[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Next Article in Journal
Inferring TLB Configuration with Performance Tools
Previous Article in Journal
A Risk Assessment Analysis to Enhance the Security of OT WAN with SD-WAN
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Suspicious Financial Activity in the Context of In-Game Asset Exchange Marketplace

School of Cyber Studies, College of Engineering and Computer Science, The University of Tulsa, Tulsa, OK 74104, USA
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2024, 4(4), 938-950; https://doi.org/10.3390/jcp4040043
Submission received: 30 September 2024 / Revised: 29 October 2024 / Accepted: 1 November 2024 / Published: 5 November 2024
(This article belongs to the Section Security Engineering & Applications)

Abstract

:
In this study, we investigated the expanding problem of suspicious activity when using online in-game asset trading platforms. The decentralized structures and anonymity offered by these platforms provide a basis for suspicious actions, creating a threat to the virtual economy. By evaluating 18,157 rows of anonymized transaction data from 38 unique sellers with the help of the interquartile range approach and network analysis, we were able to identify suspicious activities. The results highlight suspicious online activities of individual transactions. This research contributes by identifying new, concerning trends and unraveling complex networks by analyzing in-game asset transaction data. It also assists in informing experts and lawmakers about new suspicious activities.

1. Introduction

Online gaming is one of the most successful industries in the cyberworld [1]. The goal of some users in these games is to compete together or alone against their opponents, who may be either other users or in-game characters. Other users aim to obtain cosmetic upgrades that will make their in-game characters look attractive. To achieve their goals, users need to earn in-game assets. Earning these assets can either take place through gameplay or with in-game currencies. As earning assets with in-game currencies or through gameplay can be time-consuming, game companies provide opportunities for these assets to be purchased using real currencies [2]. However, game companies are not the only place where users can obtain these assets, as there are users or gold farming groups that offer these assets through in-game asset exchange platforms [2]. Users can log into these platforms in order to buy or sell their assets.
Online trading platforms are becoming increasingly popular, but many lack strong tools, such as effective Know Your Customer (KYC) checks [3]. While traditional banks have rules to stop suspicious activities, these do not always work in the virtual world. These sites are legal, but they may also provide opportunities for criminal activity because it is hard to identify and stop suspicious actions due to the decentralized setup and the anonymous, quick transactions [4].
To help pinpoint the way that suspicious activities take place across different online venues, it is essential to examine real data from in-game marketplaces. The main purpose of this is to reveal patterns and warning signs signaling such suspicious activities. However, the issue of detecting suspicious transactions through digital assets has still not been fully addressed [5]. By examining suspicious patterns of activity, network connections between trading sites, and data from these digital exchanges, we can obtain a clearer picture of the latest suspicious activities. This knowledge is crucial for the creators of these platforms to improve their defenses against such financial crimes.
In research in this field, the Confidentiality, Integrity, and Availability Triad (CIA Triad) has been used to analyze in-game trading platforms. The CIA Triad is one of the major models in information security [6]. In this research, the integrity of the CIA Triad has been taken into consideration. Integrity means that assets can only be modified by authorized parties in an authorized way in order to maintain data trustworthiness [7]. There are important issues with the integrity of these platforms because the integrity of a platform can be compromised if transactions are being manipulated by users who engage in suspicious activities. If a platform’s integrity is low, it means that a fraudulent transaction is possible, which decreases the trustworthiness of the system [7].
The main focus of this study is to investigate the rising trend in fraudulent transactions, specifically investigating how in-game asset trading marketplaces facilitate suspicious activities. In order to create a safe and secure digital financial landscape, this study provides readers with the knowledge and information needed to identify suspicious activities taking place on these online marketplaces. The aim of the data analysis is to detect suspicious activities in these dynamic virtual environments.

