It’s Not a Game Anymore!

What if Transferwise (or pick any other bank or financial institution of your choosing) announced that 170M of their user accounts have been stolen? Would you still trust them with your hard earned money? Makes you think twice, doesn’t it…

But if I tell you that a company with turnover five times bigger than Transferwise witnessed the security breach of this enormous just last year and yes, a lot of people still trust them with their dollars, euros, yen’s, how would you feel?

I’m talking about Zynga’s security breach last September, when 173 million usernames and passwords were stolen. While the company and general public may want to downplay it — it’s just a game after all — the consequences for the gamers may be dire. Lots of gamers use the same credentials in multiple games and platforms. While they may not have a lot in stake in Farmville, they may have accounts worth tens or hundreds of dollars in Fortnite.

Since the era of free-to-play games and in-game transactions, the value of personal gamer accounts have increased significantly.

Game developers employ a multitude of different strategies to monetize the so-called free games and store the value in user accounts.

For example, Overwatch has a progression bar system for loot boxes, which means users anticipate the next drop. Each loot box contains something called “weapon skin.” The game then allows you to sell your weapon skin for the in-game currency. The in-game currency gives you access to the more premium loot boxes (Superior and Enhanced Battlepacks) which have a higher chance of containing premium weapon skins. You’re taught to keep trying to get the premium loot boxes, eventually making you take out your credit card.

Another popular title Candy Crush makes people buy extra moves. Once you run out of moves, you’ve technically lost, but there’s a popup that tells you that you can use one Lollypop to get three extra turns.

There are plenty of other examples based on the mystery boxes, wait-time-reducers, skill boosters etc. In short there’s a whole economy going on in the games. And to facilitate that economy, a lot of in-game currencies have been developed.

Here are just a few examples of in-game currencies based on RUSI’s research.

Gamers are working hard to earn the in-game currency whether to advance in the game, or actually monetize the rewards in player exchanges.

The gaming accounts may store more value than the average teenager bank account. And yet, we wave off the issue of gaming security as a child’s play.

Luckily, more and more game developers are now turning their heads and improving the security. Most common approach is to introduce two-factor authentication (2FA) mechanisms for enhanced account protection, either using Authy, Google Authenticator or custom-developed one-time access code generators.

While improving the security, the typical 2FA has its own downside, something that the game developers may fear even more than security breaches. It’s called friction. Users do not want complicated authentication mechanisms, they hate those 6-digits one-time codes they have to manually type into the login screens. The drop-off rates of the potential gamers may be a more serious problem for the game developers than the potential exposure of the account stealing.

When we at Agrello started to look at the gaming industry, it was immediately clear to us that we need to develop a solution somewhere in between — maintain the benefits of 2FA while trying to reduce the friction as much as possible.

Our technology is based on the cryptographic protection of a person’s digital identity that enables private-public key pair based digital signatures to authorise the transactions or issue digital signatures. In order to decrypt your private key stored in your mobile phone, you need to know the personal PIN-code. Once a private key is decrypted, it can be used to prove the identity and authorise the transaction. It is a widely known concept that is the basis of E-Estonia’s national digital identity.

For the gaming industry we take it one step further in usability. While you still can use personal PIN-codes, we also offer the user an option to authenticate herself using either fingerprint reading, or face recognition, if the device supports that. So — to sign in, all you need to do is open the .ID app and read the fingerprint or let the phone scan your face. No more 6-digit codes to type in.

To sum up, one-way or another, the gamers deserve better security. Some, if not most, have more value in their gaming accounts than in their bank accounts. It’s not a game anymore, it’s a serious business, real money.

Btw, check out our Game.ID site and participate in the survey.

Jarmo Tuisk
Head of Business and Product Development

What we gained from Slush event as a startup company

What we gained from SLUSH event as a startup

Any tech startup probably knows about Slush event. And there’s a reason why, of course! On of the biggest tech events out there. This November we were very excited to take part in it ourselves in beautiful city Helsinki. Two days most certainly over exceeded our expectations. It was definitely more that we bargained for and worth every penny. We were grateful to have an opportunity to have our own demo booth to introduce the awesome .ID application we’re currently working on. And the curiosity and interest towards our solution by other startups and investors was overwhelming.

Our goal was to spread the word about the .ID application we are working on at the moment. The digital identity for authentication and digital signing. Not just country based but legally binding world wide. And we got really good feedback, which was very good motivational boost for our team.

There are a lot of reasons we decided to participate Slush this year and there’s no doubt we will do it again next time.

First of all, you have to be impressed by the size of it. There are over 25 000 participants worldwide, which makes it it huge. This is the source of visibility any startup needs. Other startups, investors, a lot of journalists, they are all on the hunt of breaking news and the “next thing”.

Secondly, the agenda and list of speakers was awesome. Over 20 different topics on over 30 different industries. How much does it cover. It’s just impossible to have it all, but still, you are able to pick your favourites. And what was most admirable, most of the presenters participated in a discussion, rather than dull one-man show. The dialogue with co-presenter was often much more intriguing.

Thirdly, Slush is mostly focused on the collaborating and gaining ideas. More than 2000 key investors searching for the next breakout startup. This is the event where you get feedback from regular attendees, super experienced investors and other entrepreneurs about your own ideas or product. And that’s the main value of that event.

The theme of the event was really cool as well. Dark space with neon light effects and design elements. It felt like you’re in some night club, rather than conference. And must say, it somehow lighted up some spark and on the other hand loosened people up to be more easier communicative to each other. Enjoyed every minute of it!

Agrello .ID for user authentication and digitally signing documents

User authentication and digitally signing documents are now way more advanced

We are very proud to announce that with many months of recent developments we have some huge updates to our product.