Posts Tagged ‘gamersafe’

  • The Flash Game Micro Transactions Debate

    I read this thread on the Mochi forums today where a portal owner was complaining about the forth-coming Mochi Coins system, and asking why were they not going to get a % cut from it. I.e. why should the developers get all the money. The post went something like this:

    I understand that a lot of developers and maybe even the Mochi gang believe that they don’t need the independent portals…. So if you are a publisher and think that we should also share in this new wealth please clearly state in this thread what you and your portals offer and contribute! Let these guys know what you have done for them lately!

    Now it’s easy for developers to read this and get incensed. After all the vast majority of the 30,000 or so Flash game portals out there do pretty much nothing to benefit the developer or their games. In fact I’d go so far as to say they don’t even care about the developer. The game was just another item that popped-up in their Mochi / FGD feed that day. And they do little beyond creating a shit quality thumbnail, or maybe a “we’ll totally screw the look of your game” full-screen button.

    Weed out this vast majority of shovel-ware portals and you are left with those that actually care about the games they feature. They have what I feel are some genuine issues. How is this going to effect proper commercial portals, the sort that actively fund game development via sponsorship, and that do treat the games and developers with the respect they deserve.

    There are several issues that spring to mind:

    No system is infallible – Where does the blame lay?

    Let’s face it, Mochi doesn’t exactly have the highest security track record going. Their Mochi API is so easily hacked that script-kiddie programs exist to automate this process. But I don’t limit this section to Mochi alone, it applies to all similar services (such as GamerSafe). All of these systems will have been developed with the best intentions, and by talented development teams. But I wonder did any real security audit ever take place of their code or systems? Having built online booking systems for major corporations in the past I’m all too familiar with the very real, and very complex sets of security measures that needed to be in place. And even if the server side of things is as secure as you can make it, the ActionScript side never can be. The SWF format is so easily hackable that nothing is safe. Up until now hackers have only really had highscore table defacement or competition entry rigging to motivate them. Introduce real money and suddenly you perk the interests of a far darker side of the hacking community. Yes the money in-game might be virtual, but it still translates to real money somewhere along the line.

    I’m not advocating that there will be a flurry of hacked bank accounts as a result of this. Because nearly all the Flash micro-payment systems I have seen use trusted 3rd parties to deal with the actual transactions. But as soon as real money turns into digital goods, all it takes is for the ownership of these to be hacked and things start to fall apart. How happy would you be if you logged in one day to find your GamerSafe balance had been wiped out? Or all those items you bought in the latest Mochi Coins game had suddenly vanished? You’d be pretty pissed. And who would you take it out on? Most likely the portal that delivered the game to you in the first place.

    If portals start receiving a barrage of emails from extremely angry site visitors who have had their virtual game items stolen, there is nothing they can do but explain that they are not responsible and to pass those people onto whoever is. Of course “pass the buck” isn’t very good customer service, and will leave a sour taste in the mouth of those involved. The damage this could cause to a portals reputation could be significant.

    I’m a Zend Certified PHP developer as my primary profession. I’ve been doing it for over 10 years, and right now if I was a portal owner I would be scared as hell. I would like to see professional code audit reports from all the major transaction vendors as a first step that they take the security of their systems as utmost priority.

    That still doesn’t address the issue of hacked games of course. We all know that it’s impossible to 100% secure a SWF. Once decompilation has taken place and fake requests / responses start getting fired I believe it’s only a matter of time before vulnerabilities are exploited.

    Will Micro Transactions Result in Reduced Spend on Sponsorships?

    Portals primarily sponsor games for two reasons: To draw people to their sites, and to keep people on their sites. The new games offer incentives for users to remain loyal, and serve as magnets to get them in the first place. Lots of portals spend a lot of money making this happen. They’ll sponsor a few “large” exclusives and lots of smaller games with custom logo / API work to make those games sit better on their sites. On the whole portals get a very good deal on the price they pay for games. But with the advertising market in the dire state it’s in right now a lot of them are no doubt seeing much smaller Google AdWords checks than they did a few years ago. In short I bet the smaller ones, or ones without alternative income streams (like skill gaming sites) are struggling.