2. Background

The advancement of the internet has presented opportunities, such as broader reach and anonymity, that were not previously available, with traditional techniques slowly fading away. As a consequence of the anonymity that platforms provide, it is difficult to track the source and destination of payments, thus delaying investigations and legal actions [8]. This is an example of how technological advancements have created new techniques for suspicious activities [8].
The online gaming industry is growing each year, and the primary revenue of online gaming companies comes from the virtual assets they provide to users [9]. A report on revenues in the online gaming industry showed $26.14 billion for 2023 and an estimated 1.1 billion online gamers worldwide [10]. The revenue from additional in-game content purchases is expected to reach $74.4 billion [11]. Accordingly, the developments that have occurred in the online video gaming ecosystem should provide insight into questions about the potential scope of suspicious activities [9]. With this growth, financial risks have been introduced to users in the form of fraud associated with assets within a game. Cheating is achieved by tricking players into buying fake in-game boosters, codes, virtual items, and currency, and this causes a large amount of financial loss [12]. Some of the most common types of scams include selling nonexistent virtual items or stealing virtual property that has a market value. Objects such as skins, weapons, and others are assigned a certain value and can be exchanged for real money. This poses a risk of theft and fraud by cybercriminals who launch attacks on user accounts. It can lead to a loss of money for the user, and that is why the game industry is a promising field for attackers. Cybercriminals use phishing, malware, and credential stuffing to enter user accounts, where they can steal virtual currencies and associated financial information [13]. The stolen products may either be sold in third-party marketplaces or can be used to perform more fraud on the victim [12].
The field of research on suspicious activity on new platforms is constantly evolving. Although research has revealed questionable activity on certain platforms, a thorough grasp of the connections and strategies used by criminals throughout various environments is still missing [8].
The research gap in the topic is that, although similar transactional and behavioral patterns have been explored in various sectors and industries, such as banking, and on other platforms, such as Airbnb, eBay, and cryptocurrency, there is hardly any research on in-game exchange platforms. Previous research showed that there are suspicious activities on in-game exchange platforms, but it has failed to show these activities with real datasets.

2.1. In-Game Asset Exchange Markets: Digital Marketplaces

Games today let players trade in-game items on websites, turning virtual assets into real money. While some people sell items for extra earnings, others use these platforms for suspicious activities [14], moving illegal funds through online marketplaces and swapping in-game items for cash or cryptocurrency [15]. This forms a complex web involving multiple sites and transactions using digital or actual currency. Criminals confound the trail by transferring dirty money across accounts, later converting it into digital currency. They then purchase in-game items and resell them, sometimes for real money, outside the game. These virtual markets are distributed and are not tied to any one server, making it hard to follow the money trail. In addition, the extra layer of anonymity that they offer only makes it tougher to identify suspicious activities [16].
For criminals, in-game asset exchange websites have become centers for suspicious activity because of the absence of any need to verify personal information, along with the simplicity of depositing and withdrawing funds [17]. These platforms frequently have weak KYC checks, making them an ideal environment for suspicious activity [3]. Without proper KYC checks, the platforms offer anonymity for users. As another study showed, even if some of those websites apply proper security techniques, it is very hard to force all websites to apply them because legal jurisdictions do not require in-game asset exchange websites to perform due KYC diligence [3].

2.2. Existing Research

Recent research showed that accurately identifying suspicious transactions is important for many reasons. Detecting suspicious transactions is crucial in the cyber–physical environment today since fraudulent activities pose huge financial losses and are increasing in rate [18]. Identifying suspicious transactions also enables detection to help enhance security by reacting to different kinds of fraud, such as credit card fraud and identity theft, which further establishes a secure financial system [18]. This also improves customer trust, as protecting customers from financial harm causes them to develop confidence in the system [18].
The importance of reducing false positives in the detection process is also emphasized, and time–frequency analysis helps identify genuine suspicious transactions [19]. This reduces the number of false positives, which typically leads to analysts becoming accustomed to real cases [19].
Existing research shows that there are three main activities that can lead to suspicious activities. The first is high-volume transactions [20]. Comprehensive analysis shows that users with 30 or more total transactions are considered to have a high volume [21]. As the literature states, high-volume transactions are always suspicious and need to be further analyzed. Such high-volume transactions become more suspicious if they are performed on the same day and between the same people, especially if the situations repeat themselves over a period of time. In order to identify high-volume transactions, a threshold needs to be established. According to the existing research, this threshold value is the 95th percentile [22].
The second suspicious activity is the fragmentation of high-volume transactions over time, that is, not buying in a single day but rather buying in small amounts with a high volume in total. Users pursue these small transactions in order not to fall within the reporting thresholds. The idea is to divide illicit money into small amounts and transfer it to a destination account, usually within a short period of time [23].
The final suspicious activity is U-turn transactions, where buying and reselling activities happen between the same two users. Singh and Best conducted a study utilizing data visualization to identify suspicious activity, which proved how these transactions led to suspicious activities [24].
After reading the existing literature, the suspicious activities were defined. The three types of suspicious activities are high-volume transactions, fragmentation of transactions, and U-turn transactions. These emphasize the different types of techniques used by the users to hide their suspicious actions. In the following section, we will discuss the methodology used to detect and analyze suspicious activities.

