Back in October, Valve closed down the trading of container keys in CS:GO. Container keys are normally used to unlock rare items such as firearms and knives. Keys used to be trade-able on the Steam marketplace, but Valve observed a recent shift in fraudulent markets that started using container keys to liquidate profit. Valve claimed that near all the keys being traded were being used in fraud. People can still buy keys, but the keys remain in their inventories.
Kayla Izenman, a research analyst and Anton Moiseienko Research Fellow, Centre for Financial Crime and Security Studies at Royal United Services Institute (RUSI) co-authored a study on money laundering in video games. Investigations into money laundering started as early as of which cybercrime analyst Jean-Loup Richet wrote a report after investigating various hacker forums. Using virtual currencies in games, people were able to send money to other people, typically over international borders.
one could hardly think of a better demonstration of ‘the displacement effect’
The displacement effect in this case refers to illegal money being moved from a tightly regulated markets to less regulated ones. This happens as in-game items, such as weapons or in-game currency, have value outside the game. A lot of games offer in-game purchases but some also allow the sale of items for legal tender such as the US Dollar or the Pound Sterling. Entropia Universe is and Second Life are examples of these games. Online markets often receive little to no governmental regulation.
Historically, game markets were exploited by a method called “Gold Farming”, or where players acquire rare items to sell on 3rd party forums. Unofficial sales of in-game items run contrary to game rules and has resulted in several lawsuits as well as eBay regulating sales of digital items. Recently, fraud as seen a resurgence as people began purchasing items with stolen bank cards. Trend started as early as January of 2019 with Fortnite’s V-Bucks being purchased illegally with stolen bank card details.
Cybercrime for video games has been well documented, but is mostly the theft of login details of accounts. The use of stolen bank cards falls into the responsibility of the company that processed the payment, though the game company has valuable details needed to prove theft and reveal the thief. Without the assistance of the game company tin question, once a purchase is made and the money is turned into virtual currency it becomes near untraceable. The virtual currency can then be used to make more in-game purchases or exchanged for fiat money, making it ideal for money launderers.
In 2019, the international government initiative Financial Action Task Force (FAFT) published the recommendation that states being regulating and require liscenses for virtual asset service providers (VASPs). This case, a game company that sells virtual currencies is a VASP. FAFT published guidelines as well as the US Financial Crimes Enforcement Network (FinCEN) which provided details on what is considered a virtual asset.
Discovery of the fraud in CS:GO only highlights the exploit-ability of online game markets. As most laws relating to purchasing and fraud involve the use of physical goods, it is unclear what is allowed in virtual marketplaces. Most of the responsibility falls to the game companies to self police their markets, with some assistance from the Entertainment Software Association (ESA) who represents game developers and publishers.