Credit card thieves attack OpenSim grids

Credit card thieves have figured out a way to steal money from OpenSim grid owners.

They take the credit cards, and use them to purchase virtual currency from the grids. Then they turn around and redeem the currency for cash before the card holder notices the theft and complains. The credit card company reverses the transaction and now the grid is out the full amount — plus the time spent dealing with the issue.

Any grid that issues its own virtual currency and allows it to be redeemed is potentially vulnerable. Second Life, for example, to combat against this kind of fraud, has a security API in place for third-parties that trade its currency, such as outside currency exchanges, as well as internal controls.

One grid hit recently is InWorldz, OpenSim’s most popular commercial social grid.

To combat this menace, the grid has put controls in place about how much currency new residents can buy, and halted outbound transfers via third parties.

Bellissima Square on Bella region of InWorldz is just one of many shopping destinations on OpenSim’s most popular grid.

“The non transfer out of InWorldz is a temporary blockade,” InWorldz LLC partner Beth Reischl (also known as Elenia Llewellyn in-world) told Hypergrid Business. “We have already scheduled a timeframe to work our ATM providers and allow established residents a method of transferring.”

More information about this is available on the InWorldz forums discussion on this topic.

The blockade has most affected merchants using the third-party InBiz platform to transfer money to their Second Life accounts at a lower rate than available through official InWorldz channels.

“At this point, I have reluctantly cashed out via the InWorldz cash out,” said texture merchant Rosie Sampang (also known as Adaarye Shikami in-world). “We don’t like doing that as we make more by transferring via InBiz and cashing out via Second Life when we cash out there, but under the circumstances, we want our money out of InWorldz any way possible.”

Sampang and her partner Tony Durose (also known as Toni Friller in-world) run the Panther 3D shop, and have been in the texture business in Second Life for years. They closed down their Second Life shop a few months ago, due to the high cost of having a presence on the grid, and now sell in Second Life through the marketplace.

The partners have also tried doing business in Avination.

“We were in Avination briefly but found it to be very inactive and basically, we lost money there,” she told Hypergrid Business.

OpenSim grids are significantly smaller than Second Life, and offer even fewer opportunities for creators to show a profit.

“We don’t make much money,” said Sampang.

Any increase in costs, or worries about being able to redeem currency can cause merchants to withdraw from OpenSim grids or avoid them in the first place.

“I don’t think we are the only ones affected,” Sampang added.

Crooks not targeting in-world retailers

One thing that merchants don’t need to worry about, however, is the thieves buying virtual goods — and leaving the merchants hanging when the payment is reversed due to fraud.

“This does not happen,” said Reischl. “Someone who steals a credit card number are not here to buy furniture, textures, sculpts for in the grid. They are using it for one reason and one reason alone.”

Typically, she said, these are international crooks, using stolen American cards, working out Internet cafes and wireless hotspots, almost impossible for the authorities to track. Their accounts are banned the minute the fraud is identified — so there’s not much point for them to buy any virtual goods. They wouldn’t be around to enjoy them, anyway.

But if it does happen?

“If by some chance they do, we would not force our merchants to take that hit,” said Reischl. “Our goal is always to make sure that our business decisions do not negatively impact our merchants for the long term.”

Currency alternatives

Smaller grids may be better off not issuing their own currencies at all, Reischl said.

Some grids, for example, use the OMC currency from Virwox, one of the largest Linden dollar exchanges in Europe. The exchange reports that it traded $5.9 billion in Linden dollars — the equivalent of  17 million Euros or US $23 million — so they know their way around money. The OMC currency is currently in use on over 30 grids.

Other options include PayPal and PayPal Micropayments.

“Especially when dealing with sensitive information such as financial information and being small staffed as so many virtual worlds are, it may be a better option for some of them,” she said. “Otherwise, take it one step at a time. It took InWorldz well over a year to provide what we have, and while we’d like to make it more robust, I can say that only having two methods for money removal in our world has taught us quite a few things we will use when looking at other options now for our residents.”

She said the grid is willing to share its experience with other grid owners.

“If there’s a grid owner who wants to talk to us privately about what pitfalls await them and how to avoid them, we’re always open to hearing from them,” she said. “This can only serve the greater good of the virtual world community, as I don’t think any grid wants to be known for being lax on these types of issues.”

For example, as a result of measures that InWorldz has already put in place, less than 1 percent of attempted fraudulent currency buys actually went through, Reischl said.

“Not every grid owner can devote that kind of time to a single issue when dealing with the other myriad issues that come with running a grid, so having someone who’s been down that path to talk to, can be immeasurable in terms of help,” she said.

Meanwhile, since this problem isn’t limited to any particular grid, Reischl said she hopes that grid owners can work together.

“I hope, in the future, as more grids start to bring in their own currency methods and allow cashing out, that we can see some symbiosis between grid owners to put an end to these criminal activities,” she said.

Maria Korolov

Maria Korolov is a science fiction writer who covers cybersecurity, AI and extended reality as a tech journalist at her day job.
Check out her author page on Amazon or follow her on Twitter, Facebook, or LinkedIn. Her first virtual world novella, Krim Times, made the Amazon best-seller list in its category. Her second novella, The Lost King of Krim, is out now.