The Dangers of Targeting Microtransactions to Minors

Microtransactions can be a great source of revenue for developers producing games for children. It’s not often that a child is packing a wallet full of cash to spend on games upfront, so creating free-to-play games with microtransactions as the main source of revenue is one path a game maker can take to recoup the costs of creation. 

However, there are more risks inherent in targeting games and monetization strategies towards minors. There’s plenty of science and data to back up the claim that children and teenagers are more likely to spend money on microtransactions because their prefrontal cortex, which guides decision-making, is not as developed as an adults’. COPPA, the Children Online Privacy Protection Act, was instituted in large part because of these differences between adults and children: to put it simply, children have different needs than adults when it comes to protection. Thus, care must be taken when a game’s target audience is mainly children and teenagers.  

Tuoro University has identified four major types of microtransactions in games:

  1. In-Game Currencies, such as V-Bucks in Fortnite that need to be bought with real money
  2. Random Chance Purchases, such as egg hatches in Pokemon Go that contain randomized mystery items 
  3. In-Game Items, such as recipe upgrades in Strawberry Shortcake Bake Shop
  4. Expiration, such as buying lives to keep playing Candy Crush

The problem comes in when companies collect the personal data of children to complete these microtransactions. This can trigger COPPA, which aims to protect children under the age of 13 from certain practices. COPPA requires that all game developers directing their games to children under age 13, or who knowingly collect personal information from children under 13 years old, must post up-to-date and accurate privacy policies as well as give notice and obtain parental consent for “personally identifiable information” collected in games. 

Personally identifiable information includes information such as name, address, email address, geo-location information, unique numerical identifiers, photos, or any other info that can be used and matched to a child. When collecting payment information for a microtransaction, some children may use their own debit cards, which contains an assortment of the info protected by COPPA. Violations of COPPA could result in fines of thousands of dollars, which makes it an issue game developers should be wary of.  

While the bulk of COPPA concerns may come from game companies collecting personal information to display third party advertisements to the players in what are known as ad networks, microtransactions are also a concern for game developers in the world of children’s privacy protection. Here are a few requirements that game companies that collect personal information from children must adhere to:

  1. Privacy policies must detail exactly who has access to the child’s personally identifiable information, and reasonable steps must be taken to release the child’s personal information only to companies that can keep it confidential and secure
  2. Parental consent must be obtained prior to the personal information collection, and notice must be provided to both parents and children
  3. Requirements for records or data retention and deletion of such data off the game’s servers must be adhered to

Microtransactions can be a solid source of revenue for games, but game developers must be extra careful when incorporating them into their revenue strategy for games targeting minors.