Child playing Fortnite on Nintendo Switch. Photo: Jason Doiy/ALM

Criminals are hoping to use video game platforms to score more than just points. By using ill-gotten gains to purchase in-game currency that can then be exchanged for real cash, bad actors have found a way to launder money that is difficult for both gaming providers and the authorities to track.

Fortunately for the companies behind those platforms, the chances that they could be held liable for such illicit activity is slim, even if privacy laws are inadvertently boosting their ability to potentially identify unsavory user behavior.

Christopher Ballod, a partner at Lewis Brisbois Bisgaard & Smith, spent an earlier part of his career drafting the anti-money laundering policies that video game companies insert into their terms of service. Those user agreements, coupled with a willingness to shut down accounts when reports of illicit activity are brought to their attention, typically provide sufficient legal protection.

"The can't control everything. That's not possible. So if they've taken those reasonable steps, they've limited their liability through terms of service. There's not a whole lot of cause of action against them," Ballod said.

Even actions brought under the Children's Online Privacy Protection Act (COPPA)—which was created to protect the privacy of children under age 13 and has generated some new concerns for gaming companies—are unlikely.

For starters, most platforms establish age limits for setting up accounts. If systems do permit users that would be covered under COPPA, those players are typically making use of a parent's credit card when making in-game financial transactions.

"If the parent has consented by providing a credit card, you don't have a COPPA violation," Ballod said.

Edward McAndrew, a partner at DLA Piper, agreed that it would be difficult for video game companies to be held liable for money laundering taking place on their platforms—unless, of course, such activity became so rampant and well-known that they could be accused of willfully ignoring or aiding and abetting those practices.

But even that argument would be tough to make given how difficult it is for video game companies to positively identify money laundering taking place. For starters, McAndrew indicated that platforms wouldn't have access to the necessary financial records outside of the gaming system.

"They wouldn't see the money flow, essentially," he said.  

There are some tell-tale signs, however, such as a user that only puts money into a platform wallet for other accounts to draw from without downloading a single game. But even then, looks can be deceiving.

Ballod gave the hypothetical example of someone using a gaming platform to send money to a family member living overseas. "Believe it or not, I've seen legitimate uses for virtual currency like that."

Still, if gaming platforms are looking for similar bread crumbs to follow on the trail of money launderers, the work they are doing to comply with the forthcoming California Consumer Privacy Act (CCPA) could pay unexpected dividends.

McAndrew pointed to CCPA mainstays such as the right to be forgotten or a provision granting consumers the ability to request a copy of all the information an organizations has collected about them as factors that will likely force video game platforms to engage in some fairly serious data mapping.

"As a result they will likely have very rich granular data that might be relevant to this question of misuse of the platform for money laundering purposes," he said.

As for any kind of federal or state crackdown on the way that virtual currency is deployed or monitored by video game platforms, that could be a long way off—if ever.

Ballod thinks that regulators have bigger fish to fry in the meantime. "Bitcoin is keeping everybody so busy so busy, this might be lower down on their radar," he said.