Host Devin Becker is joined by Zach Nass, Head of Gaming at nSure, to discuss the complex and evolving landscape of payment fraud prevention in gaming. Zach shares insights into why fraud in gaming has become such a critical issue today, the unique challenges posed by game-specific economies and marketplaces, and the importance of nuanced, adaptable solutions to secure transactions.
We unpack how AI and machine learning are used to identify patterns and predict fraudulent activity, and also touch on how fraud prevention strategies are evolving to better handle the decentralized systems of web3 and cryptocurrency transactions. This episode provides an in-depth look at the future of secure gaming payments — and the technical processes that nSure employs to detect and prevent fraud — so you can stay ahead of fraud cutting into profits.
We’d also like to thank Heroic Labs for making this episode possible! Thousands of studios have trusted Heroic Labs to help them focus on their games and not worry about gametech or scaling for success. To learn more and reach out, visit https://heroiclabs.com/?utm_source=Naavik&utm_medium=CPC&utm_campaign=Podcast
This transcript is machine-generated, and we apologize for any errors.
Devin: Hello everyone. I'm your host, Devin Becker. And today I'm delighted to be joined by Zach Nass, the head of gaming at Nsure.ai. Nsure.ai uses adaptive AI to help games prevent payment fraud.
And so today we're going to be talking about issues around handling payment and fraud in games. So just to start things off, Zach, could you quickly go over your background, uh, the origins of Nsure.ai and what you guys do today?
Zach: Absolutely. Thanks for having me, Devin. Really happy to be here. So, my name is Zach.
I am the head of gaming at Nsure.ai. A little bit about my background. I, I'm a huge gamer as you could probably tell from what's behind me. Always knew I wanted to be in games at some point, but when I came out of college, it wasn't quite the, uh, behemoth industry that it is now. And didn't really know what else to do.
So I went into consulting, which is a good thing to do when you don't know what to do, but always knew at some point I'd try to make my way over to gaming. So an opportunity came up a few years down the line. I had an opportunity to intern at Riot. So I moved out West and set up shop there.
I spent about four or five years at Riot, both on international strategy and publishing. I then moved over to Google, where I did some partnerships work, kind of helping coordinate all the different business units at Google and do bigger and better things for the gaming industry. It was at that point that I sort of got into the payments space.
I joined a company called Coda Payments, who's very big in Southeast Asia. They were looking to expand their marketplace into the U S I'm sure we'll talk a little bit more about kind of the whole DTC marketplace trend, but that was kind of my origin of getting into the payment space.
And then, as I got more into it, I got even a little bit deeper. So now I'm focused just on the fraud space within that broader trend. And that's what we do at Nsure.ai. A little bit about the company and the origins of it. It actually started out as a gift card company. It was a gift card marketplace where you could go online and buy gift cards for your favorite stores and brands and things like that.
And they were getting hammered by fraud and they couldn't find a solution that worked in this digital goods prepaid space. So they ended up building their own, and over time they're like this is an interesting business model in itself, kind of more interesting in some ways than being a gift card marketplace, why don't we spin that off?
And that becomes Nsure.ai. And so that's how we became who we are today.
Devin: Awesome. Quite the origin story there for, for both yourself and the company. Just it's a topic we don't get into a ton around gaming, which is why it makes it interesting here.
And so I want to better understand what are some of the major issues with payment fraud, you know, like it's a topic that just people maybe don't think about as much, why is it important, especially today? Like what, what's changed? Why is payment fraud, like a big deal to worry about?
Zach: Yeah, it's a good question.
I think there's kind of two main answers to that and why it's, it's much more important today. The first is just being, if you look at the macro lens of gaming and how it's difficult right now, and a lot of companies are struggling. It's really important to make sure you maximize the profit that you keep.
And I think, you know, if you look five years ago, the gaming industry was growing, more and more eyeballs were available, you know, yes, people kind of knew they were paying a lot of money to Google and Apple and other service providers and things like that, but that was okay. That was the cost of doing business and they were growing, and it looked fine.
And now we're in a world where things are contracting. Things are, budgets are tighter. And so there's more scrutiny going on. Hey, am I really, Getting as much value out of, you know, my sales as I actually could be. that's putting a lot more emphasis on, on the fraud part. and then kind of combined with that is the whole trend towards DGC as more and more companies are trying to figure out how do we go direct to consumers?
How do I open my own web shop? And that's the part of it, but you got to get deeper. And then there's all these other aspects below that, you know, how do I collect taxes? How do I, you know, do refunds? And one of those being, how do I handle this payment fraud that before I didn't have to worry about?