3. Methodology

A literature review was performed, collecting, analyzing, and synthesizing research on suspicious activities in the in-game asset exchange website. The objective of conducting the review was to come up with a conceptual understanding of the current state of knowledge, the absence of the literature, and directions for further investigation. Critically reviewing the literature and identifying the gap in the area helped identify what needed to be conducted. Therefore, the main objective of this work was to gather and analyze a dataset from an online in-game asset exchange website. After defining what counts as suspicious activity, the next phase was to identify the right dataset for analysis. Using this foundation, we sought a comprehensive dataset containing detailed transaction records, including buyer and seller names and IDs, along with transaction dates. There are several in-game asset exchange websites, which have been ranked according to the number of visitors. Leveraging Semrush’s 2024 rankings for website traffic, we selected a high-traffic in-game asset exchange platform for data collection [25]. This website allows sellers to sell in-game assets, such as skins, in-game gold, or money, for different games. To obtain the relevant dataset, the in-game asset exchange website needed to be scraped.
Initially, the information on the website was more about sellers than buyers. However, the website had an application programming interface (API) that provided all of the relevant information about both sellers and buyers, including their IDs and transaction dates. The scrape began by focusing on popular games that offered up these assets. Top-ranked users who did not have verified accounts were selected from the seller list since they offered multiple transactions that could be used to grow the dataset. After scraping the seller’s dataset, the focus was then shifted to buyers. This led to an interesting finding that some of the buyers’ accounts were selling assets in their accounts as well. This meant that it was necessary to look at their seller accounts, buying patterns, and interactions with other sellers. The buyers that appeared as sellers as well were scraped in each round. After scraping each seller’s API, an Excel dataset was created using 38 unique sellers. This dataset consisted of 18,157 rows and the following columns (Table 1):
After gathering the data, the next step was the data-cleaning process. One of the main concerns that we faced during this stage was the presence of NaN (not a number) values in the buyer_id column. Once the dataset was successfully updated, the next step was to anonymize the data via the use of Python code. The code numbered the sellers and buyers according to their IDs. The final data that were used for analysis included numbered sellers and buyers. After anonymization, the next step was to pursue a detailed analysis so that suspicious activities could be identified.
The key columns for the analysis were ‘id’, ‘created_date’, ‘seller_id’, ‘buyer_rating’, and ‘buyer_id’. The ‘buyer_rating’ column was used in the initial analysis to detect the buyers who were also sellers. According to the data, if a buyer had a rating, then that buyer was also a seller. By using the ‘seller_id’ and ‘buyer_id’ columns, the users could be identified even if the user had used different display names in the past. The ‘created_date’ column provided the dates on which the transactions took place. This was important for analysis when we identified transaction volumes over a certain period of time.
The dataset was analyzed to find any linkages between the sellers and the buyers. Various tests and methods were used to find any suspicious activities, one being the interquartile range (IQR) method. This method plays an important role in detecting any outliers that have been missed during an analysis [26]. Obtaining outliers identified with the IQR method was crucial because they showed the anomalies in the dataset, pointing to suspicious activity. The methods and tests provided noticeable results, and the Python package NetworkX was used to visualize the activity. NetworkX is a Python package used to create, manipulate, and learn the structure, dynamics, and functions of complex networks [27].

