Mobile Connect Offers Solution to the Risks of Online Gaming

December 4, 2018

Blog

Video gaming is perhaps not the first area which springs to mind when it comes to cybersecurity and digital identity, but an increasingly fraught picture has started to emerge over the last several years – one with which the mobile industry is well placed to assist.

It emerged last month that, in fact, among the ten largest data breaches of the century so far was one affecting gamers, when the private data of over 77 million Sony PlayStation users was hacked. The breach was devastating for platform and customers alike: hackers gained access to names, passwords, emails, home addresses, purchase histories, credit card numbers, and the site had to be closed for a month so Sony could assess the damage. This caused the company to lose more than $171 million in revenue.

A smaller – but still enormous – breach came to light last year, in which hackers stole the login details of 2.5 million Xbox and PlayStation users. This had more serious implications than the access to gaming profiles alone. “The prevalence of password reuse means that a relatively benign site can hold credentials that unlock far more valuable resources, for example, email or social media accounts,” warned security expert Troy Hut at the time.

This is a widely recognised phenomenon – in fact, online gamers are a particular target for cybercrime because they are notoriously likely to observe poor password security through reuse across multiple accounts, and a recent survey found that 53% take no additional security precautions when using public-access WiFi.

It is not however only malicious breaches which are of concern in gaming – as online gaming continues to expand among young children, there has been a growing incidence of unauthorised payments by minors. In one case earlier this year, a father in the UK discovered that, having left his bank card details saved on his son’s Xbox, nearly £700 was lost to online shooter game Fortnite. The boy was able to make 81 separate purchases while gaming before the account holder became aware; a spokesman for his father’s bank expressed sympathy, but refused to refund the charges, pointing out that no contravention of his terms of service had actually taken place.

The stark reality was that the parent had not taken sufficient steps to ensure that only he could make those payments within his household, and it cost him the price of a short holiday.

So how can operators help? When the most recent mass theft of PlayStation and Xbox data took place, Robert Capps from NuData Security warned that “this data is likely to be sold on the Dark Web and used for future cybercrime – it’s a good reminder to choose unique passwords on all sites that require registration.” Sadly the first part of Mr Capp’s warning is doubtless correct; however we at the GSMA are less sure about the second part.

Our own research indicates that users are increasingly weary of remembering multiple passwords as it is – with 87% saying they would prefer to remember just one single strong login, and a similar figure admitting they have left a website when asked to create a new username and password. The evidence suggests that moving to increase the number of details users must remember does quite against the grain of consumer demand.

What is needed is not additional burdens to account holders, but increased convenience.  As the digital economy as a whole tends away from the old model of usernames and passwords, the gaming industry should move with it and make greater use of more secure methods. By pairing users with a device they typically carry about their person at all times as a matter of course – their phone – the mobile industry’s joint endeavour to protect its customers’ digital identity online, Mobile Connect, achieves precisely that.

As mobile banking, online retail and digital payments for travel and leisure make greater use of the solution, now rolling out at a rate of one new operator per month, it is increasingly clear that the gaming sector should abandon its adherence to the password model – and give its users a safer and more seamless method of experiencing online gaming. The mobile industry stands ready to build those partnerships over the new year, and looks forward to doing so.

Back

Report: Mobile Connect Turbocharges New Services How Turkcell’s mobile authentication service is helping Turkey’s start-ups to grow This case study explores how Turkcell is harnessing the global Mobile Connect authenticatio...

Read more | See all Identity Resources

Identity Hangout: Decentralised Identity – Material The GSMA Identity team was joined by Andrew Tobin from Evernym to discuss the role of identity and the mobile industry in decentralised identity. Presentation Audio...

Read more | See all Identity Resources

MWC19 Barcelona Seminar Presentations The industry seminars at Mobile World Congress have developed a reputation for being one of the leading ways in which to discover the plans and motives of any given market. Below...

Read more | See all Identity Resources

Mobile Connect Platforms & Operations services The GSMA offers a series of technical platforms and services designed to help mobile network operators and service providers deploy Mobile Connect successfully. This document co...

Read more | See all Identity Resources

The Identity Guide to MWC 19 Barcelona With mobile internet traffic accounting for more than half of all global online traffic, the nature of digital identity is changing. Our impressions and personal information are ...

Read more | See all Identity Resources

Presentation: Identity Hangout Delivering Identity Services The first Identity Hangout: Delivering Identity Services on 5 December explored the value and commercial scalability of mobile-based identity services. The online event was targ...

Read more | See all Identity Resources

Biometric authentication is getting stronger – so we’ll be seeing David Pollington, Head of Service Access, Identity, GSMA Biometric authentication has been around for some time but is now becoming mainstream. Why? It’s mostly down to the wea...

Read more | Visit Identity Blog

Digital Identity: if you Streamline it, They Will Come Digital startups face all manner of challenges, and identity is no exception.  However strong the service offering, if registration and login processes detract from the user exp...

Read more | Visit Identity Blog

Flash News: Multi-factor Authentication Gains Traction Report says SMS is the most widely used method of adding an extra layer of security Almost 30% of businesses are now using multi-factor authentication to enable customers to acce...

Read more | Visit Identity Blog

News Flash: Big Names Back Digital ID Start-Ups SoftBank, Salesforce, Microsoft & PayPal make strategic investments in ID innovators SoftBank Investment, Salesforce Ventures and M12 (formerly Microsoft Ventures) all partic...

Read more | Visit Identity Blog

News Flash: Australia Accelerates Digital Identity Push Federal government allocates additional funds for myGovID system Australia’s government has injected a further AUS$67 million (US$48 million) into the development of its myGovI...

Read more | Visit Identity Blog

The Future of Digital Identity is Simplicity, Decentralisation and Con Last year was a complicated one for digital enterprise, with highlights and more bracing moments – and at the centre of that developing picture has been digital identity. On on...

Read more | Visit Identity Blog

Identity Hangout: Controlling fake online identities June 12, 2019 Hear what´s new in the identity space. This Hangout will focus on fake online identities and how the mobile industry can help control it....

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2019 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.