There were, you know, other people are handling it for me. Now it's going to be a big part of, uh, of our operation.
Devin: Makes sense. As people kind of want to sort of free themselves from the shackles of Apple and Google and other payment processors, that also means they got to handle themselves. And then they figure out, of course, that's one of the things that was being handled for them for a pretty hefty fee.
So I guess the question is then, you know, especially when we're talking about hefty fees or anything like that, how does Nsure fit into that process and how does it help?
Zach: Yeah. So we work in a few ways. We typically partner with either marketplaces or merchants of record, , kind of whoever carries the bag, you would say for that transaction and making sure that the goods are delivered and the funds, you know, are remitted appropriately and so we would partner with them to make sure that the transactions that come in are legit, um, and that they are keeping out the bad actors, approving as much as possible, the good actors and, , keeping the charge backflow. And there's kind of two aspects of it because on the one hand, you want to, you want to minimize your chargebacks, right?
You want to minimize fraud and make sure you're keeping as much money. But if you turn that dial too tight, then you're, you're nothing comes out. Then you're, you're blocking too much traffic and your approval rate suffers. So you end up turning a cost problem into a revenue problem. So it's really hard to find that sweet spot and find that dial.
And that's exactly where we fit in to help people figure out, you know, based on their customers, based on their traffic based on what they're selling. Where to tune that dial appropriately.
Devin: Well, when it comes to fraud prevention, like in, in online payments, right? There's different kinds of industries that have to deal with this in different ways.
What really distinguishes fraud prevention in games from those in like e commerce, casinos, online, any of that stuff where it has to maybe deal with it differently.
Zach: Yeah. So the problem that we're trying to solve is what we would call scalable fraud and then scalable fraud occurs in a world where there's little, you know, KYC or identity checking, the goods are delivered immediately. So when you go on a marketplace and you buy a CD key, it's delivered to you immediately and you can immediately go and turn it around and sell it somewhere, you know, possibly on the black market or a gray market or something like that. So in that case, you're in a situation where you have very little time.
To decide, you know, is this a good transaction or not? Because, you know, as a player, you expect the code to show up in your inbox immediately. You don't want to wait till tomorrow or the next day for it to show up. You want it right away. So that puts the pressure on the seller to really make a good sound decision in that, in that instant.
Yes, this looks good or no, this looks bad in traditional e commerce. If you're, you know, buying a TV or sneakers or whatever, there's more time to evaluate this transaction before the good physically ships there's more things you can verify in that case, you don't have that time in a digital good, you know, landscape, you have to write that, it's similar with casino gambling, in some ways it attracts a lot of fraudsters, but in some ways it's a little less risky because there is a lot of KYC and there's a lot of hoops you have to jump through when you're online gambling.
They know exactly who you are and kind of where that money goes. In our case, you know, when you, when you sign up. All you need is an email address. You don't really need to put your real name. You don't need to put your real address or even just your username that you, you know, very, very fast.
Then you can make a transaction easy.
Devin: Okay. Well then I guess the question I have is, you know, in this whole payment flow system, going from, you know, the user putting in payment information all the way to money being extracted and sent over to essentially the game developer, where do you guys fit into that payment flow process, pre bank, post bank, , after information put in all that stuff, where does it fit in?
Zach: Yeah, there's a couple ways we can work, and it depends on how our partner wants to work and, you know, what their risk tolerance is. And, you know, at the risk of boring the people out there listening with too much information in the weeds kind of the two main areas, like you said, are pre auth or post auth.
So when a transaction gets sent, it gets sent to the bank and the bank does a quick check. Check on, Hey, does this card have sufficient funds? Is it's a known, you know, set of cards that we know is flagged for fraud. But the, but that's about it. There's not too much more, uh, scrutiny going into it than that.
So where we typically like to sit is after that. The bank says, yep, okay, there's enough money on that card and it looks like a fine card, but we haven't captured the funds yet. So we sit in between and then it gets sent to us and we take a look at it. And based on all the data that we see, we say, okay, yes, we agree, you know, with the bank that looks like a good transaction.
Go ahead and capture it. Or nope. There's some red flags here. We don't think this is legit. You should not capture it. We can work free off to some, some of our partners do like to do that because it actually sends cleaner traffic to the bank, which can have some benefits and how you're. Risk profile looks to the issuers. The trade off is there's a little bit less information usually that we know about the transaction at that time. They kind of just have a little trade off there, but it really just depends on how the, how our partner wants to do it.
Devin: Well, then the risk of getting further into the weeds here, you know, you talk about verifying users and, and trying to understand whether or not it might be fraud and things like that.
