Online gaming had very little complexity when it started. By the early 1990s, you could play online poker games through Internet Relay Chat (IRC) technology. Even popular online cardrooms, crowded with Texas Holdem enthusiasts, were browser-based. The need and concerns over player privacy and data security came much later.

Gaming today means downloading a gaming app, creating a confidential account, carrying out KYC, transferring funds and withdrawing the same. All this calls for security and privacy. Add the cutting-edge technology that is getting embedded in gaming, like non-fungible tokens, virtual assets, blockchain, crypto wallet, Metaverse and so on - safety in online gaming is now paramount.

Why Data Privacy and Security Are Important for Gamers

There are plenty of reasons why gaming platforms take data security and player privacy so seriously. The first and immediate threat is, of course, data breach. Hackers prey upon susceptible gaming platforms to gain access to gamers’ personal information.

Cybercriminals lace game updates and downloads with malware to gain unauthorised access to the system. In 2022, a malware was disguised as popular games like Minecraft and Roblox, affecting more than 232,000 users. They also use ransomware to encrypt vital data and demand payments for access restoration. In December last year, there was a ransomware attack on the makers of the Spiderman game, Insomniac Games.

These criminals also exploit weak and reused passwords to steal login information and access gamer accounts. Phishing is another common practice where deceptive messages are used to trick gamers into revealing sensitive information. 40% of all the security breaches in the gaming sector in 2023 were found to be phishing attacks.

As already mentioned, the susceptibility of the gaming platform gives rise to these possibilities. In some cases, like identity theft and phishing, a gamer’s alertness is also important. In either case, cyber security is the key.

Security Around Gaming - India and the World

In July 2022, the Indian government accused Battle Ground Mobile India (BGMI) of data malpractices. Compilation and mining of gamers’ personal data without consent saw BGMI getting banned in India.

In the USA, the federal government penalised Epic Games for a deliberate breach of minor gamers’ privacy. The use of deceptive interfaces and privacy-intrusive default settings cost them $245 million. The European Union has a strict framework that imposes clear user consent on gathering personal data.

In India, the Ministry of Electronics and Information Technology (MeitY) released guidelines in 2023 which required online gaming intermediaries to apply due diligence and KYC procedures for gamer registrations. It also tabled the draft Digital Personal Data Protection Bill, 2022. This addresses key safety concerns like cross-border data transfer, liability for personal data breaches and processing of minor data.

The draft bill imposes strict cyber security measures on online game platforms for the safeguarding of personal data. It must be noted that recognised and prominent platforms, like the poker game platform Pocket52, are following these measures anyway. These include measures like the appointment of a third-party data processor or consent manager to handle the consent framework.

The draft bill also introduced significant penalties on platforms with inadequate security measures, leading to data breaches. For game platforms, there is no alternative to a robust security infrastructure.

How Platforms Are Insulating Their Infrastructure

For gaming platforms, the need for player privacy and data security is not a mere compliance need. Breaches can result in reputational damage to the platform. Therefore, established Indian gaming platforms employ advanced encryption protocols. This ensures that all transactions and data exchanges are protected and secure. Fairness and vigilance are vital for real money game apps like Pocket52. Your game of Texas Holdem poker on Pocket52 is subject to complete randomness with a cryptographically secure Random Number Generator. The platform also employs a dedicated 24/7 team to detect and prevent unfair practices and identify data breaches.

The privacy policy of the leading Indian gaming platforms contains full disclosure of the data collection, usage and protection policies that are compliant with the prevailing laws. Users cannot register into any of these legitimate platforms without the KYC procedures.

Building Trust with Security

A report released earlier this year suggested that 66% of consumers do not trust a company that has faced a data breach. For 44% of consumers, a data breach is a sign of the company’s security failure. And they are not being unfair at all. The gaming industry is home to a lot of data, much of which is highly sensitive. This includes data that a registered gamer wouldn’t want out in the open, like personal information, credit card and bank details.

It is the rightful expectation of gamers that their personal and sensitive information must be adequately safeguarded by the gaming platforms. Leading platforms are doing so through industry best practices on data security and player privacy. Meanwhile, government regulations and compliances in India are gradually aligning with these industry best practices.