Edit

Share via

Fraud prevention, redemption, receipt validation

  • Article

Important

Economy v2 is now Generally Available. For support and feedback, go to the PlayFab Forum.

The heart of any game economy is allowing players to purchase game items, currencies, and more with virtual currencies or Real Word (RW) money.

Fraud Vectors

Spoofing, proxies, and request duplication

Request techniques that are used to make it appear as if a player is making a purchase from a different location than they actually are. Players spoofing their IP address, using a proxy, or duplicating a request are common scenarios.

You can use Idempotent Transactions to combat these fraud vectors.

Unverified Store API calls

Unverified Store API calls are calls that are made to the Store API without a valid receipt. These calls can be made by spoofing the receipt or by duplicating a request.

Receipt Validation is a feature that can be used to combat this fraud vector.

Post-redemption refunds

A player can make a purchase, redeem the purchase, and then request a refund from the store.

You can check for refunds with PlayFab's Refund process.

Piracy, cracking, and authentication bypasses

Piracy is the act of copying and distributing software without the permission of the copyright holder. Cracking is the act of modifying software to remove or bypass its copy protection. Authentication bypasses are techniques that are used to avoid account registration and sign-in.

You can convert a pirate player to a paying customer via Anti-Piracy techniques.

Idempotent transactions

PlayFab Economy v2 transactions are idempotent, meaning they can be retried any number of times, and if the transaction has already been completed, the transaction will be ignored. When a player attempts to make a purchase and the request is duplicated, the player won't be charged twice.

It's important to note that while most transactions require an IdempotencyId to ensure idempotency, redeem APIs function slightly differently. Redeem APIs are also idempotent but don't require an IdempotencyId. They'll only grant a marketplace offer once. If you make a redeem request with the same marketplace receipt from a previously successful request, PlayFab won't grant anything on the second call.

Learn more about Idempotency in our Inventory Overview.

Receipt validation

Economy v2 supports the following add-on API endpoints:

Refunds

  • Check for refunds
    • To find the player based on the refund, do a search on the items_redeemed event and locate the receipt ID.

Tip

Keep a local copy of older events beyond the limit of your Insights retention period.

You can use Insights to detect and prevent this fraud vector.

Anti-piracy

Techniques to combat piracy and convert pirates to paying customers:

  • Correct regional pricing for all items and editions: Overpriced items or subscriptions are a common reason for piracy. See which markets the Microsoft Store supports.
  • Ability to play on as many platforms supported by each marketplace as possible: Not providing a port to a popular platform can cause users to create unofficial ports. Providing a way to add official paid licenses to unofficial game clients can increase revenue and limit piracy.
  • Use PlayFab Anonymous sign-in methods with the ability to register for more features: PlayFab supports authenticating without a PlayFab account, and then linking registering later. Many players resist registering for an account, but will be willing to play anonymously. Anonymous sign-in is a good way to get players to try your game, and then convert them to paying customers later.
  • Incentivize online account registration & linking: Features that work best with an online account, such as cloud saves, leaderboards, and cross-platform play, can be used to incentivize players to register for an account.
  • Provide a purchase path for pirates: Even if a player is using an unofficial game client, provide them with a link to the official store page, so they can purchase a license for the game. Some players are unaware they're using a pirated copy.
  • Use PlayFab player segmentation to separate "low-trust" player pools: PlayFab supports player segmentation, which can be used to separate players into "high-trust" and "low-trust" pools. Trust segments are used to limit access to features that are more likely to be abused by pirates. Some examples of such features are cross-platform play, cloud saves, and leaderboards.