Can you walk us through that process, at least, you know, in level of detail It makes it a little clear how this actually works, and how you analyze the user, how you analyze the payment being made, or whatever other kinds of things you're doing that's help deciding whether or not to verify that transaction.
Zach: Yeah, in this new world, we think that behavior is actually more indicative nowadays of fraud than, you know, What the transaction data says. So legacy providers that a lot of people are probably using as part of this suite of services they get from, you know, Stripe or add in or whoever else they're using for their payment processing. A lot of that is, is getting past transactional data. You know, what's the card number? Does it, does the billing address match what they put into the system? Does the CVV code work? It's kind of just. Hard numbers and data matching up and making sure that works. And that gets sent. It's pretty easy now to kind of get around that based on a lot of those fraud rings that we see and how sophisticated they are at stealing credit cards and finding them in the black market.
So that part has become less accurate in, in, in saying, Oh, this is fraud. And I really, what we think is the future and where we're trying to push it on the behavioral side. So understanding. How does this person interact with the website? Do they look like a fraudster? Do they, you know, do they copy and paste a bunch of things really fast because time is money and they're just trying to, you know, extract some value out of it?
Or do they act like you and me, where we're fumbling to, you know, find our credit card number and, Figure out what our user ID is and what realm we're on, you know, we act very differently than someone who's looking at this like a job and how they're going to get money out of it. And so it's all those signals that we can pick up on that.
A lot of the traditional vendors aren't looking at, and that's what helps make a better decision, and so all that information gets fed into an AI model that comes up with the right answer. Yes, we think that's a good transaction or no, this looks, this looks suspicious.
Devin: You know, speaking of all the different ways that you guys are trying to understand the user, I guess the most important one, especially these days, you know, is what role AI machine learning plays in the fraud detection process, like an understanding those different variables, how you understand stuff about the user and, and how you train that model really.
Zach: Yeah. I think, you know, in the past, a lot of it was trial and error. A lot of the legacy systems that, you know, we, we used or rules based Look at things and say, okay, if this card has been used five times in the last 24 hours, you know, add a certain risk score to it. And if the postal code doesn't match, you know, what's on file, add this risk score to it.
And then at some point it crosses a threshold and you say, okay, this looks bad, but it was kind of humans. It's kind of us in the background saying, well, you know, should that threshold be five times in the last 24 hours? Should it be three times in the last 24 hours? And should it be adding? 10 points of risk score.
Should I be adding 20 points of risk score? You know, it's, it's a lot of trial and error to get this thing just right. And that's, you know, where the machine learning and the AI can really come in and, and, you know, Automate that process and, and figure out what the right answer is for that. And the other benefit of it is you can just throw so much more data at it.
You can imagine when you have all these rules, they got all these branching paths and at some point you kind of, you lose it, right? It's too much for a human mind to comprehend what we can do is we just say, Hey, throw us all the data, throw us what the transaction data looks like, throw us what the behavioral data looks like.
Anything that looks relevant. And just. You know, let the AI do its thing and it will come up with the best model that picks up on the faintest signal of a fraud. That'd be very hard for you and I to figure out on our own.
Devin: So in a way you're kind of scaling up sort of that human. Decision making in a way like where it's looking at lots of things that might be more subtle, but in a way that you probably just couldn't do at any kind of scale with a human, like, you know, what banks kind of used to try and do.
And then of course they move to more automated stuff, and maybe, I don't know, maybe they'll be using AI machine learning stuff if they aren't already in some of that decision making, but that sounds like that makes sense. Where are you generally getting the kind of data to train this? Are you training it off real transactions that are happening with your platform or is it ones that you have trained it on?
Prior to it. I mean, obviously you don't have to get into the secret sauce if there isn't any there, but I'm just trying to understand where this data comes from to train that model.
Zach: No, we, we train our models on each partner specific data. And so there's some third party consortium data out there that is shared across the industry.
And a lot of people leverage that too. And we obviously look at that. What we really find the value in is. Taking each customer's data and looking at it specifically because there's so many differences even if you're a gaming marketplace, I'll make it up right but if you're if you're selling, you know robux or you're selling I don't know Red dead redemption cd keys or something like that So your traffic might look very different and your demographic might look very different.
And when in game events happen, that looks very different, right? And people might be saving up and you'll see like no transactions for a while, then the event will happen and boom, you get this big spike. And something that's not trained, you know, to, to understand that that's a normal behavior pattern in gaming, would look at that spike and be like, okay, something wrong is going on.
