By Chris Ferreira, Senior Program Manager, DIACC. Additional contributions made by members of DIACC’s Outreach Expert Committee
I remember the first time I played a video game as if it was yesterday. My older brother spent an entire summer working so he could afford to buy an Atari 2600 game console which was the pinnacle of home gaming entertainment at the time. News of this purchase spread like wildfire and the next thing we knew, we had a room full of kids and adults huddled around a TV playing Pac-Man and Asteroids for hours. From that moment forward, I was a gamer for life.
Today, the video game industry is larger than the movie and music industries combined, drawing in over 2 billion gamers worldwide. The industry generates a staggering amount of revenue annually. In 2020, players spent $4.5 billion USD on immersive games, also known as Virtual Reality gaming, alone. When considering console sales, gaming subscriptions, mobile gaming, and micro-transactions (i.e., in-game purchases with real-world money), that revenue figure skyrockets.
So how does Digital Identity come into play?
Digital Identity can be defined as a digital representation that uniquely identifies a person and can be used to verify their identity when they want to access services. Look at it as a way to prove who you are online without the need for paper documents such as a driver’s license. People who use Google or Facebook profiles to create accounts or login to a particular service already have a form of Digital Identity. When used properly, Digital Identity can even help ensure video gaming is done securely and safely by protecting personal information and virtual treasures from being stolen.
Facial recognition systems are being deployed to prevent young gamers from playing age-gated content and between certain hours of the day. The hugely successful Roblox game has introduced an optional age verification for its users that will combine an ID check with a selfie scan that will be required to access in-game voice chat features and will allow developers to “create new experiences that will rely on identity verification in the future”. Facial recognition technology can provide a much more secure and trusted way of verifying a person’s identity compared to simply using a user name and password. However, these tactics, although stemming from good intentions, are being scrutinized by some privacy groups who have concerns with how securely a person’s data is being stored, where the data is being kept, and by whom the data can be accessed by.
With an industry that generates such significant global revenue, it’s bound to attract the attention of cyberattackers looking to steal company and gamer data for malicious use. Video game companies are targeted frequently because they don’t need to adhere to the same security and regulatory requirements as other organizations such as banks or hospitals that are mandated to protect client data. As with most people, gamers are exposed to security risks as they often use the same or weak passwords across multiple sites which makes it easy for hackers to obtain their login credentials. It’s an awful feeling to log into your game to see all your virtual items and in-game currency – that took hours, days, and months to accumulate – stolen by an unknown virtual bandit. Or worse, hackers often steal gamers’ personal information and even financial information like credit card details.
Fortunately, game studios have started taking these risks and threats seriously by ensuring that seamless account security mechanisms are in place. Game studios are also increasing their player’s awareness when it comes to their identity management controls so they understand the risks associated with password and account sharing and purchasing game add-ons from unapproved vendors. Two-factor authentication (2FA) is becoming more common practice amongst gamers to improve their security and reduce chances of account takeover.
Major game studios are stepping up to do their part to protect their customers’ information while at the same time being more aggressive with their internal operational security measures to prevent their game code from being stolen. Concepts like Self-Sovereign Identity (SSI) are also coming into play allowing gamers even more control over their personal information’s use. When game studio Midnight Society released their video game DeadDrop, they integrated Digital Identity that was verified via Blockchain. During the game’s testing period, players were issued digital credentials that allowed them to access the beta through the Polygon Blockchain network. Those digital credentials would allow the user to validate their identity and play the game before its release.
For gamers, their data is under constant threat but there are things that can be done to protect themselves from cyber-villains such as:
- Using strong passwords or a password manager and avoiding using the same passwords for several accounts to prevent brute force attacks.
- Being suspicious of emails appearing to be from their game’s studio asking them to login into their game account. No company should ever ask a person to share their password under any circumstances.
- Using a VPN (Virtual Private Network) to make the computer’s location unclear for added protection.
- Setting up two-factor authentication to ensure that a hacker can’t access their account even if they manage to steal their password.
- Only downloading game add-ons from trusted and verified sources.
Digital Identity and video games will continue to be embedded into our social fabric. And much like gamers wanting to protect their virtual characters from countless dangers, the same care should be taken with their real-life personal data. Evolving Digital Identity solutions, policies, and governance will be essential to ensuring gamers’ virtual, and real-world loot, remains safe and sound.