4. Results

We created an interactive networking graph to understand the network structure and identify the high-degree nodes, which were the major sellers or buyers in the network.
In Figure 1, several dense clusters of nodes can be seen, indicating a group of buyers and sellers with a high number of transactions among them. Dense areas in the graph show regions with highly interconnected transactions. This means that there was a strong relationship within these groups. There are also some isolated nodes, which indicate that these sellers and buyers have only a few transactions. Focusing on the dense areas in the graph would provide us with better results for detecting anomalies in the dataset. Accordingly, the graph gave us insights using which we could detect key sellers and buyers in the network for deeper analysis.
When the dataset was analyzed, the first step was to detect high-volume transactions. The following steps were taken when analyzing the dataset:
  • The frequency of transactions in each buyer-seller pair was calculated;
  • A threshold for high volume in this particular dataset, defined as transactions exceeding the 95th percentile, representing the most active 5% of the transactions, was established;
  • The pairs above the threshold were filtered out;
  • Transactions that were completed on the same day were identified and recorded;
  • Same-day high-volume transactions were visualized in a graph for further examination.
The analysis revealed the existence of transactions that exceeded the 95th percentile threshold. In line with the literature, such high-volume transactions indicate potential suspicious activity [20]. These numbers were considered suspicious, particularly because the transactions were conducted on the same day. For example, Seller 1′s transactions showed instances of high activity. As seen in Figure 2, there were 13 instances of transactions where buyers bought five or more assets from Seller 1 in a single day. The most suspicious activity was the transactions that were performed between Seller 1 and Buyer 12, where 22 separate transactions were recorded, which was the highest single-day transaction number. This was vital information, as it supported our claim that suspicious transactions took place.
The recent literature indicated that transactions involving high volumes, such as multiple transactions in a single day, might be interpreted as suspicious activity [20]. In order to maintain their anonymity, sellers often spread high-volume transactions over a couple of months and do not make purchases in a single day; rather, the purchase of assets is made using a piecemeal approach, but there is a high volume in total [23]. To create a graph of this activity, the following steps were taken:
  • The total transaction count for each buyer was aggregated across all recorded days;
  • The top ten buyers were filtered based on their overall transaction volume;
  • The daily transaction numbers for these top ten buyers were compiled;
  • ‘High-volume’ buyers were defined as those engaging in over 20 transactions with a single seller;
  • A graph of small transactions with a high volume was generated.
The analysis began by using the ‘buyer_id’ column of the dataset to collect the total number of transactions per buyer across all days. The buyers were then ranked by the volume of their purchases to identify the most active ones. In the next step, the top ten buyers with significant total transaction volumes were filtered to group the buyers who had conducted transactions with the highest volume. During the manual inspection of the dataset, it was identified that the buyers with fewer than 20 transactions included normal buyers. Therefore, the threshold value was set at 20 transactions, meaning that buyers who conducted more than 20 transactions in total with a single seller were flagged as those performing high-volume transactions. These specific transactions were then visualized in a graph to better illustrate the patterns found.
Figure 3 and Figure 4 both illustrate the buying patterns of Buyers 1, 2, and 3. Figure 3 shows a scatterplot of the three different buyers across a year. The colors in the plot—blue, green, and red—correspond to Buyers 1, 2, and 3, respectively. Each point in the plot represents the number of transactions made by a buyer on a specific date. Figure 4 is a network graph showing the relationship between Seller 1 and their buyers. The central node represents the seller, and the other nodes represent the buyers. Each line between the seller and the buyer shows a transaction. As seen in Figure 3 and Figure 4, Seller 1 had three different buyers, and even though they did not make their purchases in a single day, they made high-volume purchases from Seller 1 over a couple of months. The most suspicious buyers were Buyer 1 and Buyer 2. Buyer 1 made multiple small purchases within the same month, which was very suspicious [23], and Buyer 2 made small purchases within a couple of months.
High-frequency transactions in a short period of time, as seen from the buying patterns of Buyer 1 and Buyer 2, indicated suspicious activity. According to the literature, these kinds of activity are counted as suspicious [23]. Such activities differ from normal user activity in that normal users make small purchases, and their purchases are not made within a short period.
Based on existing research, we identified U-turn transactions as potential indicators of suspicious activity [24]. U-turn transactions are utilized in suspicious activities; funds are transferred from one entity to another and then cycled back to the original owner or organization [28]. Therefore, it was crucial to detect U-turn transactions in this research. Accordingly, the dataset was analyzed to find any signs of U-turn transactions between users who sold any kind of in-game assets to each other. To check for possible U-turns in the data, the following steps were taken:
  • Transactions were reviewed to detect instances of mutual interaction, particularly where individuals alternated between buyer and seller;
  • A DataFrame was assembled specifically to record instances of mutual trading;
  • The data were carefully examined for mutual transactions and to eliminate any duplicates;
  • A graphic representation of mutual transactions was created.
U-turn transactions were detected using a Python script. First, unique IDs for all transaction directions were created by combining the seller and buyer IDs in DataFrame, which helped to locate the transactions made by the same sellers and buyers. Then, the transactions in the DataFrame were reversed in order to recognize the potential U-turn transactions where a buyer appeared as a seller in another transaction with the same user. To identify the exact matches of the users buying and selling to each other, a cross-reference operation was conducted between the original dataset and the reversed dataset. Mutual transactions that took place over a longer timeline, such as more than a year, were excluded. After following the steps to analyze the dataset, two different instances of U-turn transactions were captured.
Figure 5 and Figure 6 display two different sellers and their transactions. In other words, Seller 1 and Seller 2 in Figure 5 are not the same as Seller 1 and Seller 2 in Figure 6. The complex networking graphs show each seller’s transactions with different buyers. In both figures, the red transaction line is a sign of a U-turn transaction that was identified. In Figure 5, the red line indicates that Seller 1 sold and bought assets from Seller 2 within a couple of months. In Figure 6, the red line shows the mutual transactions between a different Seller 1 and Seller 2 on the same day. Figure 6 is more complicated because Seller 1 and Seller 2 in this figure also shared other buyers. The overlapping buyer relationships also increase the visual complexity of the figure, as there are more links between sellers and buyers than in a simple model. There were two occurrences of U-turn transactions in Figure 5 and three in Figure 6. In both of these, the seller was also a buyer in other transactions with the same individual. In line with the existing literature [24], this kind of transaction should be labeled as a suspicious transaction.
The last test that was carried out was the IQR method to test for outliers in the dataset [29]. This test was conducted at the end of the analysis to reveal patterns in the dataset that might have been missed during the analysis phase. The IQR method comprises predefined calculation steps [29]. The following predefined steps were used in the IQR method for anomaly detection:
  • The IQR was computed initially by calculating the daily transaction volumes for each seller and then determining the first quartile (Q1) and third quartile (Q3):
    a.
    The IQR was calculated by subtracting Q1 from Q3;
  • The bounds for detecting outliers were determined:
    a.
    The lower bound was defined as Q1 minus 1.5 times the IQR;
    b.
    The upper bound was defined as Q3 plus 1.5 times the IQR;
  • Outlier transactions that were higher or lower than the bounds were identified for each seller.
The IQR method was applied to the dataset to pinpoint the days when transaction numbers for sellers were out of the ordinary—either high or low.
In Figure 7, each of the bars shows the number of transactions conducted on a specific date. We can see high transaction volumes, especially during December. These bars suggest suspicious activity that needs to be investigated. Figure 7 also points out that Seller X had 18 transactions in a single day, which was above the upper bound that was defined. Furthermore, this seller had several days with transaction counts of 9, 11, 12, and 13, all of which were higher than the upper bound. This shows unusual and suspicious activity, such as potential fraud. The demonstrated results are unique to this research, confirming that the suspicious activities were backed up by the results from the dataset.