Let's block all that traffic. And then you get very angry gamers who are like, Hey, this is not working. Big, you know, loot drop just happened and I can't seem to get it. Um, and we definitely don't want that to happen. So understanding each of our partners, unique mix of business allows us to really identify, you know, what the trends are and make those more accurate decisions because, because both are bad, right?
You can say, we don't want to let the bad traffic in, of course, cause you're going to get charged back. But it's equally as bad, you know, as a player, I'm a player. It's equally as bad if you reject. Legit traffic too, because then, you know, I don't get to play with my new skin that I've been looking forward to.
So it really does have an impact on the player experience as well.
Devin: So when you're talking about these, these transactions that are being made. If, if a player has made transactions before, does that make it a lot easier to validate in the future? Is it, is there something where you also have to look for down the road?
Odd behavior with a player that has been known to be good before. Like, let's say, you know, their card gets, Stolen or someone hijacks their account, which is, you know, account hijacking might even be something more prevalent than credit card fraud at this point. Is that something you guys are constantly checking, , the account every single time, but also like taking into account their previous behavior?
Zach: Yeah, definitely. So, I mean, age of account and how many hours they've logged and, you know, past purchases and things like that are. Definitely a very important indicator, but this is fraud, but you got to be careful because we see some very sophisticated, uh, scams or fraud rings where you'll have an account that's in good standing, you know, and because what will happen is some somebody will reach out to.
Say your grandma, you know, on email. So, Hey, open an account on, you know, roadblocks or whatever. That's all you have to do. Don't do anything else. Just open an account for us. And that's it. And now the account will sit there for a long time. Nothing suspicious will happen. So you've got an account now that looks fine, you know, for two years.
It seems like a normal account. Maybe there'll be a few transactions here and there that look normal. It looks good. And then one day, you know, boom, you'll just see all these spike in traffic coming on. And again, you have to know, okay, is this because there's an event and this is, is this real or no, this, this is suspicious, you know, this account was very dormant for a long time.
All of a sudden now it's doing a lot of traffic how do we, how do we make that decision? So, you know, those behavioral patterns are very important and. The more data you have about the player, um, as well as the transaction and behavior, the more accurate decision will be at the end of the day.
Devin: What is it that's motivating this type of fraud usually?
And what kind of behavior are you seeing around it? I mean, you mentioned these sort of things where people like flood in all these transactions like that. What is the general behavior and motivation behind that, that you've seen at least so far?
Zach: Yeah, it's making a quick buck. I mean, people have made.
Lots of money , on these kinds of scams. And again, going back to the definition of scalable fraud and why that's different. So, you know, in the past you might have a phishing attack, right? And, somebody gets your account ID and password, so they log into your account and they make a fraudulent purchase or something, but.
Usually you catch that pretty quick, right? You get an email, you say you realize your account was stolen and you close it down pretty quick. The damage is somewhat minimal and that fraudster then has to wait until they find the next victim to go after. In our case, what we're looking for are these.
Vulnerabilities in the billing systems itself because of the transactions that allow many, many, many transactions to happen at once. And so, you know, going back to that rules based system, these fraudsters are smart and they're, they're learning too, so they know, Hey. This site can't use that credit card more than four times or flagged it.
So they just do three times and then they go on to the next credit card and just do it three times. They go the next and they tell all their friends, you know, in the fraud ring, hey, go to this site and you can now that's amazing stuff. That's the type of fraud that we're looking at, and again, you, you don't have that much time to make a decision and it happens very fast and in a day or two.
You know, thousands of transactions could come in that you're now on the hook for.
Devin: I mean, are there any particular games or marketplaces that require a different approach or more nuanced approach? Cause I mean, you're talking about just games in general, but there obviously are different types of purchases, different types of genres that might have different types of purchases, but then also different marketplaces, you know, talking about DTC ones or different ways people might be purchasing things in games.
Zach: Yeah, there's different risk profiles that usually depending on the type of product that's behind it. So, for instance, if you're buying something that's tied to an account, like I'm buying a skin and it's, you know, being delivered into a specific account, usually that's a little less risky because. You know, the processor would basically have to have a buyer already kind of lined up on the back end and, and tell it which account to go to.
And that does happen. Don't get me wrong. Like that still very much happens. You'll find these Facebook groups that are WhatsApp groups or telegram groups that do that kind of thing, but the really risky products are more of the CD keys, the codes that get emailed, right? Because those, you don't need to have a buyer necessarily right away.
Once you get the code, you can then go flood the market and go figure out how to dispose of them, and so that's usually a riskier product, you know, similar to how that's different from physical goods, right? If you're going to steal a bunch of iPhones, you got to unload them somehow. And that's hard, right?
