The gaming industry is ripe for identity theft and fraud, thanks to the enormous amounts of money spent on games and in game purchases every year. Gaming accounts are also packed with data, like addresses, email addresses and credit card details that are all very valuable to would-be identity thieves. You can make your game and gaming accounts more secure with some simple tips.
DDOS attacks are very common, as they are reasonably easy to complete. While the tech teams are distracted dealing with downed servers, hackers can go in and scrape account information. One of the largest examples of these attacks is 2011’s attack on PSN users, where the data of 77million Sony users was compromised. The PlayStation Network was down for three weeks while Sony tried to fix the breach. The store was offline for months, and Sony lost an estimated $171million. Breaches like this cause big problems as well as lost revenue. Brand reputation is damaged, customer trust is lost and players may move away from a game studio.
Account theft is another common security risk, especially in large games like World of Warcraft or Counter Strike. Weapons and gear in these games can have a high value in the real world, making account theft a lucrative hack. Via malware, hackers lock players out of their accounts and sell off their hard earned gear for real world currency. There’s also a risk of the credit card associated with the account being accessed too, making account theft an easy way to lose a lot of money.
It’s important for game developers to take security seriously, with strong servers, proper firewalls and an identity verification service for your clients’ protection.
Game admins should log in to the web servers locally, through a properly secured connection. For a secure connection, you’ll need security tokens with a restricted sign-in. Never open sensitive game information, like player data, through a public connection or a public computer. If you need remote access, use an SSH key.
Firewalls are software or hardware appliances which control the servers that are exposed to the network. Firewalls block access to any port that isn’t publicly available. They work as an extra layer of protection by limiting the parts of the game that are vulnerable to attacks.
Intrusion Detection System
Administrators should periodically perform file level audits, to find hidden intruders. By auditing the files, you can be sure that another user or program has not been able to make any changes to the game files. You’ll be able to see if any files have been altered.
Security And QA
Your should consider the security of your software system for the entire lifecycle of the project. Data protection, authentication and authorization are important for user trust. QA services should be made up of localized and network security measuring, to assess any vulnerabilities or risks to the system. These measures should continue after product launch, into support maintenance and regression testing.
Mobile games are becoming more and more popular every year. As popularity increases, so does the demand on mobile functionality and relied usage. This means that target security is incredibly important. As mobile often have payment systems, ID authentication, fingerprints and eye recognition, protecting customer data should be a priority.
Product Specific Security
Your testing protocols and product assessment should customized to fit your needs and concerns for the product. If you’re using newer technology, standard pre-made security testing systems may not serve your needs, even if they are trusted options. Instead, opt for a customised approach to fit your hardware, network and security concerns.
Some games must pass a specific certification. If you know yours will, set up custom test parameters that include these requirements. This can help you to avoid the delays and extra costs of having to revert back to the design phase if the game doesn’t pass. If you know the product will need ISO, PCI DSS or Section Compliance, build this into your testing criteria so you can feel confident in the security of your product from a much earlier stage in development.
Use an in-depth automation script that will test for the most commonly found vulnerabilities from the web, mobile or server software. This rigorous test will automate an attack on your system, allowing you to uncover any security concerns or possible problems. You can then fix these issues early, before the product is ready for release.