5. Discussion

This research involved looking for unusual activity that would point to suspicious activities by analyzing data from a website where players exchange in-game assets. The dataset used in our research accurately addressed the gap and included suspicious trade activities. It also included all columns necessary for the analysis, which was vital for detection. Using this dataset and existing research as a guide to determine suspicious activities, there were several important findings. As we mentioned, out of 38 unique sellers, 13 exhibited suspicious activity. These results confirm that suspicious activities are present on in-game trading websites.
In this research, integrity was a critical part of the evaluation as part of the CIA Triad. The term “integrity” refers to the trustworthiness and reliability of a system. There is no integrity if a platform is compromised when, for example, users can launch fake transactions or hide their identities. If a platform allows for this kind of manipulation and it cannot detect it, then the system has low credibility. In our research, since the platform did not require any user verification or KYC procedures, we evaluated how easy it was to manipulate the system on this in-game trading platform. Since there was no way to confirm the identity of the users in the system, this made the system vulnerable and easy to manipulate.
The results of this study show why it is essential to increase the integrity of in-game trading platforms for better protection against vulnerabilities. In that regard, without integrity controls, including proper KYC systems and enhanced security measures, these platforms remain vulnerable. As our research has shown, it is clear that weak-integrity designs can be easily exploited, and, therefore, the overall security and credibility of these platforms are at risk.
This study contributes to an understanding of the way that users use these sites by showing specific suspicious activities. Since less regulated platforms do not provide appropriate KYC checks, they help criminals disguise their suspicious activity. Knowing that this information is essential for improving platform security and creating successful policies because, without a proper KYC process, a seller and buyer could be the same person.