But when it's a CD key or a code or something like that, that's very easy. You know, you just go back on, on their WhatsApp group or your Facebook group and. You'll find people that are willing to deal with a shady seller to get a 20, 30 or 40 percent discount of what they'd normally be paying.
Devin: Yeah, it's interesting, you know, just the idea of like how they fence their goods essentially determines somewhat how they, how they go about that fraud process and how you have to validate that.
Zach: That's a good point too, though, because Marketplaces too are specifically risky because they have both the buying and selling risk, right?
So if you're a studio yourself and you're doing this, okay, someone still the, still the credit card to charge back, you've kind of lost. the digital good. Which is bad, don't get me wrong. Like, that disrupts economy, it results in bad experiences for, for players and everything like that.
And there are plenty of people behind the scenes, engineering, and coding, and artists that, you know, make money off the digital bits that are in the ether, but it's pretty bad. Even amplified more for a marketplace to kind of buys goods as like a third party distributor or something and sell them because they've already sunk a real cost.
And, you know, securing the CD codes or whatever they're going to resell. So now that because of the charge back, they get hit on both ends. They've lost the product and they've lost the payment. So a lot of the partners that we work with, are kind of in this marketplace world where there's a real high risk there.
Devin: Yeah, that makes a lot of sense and sounds unfortunate for, for them to have to deal with as something to cut into the profit and hopefully that's something you guys can help with. But speaking of partners in general, I'm kind of curious how you guys work with them because obviously they're not doing this in house.
It doesn't make sense for them to, and you're coming in as an outside provider. How, how do you collaborate to make sure, because obviously you've got to get data from them. You've got to be part of their payment flow. Now, how do you collaborate with a game studio or a marketplace or any of these there's to actually get.
Into that process, get that data, get everything kind of set up.
Zach: Yeah. So. Partners either come to us, with two, two kind of use cases. One is help my frauds on fire. I'm, I'm, yeah, just got hit by a huge charge back. We can't figure this out. Please come help us. And that's a very obvious use case. And, you know, we would ask certain questions about what happened and, Why that came to be and we'd help them.
The, the more subtle use case, it probably is actually the larger chunk of the business that we work with. They're doing okay. Right. They're saying, Hey, my fraud rate's not that high, my approval rates are 70%, you know, 75 percent and the market will tell you that's good. You know, they'll say that's, that's normal for a game and that's normal for the industry, but it's really not, uh, you know, our data shows that 10 percent max, max would be actual fraud.
It's really probably like five or two, but definitely no more than 10. So you should be getting 90%, you know, at a minimum, but it's going to take some extra work to get there. And, and all those things we talked about, all the extra data and the behavioral indicators and all the transaction data, it, it needs to, you know, be flowing in the right way.
So. We like to work both with the studio, the marketplace, whoever our partners, but we also work alongside the payment processor. They're a key part in this too. You know, some of them do have their own fraud tools that, you know, we do get compared against, um, you know, why are we different? Why are we better?
Do I really need both? And the answer is, well, you'd probably choose one or the other, but we don't really view us ourselves as kind of competitors. We do well, we're just different parts of the value chain. And, you know, an in house fraud solution is probably fine for 95 percent of the industry is in goods out there.
But for gaming, you probably want something a little bit, you know, more hyper focused and a little bit more tailored. And so we would say, Hey, work with us, come along this journey with us. And, we have a lot of friends in kind of both the payment space and in the, in the marketplace space and we all collaborate together.
Devin: Nice. Well, hopefully we can just globally reduce 10%. But, you know, prior to working with someone's like yourself or a competitor. Do you have any tips or, or strategies or ways of thinking about this for game developers for marketplaces or anything like that to at least Sort of work to help prevent the fraud as much as they can, you know, prior to that, like, what are some strategies, some ways to think about how to adjust maybe their game, their marketplace, their payment system, anything like that.
Zach: Okay, so the first thing is probably just to ask the right questions and look at your data and see how much money you might actually be leaving on the table, you know, as you mentioned at the beginning, this is something that people are. You're used to looking for, uh, with something kind of new. So step one, you know, what are your approval rates?
What are your fraud rates? And not to say that the payment processors are hiding or obscuring the data, but a lot of times just gets lumped together and it becomes like a small little line item that you don't really look at because you're kind of just looking at the total. So, you know, really dig in there and say, you know, what are my approval rates?
Are they as high as we think they could be? Are we leaving money on the table? And then from there you start digging into. You know, the deeper questions of why is a certain product, the certain geography, the certain payment methods, cause all that can be triaged and sorted out to make sure that.
