Reinventing Account Security
Online Gaming in China, Part 2 from ChinaJoy 2008
The Online Gaming in China Article Series:
Account security products such as the Blizzard Authenticator may be new to gamers in the United States, but in China, more complex versions of the same technology have been considered an absolute necessity for online gaming for years.
Bill Pang, Director of Business Development for NetEase (one of China’s largest and most successful online game developer/publishers and web portal company, the largest provider of free email accounts and online photo storage in China and one of the first Chinese online companies to ever be listed on the NASDAQ) spoke with Ten Ton Hammer about the background and some of the prerequisites of account security in China.
To understand the special attention given to account security in China, it’s essential to understand that computer gaming in this region essentially skipped the predominantly single player period that we in the United States experienced in the early to mid-nineties. This was primarily due to the sheer expense of PC and games ownership relative to the Chinese economy at the time. Demand was just as voracious as in any country of the world that has had a taste of gaming through cultural vehicles like arcades and television, and rampant piracy and other background problems made the Chinese market a Western publisher’s no man’s land.
Still, the Chinese huddled into a growing number of Internet cafes, eager for entertainment and especially games. “In the beginning we tried to license games like Ultima Online and EverQuest, but were refused,” Bill said. “At that time, nobody in the States realized the potential of the market in China.” and from 2001 NetEase started to develop its own games and launched flagship products Westward Journey II in 2002 and its 2.5D sequel Fantasy Westward Journey in 2004. Fantasy Westward Journey is in many ways China’s EverQuest and it remains China’s leader in terms of peak concurrent users. Along the way, NetEase has learned a few lessons about account security.
“It’s a tougher environment here, there are many more hackers in China, and identity theft is a constant concern,” Bill offered. “People don’t feel safe to use their debit or credit card in the Internet cafes, where you don’t know if there's a Trojan programs in the computer you're using.”
This insecurity has less to do with the formidable SSL encryption that ensures the data reaches the right destination unobserved. Keyloggers and other highly localized threats in public Internet cafes, as well as more traditional methods of thieving (such as simply observing a credit card or credit card number) have in some part led the overwhelming majority of Chinese gamers (over 90%) to spurn credit cards for online transactions.
To facilitate online purchases in the absence of direct access to credit or bank accounts, more than 90% of Chinese and southeast Asian gamers purchase prepaid cards at their local Internet cafe or convenience store. Bill explained that in addition to the scratch cards, gamers can choose to buy a password matrix card, which has a grid on the back side of the card and a unique combination of numbers. You can bind one one of these cards to your account and configure the login system to ask you for the information randomly chosen from some of the cells every time, thereby adding an additional layer of security to your account.
Next, since accounts are grouped by publisher rather than by game, the gamer must open another potential security hole by logging in on a public computer to refill his or her points. It's a system much like SOE's Station Pass or Station Launcher, except that the points you buy and apply to the account can be used to play any of the publisher's games.
Bill then drew out a device a little larger than a USB jump drive. “It’s a digital key - it’s used by online banks such as HSBC,” Bill explains. “If the username and account have been exposed to a trojan program, this password is always changing. We’ve been using it for a couple years and it is pretty robust. We call it a General’s Token. Each key has a unique sequence... you bind the serial number to your account, and each minute the server knows exactly what the changing password should be.”
If the General's Token is stolen, the thief must still know your username and password, and if the key is lost, the gamer can restore his or her access simply by buying a new token and binding a new serial number to the account.
While relatively new or unknown to the North American and European markets, NetEase’s digital token and password matrix cards have been protecting gamers’ accounts for years. Its adaptation and adoption is only the first of many innovations rooted in the East that will benefit gamers in the West as well, and allow for a safer, more secure, and more enjoyable online gaming experience.
To read the latest guides, news, and features you can visit our EverQuest Game Page.