6. Future Research

To enhance the detection of suspicious activities on in-game trading websites, it is essential to increase the amount of collected data. We need to access and evaluate data from various in-game asset exchange marketplaces to obtain a more comprehensive picture. Although the results were successful and showed suspicious activities, advanced analyses, such as those using machine learning techniques for pattern recognition, need to be carried out with a larger dataset. In the next phase, a dataset that shows purchase amounts and the price that was paid should be collected. In addition, for the development of thorough security techniques for online trade marketplaces, collaboration with interested parties, such as platform developers, is needed. Continued in-depth research is, therefore, required to construct robust and effective security frameworks within these virtual marketplaces.

7. Conclusions

Using anonymized transaction data, this research investigated the problems associated with suspicious activities on online in-game asset trading platforms. Existing research on this topic provides a threshold value for an activity to be considered suspicious. Noteworthy findings were the identification of purchases that exceeded a predefined threshold in a single day, as well as smaller purchases that were made over time, resulting in high-volume transactions for particular sellers and buyers. The instances of mutual transactions between buyers and sellers were in line with established strategies for suspicious actions. The existing research techniques for suspicious activities, as well as the IQR technique, were used to identify days on which particular vendors had abnormally high or low transaction volumes, which might indicate attempts to conceal activities. The findings confirm that there are suspicious activities on in-game asset exchange websites.
The growth of the online gaming industry has not only changed the way gaming takes place but has also brought financial concerns, especially in the form of scams related to in-game assets. Players are now at high risk of being targets for cybercriminals because these criminals steal virtual items that have a market value. Phishing scams, malware, and credential stuffing are among the most popular methods of hacking into players’ accounts and stealing virtual property, which is then sold on third-party websites.
Moreover, the real worth of virtual assets and the anonymity of users in these transactions make such systems vulnerable. This means that online in-game asset trading platforms are attractive targets for criminals. These platforms, which usually have weak KYC measures in place, are at risk, and this calls their integrity into question. The CIA Triad, especially integrity, is quite important in this case. When the integrity of a system is low, platforms become vulnerable.
This study makes an important contribution to the field of research on suspicious financial activity, especially concerning online marketplaces for exchanging in-game assets. It provides perspectives, methods of detection, and useful advice for countering this rapidly evolving crime in the dynamic world of in-game asset exchange platforms. The novelty of this study lies in the examination of the patterns of transactions in the context of in-game asset exchange platforms using a real dataset. While suspicious actions have traditionally been associated with financial institutions, we see a shift toward in-game asset exchange platforms. This shows that suspicious activity by some users is taking place, as evidenced by the findings.
Although this research makes a contribution to the detection of suspicious financial activity, future work should focus on improving the detection of suspicious activities by gathering a larger and more diverse dataset from several in-game asset exchange platforms. In addition, applying these findings to risk assessment models will help the gaming industry avoid risks and negative consequences for customers and their assets, increasing the security of these rapidly expanding platforms.
Upon acquiring knowledge of updated techniques for suspicious actions, authorities can effectively target efforts to prevent these activities on these emerging platforms. Incorporating these findings into risk evaluation frameworks would enable organizations to develop mechanisms for detecting and preventing suspicious transactions. Addressing these weaknesses, enhancing the data, and implementing the necessary future solutions could enhance the security of the landscape.

Author Contributions

Conceptualization, E.E. and S.V.F.; methodology, E.E. and S.V.F.; software, E.E.; validation, E.E. and S.V.F.; formal analysis, E.E.; investigation, E.E.; resources, E.E. and S.V.F.; data curation, E.E.; writing—original draft preparation, E.E.; writing—review and editing, E.E. and S.V.F.; visualization, E.E.; supervision, S.V.F.; project administration, S.V.F. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Data is available to download.