Across the board, you're, you're getting the best results you can be. And there will be differences, you know, operating in Brazil will have a lot different. Essentially than operating in the U S or operating Europe. And that's okay, but the point is you want to make sure you're maximizing what you can be getting in each of those markets and each of those products and each of those games that you're selling.
So yeah, that's, that's step one. And then finding the right partner is going to go along that journey with you. Some, some kind of view us again as, as competitors. And they say, you don't need a third party tool, but again, you want to use the best. You want to be with most optimized for gaming, so using something that's kind of a legacy solution, good for a lot of industry, but not, you know, not. Set up for what we need here in the gaming world.
Devin: Oh, it's been, you know, deciding to kind of go with a partner or anything like that How would someone even notice that they were having a fraud problem?
You know some a lot of games are so focused on launching on getting these other things up Even if it's just a marketplace It's a lot of work to do all that especially in this sort of startup culture that we often have here They're focused on all that working on all those Tech issues, putting out fires, things like that.
How are they going to even notice or, or know that there's fraud happening? Is it going to be mostly through chargebacks? Is it going to be a situation where, they're just like suddenly see a revenue drop and they're thinking it's something else, but then they like. Would they even need to have like an event to detect, Hey, there was a payment attempt and then it failed and actually have to have that in their analytics.
Catch that. Like how, how do people find out that this is a problem for them?
Zach: Usually you find out because you get a letter from Visa or MasterCard saying, hey, we've noticed that there's a lot of transactions coming through that are fraudulent and you're getting a lot of charge back though, we're going to place you in this special monitoring program where you don't get out of it.
You're going to be charged a lot more fees, and if it keeps going, you're going to get expelled and not able to accept credit cards. So that's a very scary letter to get in the mail. You don't want to get that one. You know, in the bad case, that's kind of when people first figure this out, I think, but most, most more commonly, it's kind of that subtle approach where you're looking at your data one day and you're just saying like, huh, you know, We sold X, uh, we, so it means we should have collected this, but why is our, you know, net revenue only looking like this?
And it takes some forensic investigation to figure out where those leakages are. But you know, that's why this is important. If you're a CFO, if you're a CRO, if you're a head of fraud, like these are the things that you, you know, should be looking for because they can be buried, they can be hidden.
And in today's world, you know, you don't want to leave any money on the table. So. That's kind of where it comes in. You know, if it's really bad, you'll know that there'll be a sign, but a lot of times you got to go hunting for it yourself. And that's sort of the education that we're also trying to do with the broader gaming industry is that this is a dial that you can turn.
And then it really is a dial because it's like saying the goal is not to minimize marketing spend, right? You want to optimize it. You want to spend the most or the least, right? You want to spend the least that maximizes your return. It's the same with fraud. You need to accept some level of fraud because otherwise you're not accepting anything.
So what's that right level that you're, you're pushing it to the marginal increase in fraud, you know, is getting you the maximum return. And it is a dial and that's what people kind of need to understand about it. It's not fraud is not a. A scary thing to eliminate. You'll never eliminate it. It's something to work with, and make it work to your advantage.
Devin: So in terms of the type of fraud we're talking about, a lot of times we haven't necessarily always dug into like what exactly the fraud is. Is it mostly like stolen credit cards or people that are, I mean, I guess I don't know what the other alternative B look, what, what are people doing that is under that umbrella of fraud that you guys are generally fighting against?
Zach: Yeah, stolen credit cards is definitely the main culprit here. It's very easy to go on the dark web and buy a list of stolen credit cards, and they just kind of plow through them and see that it works. The other area though, what's typically called a friendly fraud or service related fraud, and that's when people say, I didn't buy that or, you know, my kid bought that or, I bought it, but you only gave me half the diamonds that, that you said you were supposed to, and a lot of times, you know, the, the banks just kind of accept that.
Cause think of it, think of anytime you have a problem with your bank, you complain to them and they just say, okay. And they refund you the money back and you know, you go about your way, but what you probably don't realize is, is that the, the, you know, the seller is ultimately paying for that. The bank is not using that cost.
They're passing that back to the merchant. So, as a merchant now, you know, anytime that comes through, it's very damaging to your business. You've lost the product, you've lost the transaction value your processor is going to charge you a charge back fee, which can be as much as 15. So imagine that you, it's a 5 transaction and now you pay a 15 charge back face that I've lost 20 for something that's only worth five.
So yeah, that's kind of where it comes into play. And how do you. Identified those friendly fraudsters, because otherwise it looks good. Otherwise the data matches their address, matches, it all looks good until, you know, they come back later. And so we have a term for that. I mean, we call it liar buyer.