    If they start seeing developers making income from the games as they exist on their web sites, as they going to want to offer even less money than they do already because of this? Are some of them even going to argue that in order to carry a Micro Payment enabled game then they won’t pay you anything because they will be making you money anyway? I can see why both of these arguments will occur.

    If We Can’t Control the Content, We Won’t Feature the Game

    When selling games lots of portals already have quite comprehensive “Your game cannot contain …” lists. Think about this: If most of them don’t even let you link your developer logo to your own web site, what hope in hell do you have of them allowing a complete payment system?

    One of the arguments is that they cannot control what you have linked to. During testing your logo may link to a perfectly nice developers site. But once live you could change it to the latest and it is their visitors who are affected. Or (possibly even worse to them) one of their loyal visitors may link out via your game to an even better portal, with cooler features, and move their daily gaming fix over there. Portals are extremely precious about their visitors, the market is fierce so I can appreciate why. A whole section of a game that links out to an external payment site, or sucks in game enhancements or awards that could feature anything, must be frightening to them. What if that “Rocket Launcher” item suddenly turned into a “Giant Spurting Penis” a few weeks later. It’s an inherent lack of control over the content that scares them.

    Paranoid in the extreme? Yes. A little short-sighted / stuck in the 1990s web mentality? Yes. Highly unlikely to happen? Yes! But not impossible. To portals who make money from their users the potential of a “scandal” like this could be a big issue.

    If the Micro Transaction System Dies, Our Content May Die!

    The whole GameJacket incident royally screwed over a lot of portals who carried their direct-linked content. If a portal sponsors a game with a transaction component which suddenly dies (servers go off-line, get hacked, company goes bust, etc.) then unless the developer was very careful about how that was implemented it could mean the entire game is crippled as a result. I think this is a very real problem. I know for certain that a couple of my games would literally stop working once the game ended should Mochi Leaderboards vanish overnight. I recognise this is bad practise on my part, but I’d place good money on the fact that I’m not alone. Transaction enabled games could very easily have similar issues. Perhaps less of an issue for portals who took your game from a Mochi feed for free, but definitely an issue for those who paid for it.

    Change is Coming Portal Owners … Evolve or Die

    So far I have done nothing but defend portal owners in this article. I’ve given nothing back to my fellow developers, who really want to try and make some money from these new systems. I drafted a whole section devoted to developers and then realised that I didn’t actually need it. Because the whole “issue” of Micro Transactions isn’t actually an issue at all. It’s something that is happening, and it isn’t going to stop.

    Right now we’re at the crest of the Micro Transaction wave. Some early adopters will wipe out, and others will find new and lucrative revenue streams open up to them. But what is absolutely certain is that this isn’t a flash in the pan. This isn’t going to go away. Some portals may put up a fight and not carry such enabled games, but as more and more games start to feature these kinds of benefits it will become the norm, not the exception. Once the really great games start doing it the portals will have to face-up to the fact that in order to carry the latest cutting-edge Flash games, they will have to adopt this new trend, or sink and die.

    This change is still new, but it’s happening and it’s only going to snowball and get more intense. The game developer / publisher relationship is symbiotic. One needs the other. Without the players that portals provide, the transactions will fall flat on their face. Without great games the portals will do the same. It’s time for portals to wake up and smell the coffee, because this is going to happen regardless. There are some very valid reasons why they should be apprehensive, and I can only hope that the transaction service providers deal with these issues comprehensively.

    I’m sure it means we’ll start having to broker new deals with portals. $1000 + 10% from in-game transactions for example. But this isn’t a bad thing, and I look forward to it. My next game will definitely be GamerSafe enabled (if they approve it) so I’ll be curious to see how it effects take-up rate from portals. I’ll be sure to report it here.