Video gaming is perhaps not the first area which springs to mind when it comes to cybersecurity and digital identity, but an increasingly fraught picture has started to emerge over the last several years – one with which the mobile industry is well placed to assist.
It emerged last month that, in fact, among the ten largest data breaches of the century so far was one affecting gamers, when the private data of over 77 million Sony PlayStation users was hacked. The breach was devastating for platform and customers alike: hackers gained access to names, passwords, emails, home addresses, purchase histories, credit card numbers, and the site had to be closed for a month so Sony could assess the damage. This caused the company to lose more than $171 million in revenue.
A smaller – but still enormous – breach came to light last year, in which hackers stole the login details of 2.5 million Xbox and PlayStation users. This had more serious implications than the access to gaming profiles alone. “The prevalence of password reuse means that a relatively benign site can hold credentials that unlock far more valuable resources, for example, email or social media accounts,” warned security expert Troy Hut at the time.
This is a widely recognised phenomenon – in fact, online gamers are a particular target for cybercrime because they are notoriously likely to observe poor password security through reuse across multiple accounts, and a recent survey found that 53% take no additional security precautions when using public-access WiFi.
It is not however only malicious breaches which are of concern in gaming – as online gaming continues to expand among young children, there has been a growing incidence of unauthorised payments by minors. In one case earlier this year, a father in the UK discovered that, having left his bank card details saved on his son’s Xbox, nearly £700 was lost to online shooter game Fortnite. The boy was able to make 81 separate purchases while gaming before the account holder became aware; a spokesman for his father’s bank expressed sympathy, but refused to refund the charges, pointing out that no contravention of his terms of service had actually taken place.
The stark reality was that the parent had not taken sufficient steps to ensure that only he could make those payments within his household, and it cost him the price of a short holiday.
So how can operators help? When the most recent mass theft of PlayStation and Xbox data took place, Robert Capps from NuData Security warned that “this data is likely to be sold on the Dark Web and used for future cybercrime – it’s a good reminder to choose unique passwords on all sites that require registration.” Sadly the first part of Mr Capp’s warning is doubtless correct; however we at the GSMA are less sure about the second part.
Our own research indicates that users are increasingly weary of remembering multiple passwords as it is – with 87% saying they would prefer to remember just one single strong login, and a similar figure admitting they have left a website when asked to create a new username and password. The evidence suggests that moving to increase the number of details users must remember does quite against the grain of consumer demand.
What is needed is not additional burdens to account holders, but increased convenience. As the digital economy as a whole tends away from the old model of usernames and passwords, the gaming industry should move with it and make greater use of more secure methods. By pairing users with a device they typically carry about their person at all times as a matter of course – their phone – the mobile industry’s joint endeavour to protect its customers’ digital identity online, Mobile Connect, achieves precisely that.
As mobile banking, online retail and digital payments for travel and leisure make greater use of the solution, now rolling out at a rate of one new operator per month, it is increasingly clear that the gaming sector should abandon its adherence to the password model – and give its users a safer and more seamless method of experiencing online gaming. The mobile industry stands ready to build those partnerships over the new year, and looks forward to doing so.