That's another fun phrase that, that people toss around when talking about this kind of fraud.
Devin: I like the friendly fraud because it kind of like goes to it being, often an ethical question sometimes or moral one rather than some kind of, you know, imaginary crime ring that we tend to picture when we're thinking about these things, which often is, is, as you said, , it's definitely a difficult thing, obviously, though, that, you know, a lot of this is having to do with banks and the ability to sort of work with banks or prevent banks from negatively working with you.
As web three and cryptocurrency goes up in, in terms of interest. I mean, obviously, especially with the results of the U S election, it has gone up significantly, at least in the short term. That is something that people look at or people that are, you know, can't deal with banks for whatever reason, the unbanked or things like that.
So that becomes a big deal for processing, especially international transactions. Obviously it's a difficult thing. There's no real concept of chargebacks. There's Not really payment processors, except to the bank and outside the bank itself, it's kind of wild west. , how do you kind of adapt to that?
Or, I mean, I know it's something that might not be solved yet. How, how are you looking at that space in general?
Zach: Yeah. So we do a lot of business on the crypto side. The three verticals that we focus on are gaming gift cards and crypto and crypto probably our largest one actually right now because it is, you know, very high fraud.
Um, Yes, there's a lot of KYC attempts and things like that. And you have to scan your passport and take a picture of your face. But, you know, people find ways around that. No problem. And it shares very similar characteristics, if not more so than gaming, where, you know, once you made the transaction, you can offload that, you send that to another wallet and it's gone.
And you have. You're never going to get that back again, so we work very closely for the on ramping part. So helping people take the fiat to the chain, cause a lot of times, you know, done by credit card in that case. So we work with a lot of, you know, prominent on ramps in that regard. Once it's on the chain, we don't really do too much, there today.
It's something, you know, we might think about later, but, you know, that's a little bit trickier because kind of the whole point is it's decentralized and there's not much oversight of it going on, but we definitely want to make sure that on the pay end part, when you're getting it onto the chain that that's legit.
Devin: And, you know, you don't have to see the transaction history on that.
Zach: That's true. You don't. And, and we're going to get into this world where, you know, the web three gaming, I think is going to collide with the crypto. So it's very relevant to our industry as well, because, you know, as more and more traditional studios embraced web three, which I think they will over time, they're going to start dealing with these issues that they haven't dealt with before.
And the, again, the customer is very different. The order values are very different, right? Where you're maybe spending 5 on a skin, 10 on a skin, on the crypto side, you're probably uploading a hundred, you know, 200, 000 at a time. So that's going to be something new. That a lot of the studios are going to have to adapt to how do we, how do we change our risk tolerance and our risk profile for the, yeah, for the realities of the crypto web3 world.
Devin: I mean, if you're dealing with the on ramp providers, then right, then you're able to sort of get some data on some KYC maybe even, and, and sort of build a profile of a particular wallet, right? As it on ramps. And then from there, if that, if that wallet is then making on chain transactions with a, say a web three game stuff, you have some information about that wall.
Is that maybe a direction you guys can go or just. Not maybe even that you guys just the sort of fraud industry in general when it comes to handling this stuff Is that if we'll start getting tied to KYC you get tied to banks there starts to be some element of risk profiles Associated with wallets and different ways of sort of collecting the data That's sort of the way you're already trying to do with customers in games and then now obviously If you're looking at on chain entirely Web3 games becomes even more important possibly to handle that stuff.
Is that an area maybe you guys are going in or the fraud industry should be thinking about for the future outside of our typical kind of KYC mentality?
Zach: Yeah, I think, I think so. I think, you know, the, the data verification, the, you know, does your picture match this thing, does the number match this thing?
Like, it's all gonna be easily spoofed, right? Deep fakes. And, you know, you can use, we use AI to prevent fraud, people are going to use AI to, to, you know, partake in fraud. We're always adapting. We're always evolving and trying to, you know, keep up with the Joneses in terms of what the scammers are trying to do, and our worlds are going to collide.
And we actually are going to be working with a web three, a gaming merchant on ramp or soon, so TBD on, you know, that announcement, but I think, you know, it's going to be a learning process and we're going to, we're going to learn together kind of how do we. Police this world using the technology that we do have, but then picking up on those new signals.
And again, that's why AI is so important here, because it will pick up on those signals much faster and much more accurately than you or I sitting behind the desk and trying to figure out why the transaction went bad or not. So we're excited for that partnership, and we think, yeah, web3 is definitely an area that we're going to continue to invest in and evolve in.