Acknowledgments

The authors of this study acknowledge the support for this research from the University of Tulsa Cyber Fellows.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Holdings, S.R. SuperData. 2018. Available online: http://strivesponsorship.com/wp-content/uploads/2018/02/SuperData-2017-year-in-review-digital-games-and-interactive-media.pdf (accessed on 5 May 2024).
  2. Noh, Y.; Jeong, S.; Kim, H.K. Trading behind-the-scene: Analysis of online gold farming network in the auction house system. IEEE Trans. Games 2021, 14, 423–434. [Google Scholar] [CrossRef]
  3. Reider-Gordon, M. Not a Game: The Need to Harmonize a Global Regulatory Approach to Combat Money Laundering via Virtual Assets in Massively Multiplayer Online Games. Cyber Laund. Int. Policies Pract. 2023, 4, 105–143. [Google Scholar]
  4. Roomberg, M. The video game industry’s money laundering problem: When do game publishers become money transmitters? Russ. J. Econ. L 2023, 17, 630. [Google Scholar] [CrossRef]
  5. Dumchikov, M.; Reznik, O.; Bondarenko, O. Peculiarities of countering legalization of criminal income with the help of virtual assets: Legislative regulation and practical implementation. J. Money Laund. Control. 2023, 26, 50–59. [Google Scholar] [CrossRef]
  6. Washington University in St. Louis. Confidentiality, Integrity, and Availability: The CIA Triad; Washington University in St. Louis: St. Louis, MO, USA, 2024; Available online: https://informationsecurity.wustl.edu/items/confidentiality-integrity-and-availability-the-cia-triad/#:~:text=The%20CIA%20Triad—Confidentiality%2C%20Integrity,to%20these%20three%20crucial%20components (accessed on 18 September 2024).
  7. Osazuwa, O.M.C. Confidentiality; Integrity, and Availability in Network Systems: A Review of Related Literature. Int. J. Innov. Sci. Res. Technol. 2023, 8, 12. [Google Scholar]
  8. Wronka, C. “Cyber-laundering”: The change of money laundering in the digital age. J. Money Laund. Control 2022, 25, 330–344. [Google Scholar] [CrossRef]
  9. Higgs, J.; Flowerday, S.V. Online Video Game Laundering: A Bayesian Trial. In Proceedings of the AMCIS 2024 Proceedings, Salt Lake City, UT, USA, 15–17 August 2024; p. 7. [Google Scholar]
  10. Clement, J. Online Gaming—Statistics & Facts. 2024. Available online: https://www.statista.com/topics/1551/online-gaming (accessed on 1 February 2024).
  11. Clement, J.J. Global In-Game Consumer Spending Market Value 2020–2025. Available online: https://www.statista.com/statistics/558952/in-game-consumer-spending-worldwide/ (accessed on 7 September 2021).
  12. Bawa, G. Intimidations to Online Gaming amid Pandemic Period of COVID-19. Int. J. Res. Anal. Rev. 2021, 8, IJRAR21C1457. [Google Scholar]
  13. Bennani, H. Cybersecurity, Cybercrime and the Video Gaming Industry. Master’s Thesis, Utica University, Utica, NY, USA, 2022. [Google Scholar]
  14. Ketcheson, R. Online Gaming: A Good Bet for Money Laundering? An Analysis of Money Laundering in the Canadian Online Gaming Industry. UNLV Gaming LJ 2022, 13, 21. [Google Scholar]
  15. Cloward, J.G.; Abarbanel, B.L. In-game currencies; Skin gambling, and the persistent threat of money laundering in video games. UNLV Gaming LJ 2020, 10, 105. [Google Scholar]
  16. Dupuis, D.; Smith, G. Old frauds with a new sauce: Digital assets and space transition. J. Financ. Crime 2023, 30, 205–220. [Google Scholar] [CrossRef]
  17. Cooke, D.; Marshall, A.M. Money Laundering Through Video Games, a Criminal’s Playground. Forensic Sci. Int. Digit. Investig. 2024, 50, 301802. [Google Scholar] [CrossRef]
  18. Shabbir, A.; Shabir, M.; Javed, A.R.; Chakraborty, C.; Rizwan, M. Suspicious transaction detection in banking cyber–physical systems. Comput. Electr. Eng. 2022, 97, 107596. [Google Scholar] [CrossRef]
  19. Ketenci, U.G.; Kurt, T.; Önal, S.; Erbil, C.; Aktürkoǧlu, S.; İlhan, H.Ş. A time-frequency based suspicious activity detection for anti-money laundering. IEEE Access 2021, 9, 59957–59967. [Google Scholar] [CrossRef]
  20. Tiwari, M.; Gepp, A.; Kumar, K. A review of money laundering literature: The state of research in key areas. Pac. Account. Rev. 2020, 32, 271–303. [Google Scholar] [CrossRef]
