Skrill Holdings co-CEO Martin Ott offers some sage advice on protecting online businesses in the new hacking age

Hacking: Defensive measures you can take

The swift rise in demand for online downloadable content and mobile social gaming has left many developers with a unique problem.

Namely, how should they allow their global customer base to purchase online content quickly and safely?

The market for payment options is extremely fragmented once one starts to look outside of the UK and the USA, and the recent Lulzsec and Anonymous hacking incidents have forced developers to think about how they store customer data and manage sensitive payment information.

Consumers are also becoming fatigued and apathetic when it comes to online security.

As a result, developers must again instil confidence in consumers that transactions will be quick, easy and secure while not leaving them unprotected.


A simple way to avoid putting customer data at risk is not to store it internally.

Working with a third party company to manage your payment solutions online not only allows you to store financial data in a less conspicuous place, with experts who focus on data security 24/7, but also allows you utilise their PCI compliance.

The Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.

All merchants that store, process or transmit cardholder data must be compliant and many of the largest online payment providers such as Skrill offer ‘Level 1’ PCI compliance. PCI compliance can then also be communicated to your customers as a mark of security and authenticity.

Skrill recently conducted research which revealed consumers are developing a worrying level of apathy towards remaining secure online because we are bombarded with requests for passwords and security information on a daily basis.

On average we are asked for ten or more pieces of information every day, 34 per cent of us forget our passwords regularly and 55 per cent use the same password for every website including internet banking, shopping and social networks.

A simple way for developers to combat this growing ‘password fatigue’ is to offer digital wallets as a payment option.

The digital wallet acts as a security buffer and enables any registered customer to make online payments conveniently and securely without revealing personal financial data.

Once a consumer has registered with the service they are not required to enter a raft of passwords and financial details and can purchase online content quickly and safely, boosting retention rates and ARPU for developers.

Widespread adoption of a digital wallet also gives you the opportunity to target millions of potential customers via newsletters from providers like Skrill.

Also, make sure you offer all of the right local payment options. Online gaming is a truly global business with huge potential markets in Asia, Eastern Europe and America. Each new territory that you target opens up new security risks and local payment options to take into consideration.

Be wary of the details on accepting international payment streams. Historically, if you wanted to accept payment options from a territory then you would need a bank account and base of operations located in that territory.

This would not only require a larger workforce but would also lead to a delay in processing due to longer settlement times into bank accounts and added exchange rate risks.

If you would want to settle Euros from Germany into your bank account, you might have ended up with one or two days waiting until the Payment Service Provider settled the funds into your German bank account, and another two-to-four days (and additional cost) while transferring the funds from Germany to the UK.

That gives you three days in which your funds are subject to a lot of Exchange Rate risk.

A digital wallet solution gives you instant settlement of funds in all currencies you’d like and even smaller developers can open up their trade options across the globe.


Another common obstacle for developers is avoiding fraud; money laundering of virtual currencies and subsequent charge back costs.

One of the largest growing areas of fraud online is the money laundering potential of virtual currencies such as Linden Dollars and World of Warcraft gold.

By using a payment provider that offers full fraud and chargeback protection the chargebacks accrued through fraud are absorbed via the payment provider and don’t eat into the profits of your studio.

With the online payment and security market moving so quickly to meet the demands of consumers and the constant security threat, the mechanics of selling games online is likely to continue evolving.

We believe that games developers should be left to concentrate on making games.

About MCV Staff

Check Also

Technology and the market will set the cost of triple-A productions – it’s not an inevitable and negative escalation

The idea that the industry will stagnate because of rising costs is a historically flawed argument based on historical data