Devin: Hopefully you guys can make some, some headway and success there, because I think that's probably one of the biggest reasons preventing Web3 from doing a little bit better is obviously the, the fraud and the inability to really kind of handle and crack down on it. Not just from a government level, but just from even an everyday person trying to deal with transactions out there.
And certainly a merchant, someone that's dealing with transactions. You know, massive amounts of transactions really has to try and do that at scale. It seems like a real big problem, I mean, outside of just even web three and crypto in general, what do you see is like the, the future for fraud prevention or fraud in general for gaming?
Like, where's it kind of evolving? What new technologies do you see being involved in this stuff? Where do you see all this going say in the next five to 10 years?
Zach: Yeah, I think, you know, A lot of it's going to shift towards, towards true AI and a lot of the legacy rules based systems will be phased out, whether that's, you know, from the traditional vendors or, or, you know, the third parties as well. Um, automation is going to be, you know, it's going to be key to all of this. And that's not saying that you don't need internal fraud teams. There's always going to be that human element that's going to have to police it and oversee it and say, Yeah, you know, this is the unique thing that you don't get about gamers, you know, Mr. AI tool right now. But, by and large, a lot of that stuff, you know, it's going to be automated. So a lot of it, though, is going to be coming from collaboration with the partners. I think as more and more studios and marketplaces and payment processors kind of embrace the new order of, you know, like we said, AI is prevent fraud, AI is also going to be used to do fraud.
It has to be a collaboration between everyone involved. I mean, at the end of the day, we're all gamers, you know, we want the player experience to be as. You know, as seamless and successful as possible. And we want people to enjoy the game. And anytime that you're trying to, you know, make a transaction or interact with the game and that gets blocked, you know, it hurts the whole industry.
It hurts the whole ecosystem. So what I'm excited to see is, you know, more learning, more sharing, you know, industry events and associations and how do we all get smarter in this? How do we work with the stripes and the audience and the world pays and the world that I'm, I know you had Neon, on the show a few days ago and they're friends of ours.
And so we're kind of trying to put our heads together and think through ways to do that and, , the world lines of the world, you know, we're, we're all just trying to come at this together. And I think we'll, you know, there'll be some exciting stuff coming on but it's going to take time to, you know, as the defrauders get more advanced, we're going to have to step up our game and match that.
Devin: Well, unfortunately, it ends up being an arms race. So hopefully you can at least stay ahead for a little while longer. If not, the AI versus AI battles, right. Have already kind of commenced, I think at this point. So hopefully you guys can stay one step ahead of that training and partnerships.
But I do want to thank you for coming on today. I appreciate it. Like it's a topic that probably is a little underserved until you get that letter, as you said, and then all of a sudden it's certainly a topic you're very aware of at that point, because that's hitting literally the bottom line of a business.
So good to get ahead of it. Good to know that there's services like yourselves to be able to help figure that stuff out when, when that panic sets in and hopefully people are doing a little bit of maybe analytics or detective work ahead of time to, to get You know ahead of that and catch when that's happening rather than when all of a sudden, you know, they're , it's in the red at that point.
So definitely appreciate you coming on today.
Zach: Take a look at this now. So you don't come to us with that letter in hand. That's the, we don't want to see you. We want to see you before that, you know, and, and better time. So, thank you for having me, Devon. It's a pleasure speaking to you and, yeah, look forward to, you know, continuing the conversation in the future.
Devin: Awesome. Well, if anyone wants to check out the company, it's Nsure.ai, which is spelled N S U R E dot AI, just in case you're listening to this and can't see any links or anything like that, I want to make sure people get to the right place, but definitely check it out. Lots of cool stuff.
Lots of tech being involved here in pretty much trying to do what they can to, to keep things under control. So definitely, give it a check. You know, peek, see what, see what you can do. And in the meantime, we'll catch you guys in the next interview, but thanks for listening. I appreciate everyone out there.
And of course if you aren't already, as always, make sure to subscribe to the newsletter and catch all the latest in gaming from Naavik. Thanks again, Zach. Thanks, audience. Catch you guys later.
If you enjoyed today's episode, whether on YouTube or your favorite podcast app, make sure to like, subscribe, comment, or give a five-star review. And if you wanna reach out or provide feedback, shoot us a note at [email protected] or find us on Twitter and LinkedIn. Plus, if you wanna learn more about what Naavik has to offer, make sure to check out our website www.naavik.co there. You can sign up for the number one games industry newsletter, Naavik Digest, or contact us to learn about our wide-ranging consulting and advisory services.
Again, that is www.naavik.co. Thanks for listening and we'll catch you in the next episode.