Square Enix introduces two-factor authentication in online games for the first time in Japan

4 minute read


Business Objectives

Business Objective
  • Prevent fraud access and damage caused by hacking online games
The Problem
  • It was the first case to introduce OTP in the domestic game industry
  • Solution had to be cost-effective with favorable battery life and price
The Results
  • Overwhelming decrease of fraud damages and reduced customer service expenses
  • Improved security awareness among gamers and the online game industry

Square Enix Co., Ltd. implemented OneSpan’s Digipass® GO6 for the first time in the gaming industry in Japan to prevent fraud in online games. As a result, online gamers have changed their awareness of security significantly.

Serious Fraud Access Damage in Online Games

Square Enix is the famous Japanese entertainment company with numerous fans not only in Japan, but all over the world. Their business focuses mainly on consumer game software, such as the “Dragon Quest” and “Final Fantasy” series. April 2018 marks the 10-year date since Square Enix introduced OneSpan’s (formerly VASCO Data Security) two-factor authentication solution to its own MMORPG (massively multiplayer online role-playing game). In April 2009, they introduced hardware security tokens, and in March 2013, they introduced software tokens for smartphones. Today, it is used for over one million logins per a day.

Back then, Square Enix experienced hacking through fraudulent account access. “Affected users needed to be supported on an individual basis, and it took much longer time and cost much more than imagined,” said Mr. Kenji Ishiwata, senior manager of online business promotion.

In 2007, as a measure to prevent fraudulent access and takeovers of online game accounts, they began considering the introduction of two-factor authentication. Although Square Enix was already using a one-time password (OTP) token from another company, the battery life and price to distribute to customers was not cost-effective. So, they decided to explore hardware authenticators from several vendors, including OneSpan.

Serious Fraud Access Damage in Online Games

Cost-effective Hardware Authenticators and Scalable Authentication Server

Mr. Ishiwata had several requirements for a hardware authenticator, but two were must-haves. “I was looking for an authenticator that could be used for a long time and was cost effective. Our users will have to rely on these devices every time they log in.”

OneSpan’s Digipass GO6 has a battery life of seven years, making it a cost-effective choice for the gaming company. In addition, Square Enix liked the idea of being able to fully customize the hardware design. Beyond the standard Square Enix logo designed token, they also produced tokens featuring Square Enix’s cast of iconic game characters. Such a unique design received favorable responses from their users.

From the technical point of view, Mr. Osawa, senior manager of Information Systems Department explained, “As we have to use existing systems, we needed to incorporate the authentication server as a library in the system.”

The company was planning to introduce software authentication from the beginning, but it was also attractive to be able to do so with minimal repair and investment in the future. OneSpan Authentication Server Framework incorporated the authentication server function into the existing system.

“Although it took time, because we were the first company to incorporate an authentication server into online games, we knew we could release it safely,” Mr. Osawa said.

In addition to preventing fraud by asking for user ID, password, and OTP when logging in to their library of about 100 online gaming services, OTP input is also essential for the “Square Enix Account” management system, so that it can be utilized for the protection of personal information.

Contribution for Improving Security Awareness in Japan’s Online Gaming Industry

After the launch of the hardware authenticators, Mr. Ishiwata said, “The account hacking has been overwhelmingly diminished by using OTP, and we were able to reduce the burden of support and cost to the suffered users.”

Furthermore, he revealed that there was another very important result. In its tenth year now, OTP is used by several hundred thousand gamers using their services. However, since it was the first to be introduced in Japan in the online game industry at that time, the result was far from certain. It was unclear whether OTP would be accepted in the Japanese entertainment industry.

The result was very encouraging. “User awareness of fraud access has changed significantly. In user communities, it became natural to use an OTP as a means of self-defense. The customers have an understanding that it is common and their responsibility to prevent their account from being hacked by using the OTP.”

It seems that the OTP has become commonplace, not only in our customers but also in the entire online game industry in Japan. “Building the user’s awareness is a great achievement,” said Ishiwata.

In 2013, they introduced software authentication free of charge to provide the same level of account security and improve customer experience. In this way, having changed the user’s security awareness in the B2C market is very significant. Since 2013, software authentication has been used in the Japanese financial market as well and has made big contributions to preventing fraud remittances—a major problem at the time.

About Square Enix Co., Ltd.

Square Enix Co., Ltd. is a leading company that continues to create hit products offering creative and innovative entertainment content and services. Our masterpiece products of group IP are the “Dragon Quest” series (more than 76 million cumulative shipping and download sales), “Final Fantasy” series (over 142 million), the “Tomb Raider” series (over 67 million), and “Space Invaders” series. (