's nothing for farmers to sell. So, make gold worthless like how it was done in Diablo 2. (Or find a balance.)
- The more easily you can obtain gold in-game, the more it loses it's value and drives down the profit margin of gold farmers. Eventually there's a point where the value isn't "worth enough" to farm.
- Or leave gold very valuable in-game, but simply make it "soulbound". It can't be traded, but it can be used to purchase expensive services or crafts (that take a long time to develop and collect soulbound materials for) from other players. Prices for these services/goods would be fixed as well. Or the gold can be used to buy valuable items/gear, but from NPCs instead of real players.
- Make all items Bind On Pickup, so that epic items cannot be traded.

The best solution, however, is just for developers to sell the gold themselves. It's a quick way to shutdown the virtual trading industry.

This probably won't happen with World of Warcraft, considering the verbal commitments already made to their customers - but it's a viable solution for their next-generation MMO (considering the gameplay approach and plans on increasing "real world" interaction).

How To Stop Power-Leveling Services

One of the problems that RMT has been facing (for power-leveling services and hackers alike) is IP-based account locking. When an IP suddenly changes, the account is locked, and the owner of the account needs to call Blizzard to unlock it.

Unfortunately, Blizzard has also taken it upon themselves to take additional proactive (provocative?) measures, like cancelling credit cards of innocent players overseas and screwing them over.

Nevertheless, IP based account locking is a very effective process. It's geography based at the moment, but what if they made it for location specific? For example, limiting it to a specific ISP (in case the user has a dynamic IP address) but allowing them a maximum of 2-3 different IP address "registrations" in the same geography. The other option is MAC Address locking, but maybe allow a maximum or 2 PCs and additional ones require online approval and an "identity check".

It's one option that shouldn't be a nuisance for most players anyways. =]

How To Stop Gaming Account Hackers

This might surprise many of you. According to Jared, account hacking due to key-loggers isn't as significant as account hacking due to your gaming websites.

The problem is, most players use the same email address from World of Warcraft and they register it on other websites, forums, or gaming communities. They typically use the same password as well. That's how most WoW (and other) accounts are hacked.

Chinese hackers primarily target gaming websites and forums and steal user database information. Some of the gaming news sites (forums, communities, etc) are aware of the breach, however they don't tell their customers. Others might not be aware of the breach, and Chinese hackers may frequently revisit the database due to it's ease of access.

I don't own an Authenticator, but I have multiple WoW accounts. The reason I've never been hacked in 7 years is because I use a unique email address for each WoW account, and I have never re-used the same email account for anything else online. I have over a dozen different email addresses that I use for different purposes, and about 40 other "online identities" that have no interconnectivity. Passwords are never the same either.

If you want to substantially increase the protection of your WoW account right now, register a new GMAIL address right away, create a unique password, and change your WoW email address/login ID to the new GMAIL account. Your WoW account password should also be changed to something unique. And, of course, make sure to scan your PC for key-loggers before starting all of this. 20 minutes of work now will save you days of potential aggravation in the future.

Since most players don't know this, Blizzard needs to force a change in their customer behavior in order to reduce account hacking. After all, it will benefit their customers as well as themselves (in a huge way.)

Here is Jared's solution that can prevent 90% of hacked accounts (from a developer perspective): FORCE PLAYERS TO CHANGE THEIR PASSWORD EVERY MONTH.

Alternatively, Blizzard could "educate" players at the login screen to change their password. Or make it very easy at the login screen to change their password, but gently remind players to change it every 60 days for example. If they were to force players to change all of their passwords right now, they would see a HUGE and immediate impact to the number of hacked accounts.

More people need to get this knowledge across to Blizzard. If there are enough people demanding the change, the more positive impact it will have for at-risk players (and only serves to help Blizzard.) Unless, of course, there's more revenue to be made from simply selling authenticators.