  21. Kwon, H.; Mohaisen, A.; Woo, J.; Kim, Y.; Lee, E. Crime scene reconstruction: Online gold farming network analysis. IEEE Trans. Inf. Forensics Secur. 2016, 12, 544–556. [Google Scholar] [CrossRef]
  22. Kamali, S.; Marzani, A. A demand-capacity approach to define failure thresholds in anomaly detection monitoring systems. J. Dyn. Disasters 2024, 1, 100004. [Google Scholar] [CrossRef]
  23. Sun, X.; Feng, W.; Liu, S.; Xie, Y.; Bhatia, S.; Hooi, B. MonLAD: Money laundering agents detection in transaction streams. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining, Online, 21–25 February 2022; pp. 976–986. [Google Scholar]
  24. Singh, K.; Best, P. Anti-money laundering: Using data visualization to identify suspicious activity. Int. J. Account. Inf. Syst. 2019, 34, 100418. [Google Scholar] [CrossRef]
  25. Semrush. Web Traffic Statistics. 2024. Available online: https://www.semrush.com/website/playerauctions.com/competitors/ (accessed on 29 October 2024).
  26. Yang, J.; Rahardja, S.; Fränti, P. Outlier detection: How to threshold outlier scores? In Proceedings of the International Conference on Artificial Intelligence, Information Processing and Cloud Computing, Sanya, China, 19–21 December 2019; pp. 1–6. [Google Scholar]
  27. Hagberg, A.; Swart, P.; Chult, D.S. Exploring network structure; dynamics, and function using NetworkX. In Proceedings of the 7th Python in Science Conference, Pasadena, CA, USA, 19–24 August 2008; pp. 11–15. [Google Scholar]
  28. Cheong, T.M.; Si, Y.W. Event-based approach to money laundering data analysis and visualization. In Proceedings of the 3rd International Symposium on Visual Information Communication, Beijing, China, 28–29 September 2010; pp. 1–11. [Google Scholar]
  29. Mahmood, S. Outlier Detection (Part 1) IQR, Standard Deviation, Z-Score and Modified Z-Score. Available online: https://towardsdatascience.com/outlier-detection-part1-821d714524c (accessed on 5 May 2022).
Figure 1. Buyer–seller network.
Figure 1. Buyer–seller network.
Jcp 04 00043 g001
Figure 2. Five or more anonymized transactions in one day with Seller 1 (including the transaction count).
Figure 2. Five or more anonymized transactions in one day with Seller 1 (including the transaction count).
Jcp 04 00043 g002
Figure 3. Detailed transactions over time for high-volume buyers from Seller 1 (anonymized).
Figure 3. Detailed transactions over time for high-volume buyers from Seller 1 (anonymized).
Jcp 04 00043 g003
Figure 4. Detailed network of transactions with high-volume buyers (anonymized).
Figure 4. Detailed network of transactions with high-volume buyers (anonymized).
Jcp 04 00043 g004
Figure 5. Anonymized network graph of U-turn transactions.
Figure 5. Anonymized network graph of U-turn transactions.
Jcp 04 00043 g005
Figure 6. A second anonymized network graph of U-turn transactions.
Figure 6. A second anonymized network graph of U-turn transactions.
Jcp 04 00043 g006
Figure 7. Anonymized view of daily transactions for one seller.
Figure 7. Anonymized view of daily transactions for one seller.
Jcp 04 00043 g007
Table 1. Column names in the Excel spreadsheet.
Table 1. Column names in the Excel spreadsheet.
IdTransaction_IdRatingFeedback
buyer_display_nameseller_display_namefeedback_typeoffer_id
created_dateseller_idcover_photouser_login_name
buyer_display_namebuyer_ratingis_deletedbuyer_id
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Eminov, E.; Flowerday, S.V. Suspicious Financial Activity in the Context of In-Game Asset Exchange Marketplace. J. Cybersecur. Priv. 2024, 4, 938-950. https://doi.org/10.3390/jcp4040043

AMA Style

Eminov E, Flowerday SV. Suspicious Financial Activity in the Context of In-Game Asset Exchange Marketplace. Journal of Cybersecurity and Privacy. 2024; 4(4):938-950. https://doi.org/10.3390/jcp4040043

Chicago/Turabian Style

Eminov, Emil, and Stephen V. Flowerday. 2024. "Suspicious Financial Activity in the Context of In-Game Asset Exchange Marketplace" Journal of Cybersecurity and Privacy 4, no. 4: 938-950. https://doi.org/10.3390/jcp4040043

APA Style

Eminov, E., & Flowerday, S. V. (2024). Suspicious Financial Activity in the Context of In-Game Asset Exchange Marketplace. Journal of Cybersecurity and Privacy, 4(4), 938-950. https://doi.org/10.3390/jcp4040043

Article Metrics

Back to TopTop