question

> 1) How secure is IAP system offered by Playfab?

To be clear, what we provide is a commerce service - catalogs/stores, player inventory and virtual currency, etc. PlayFab is not a payment provider - we integrate with payment providers, so that you can drive your in-game economy the way you need to. In terms of the real-money payment integrations we have,

• Receipt validation and console entitlement checks are done by verifying the validity of the receipts/entitlement using the standards defined by the payment providers, with additional checks in our service to prevent abuse. So for example, iOS receipts are checked with Apple to confirm they're real, but then we also check that they've never previously been used for the title, and that they're for items that are actually in the game's catalog.
• Non-receipt/entitlement payments (like Steam) are verified with the payment provider directly. For these, the payment provider owns the relationship with the player and verifies the payment has completed before notifying our service.

> 2) How does it work? specifically in terms of preventing IAP fraud.

If by "fraud" you mean preventing things like modified receipts/tokens and replay/substitution attacks, please see above. The integration with each payment provider is unique, and incorporates both their best practices as well as any additional checks we deem necessary. This prevents all the common methods used by hacker tools to "cheat" game IAP systems.

If you mean fraud in the more real-world sense - stolen credit cards, etc. - that's something you'd need to ask the payment provider, as that's controlled at their level.

> 3) How to to start with In app purchase system offered by Playfab? any document would be fab.

Non-Receipt Payment Processing - PlayFab | Microsoft Docs

Show Me the Money: Receipt Validation for iOS and Android (playfab.com)

> 4) What is the general cost (estimate of cost) if for 10k players using these 3 features( login, rewarded videos, IAP) where the conversion rate of iap is 2%.

For a game with 10K players using only those three features, I would generally expect (assuming the game is reasonably optimized) it to stay within the included meters of the Standard tier. But that said, this is dependent upon the specifics of your title's behavior. PlayFab is entirely consumption-based, in terms of billing - we only charge for actual usage, and we charge based on what that usage costs us (CPU, storage, ingress, egress, etc.). Does the game use virtual currency? Is there a "grind" currency? There's a pretty wide range of possible behaviors here:

Low usage: The title keeps the player's Session Ticket across sessions, only renewing it when it expires (it's good for 24 hours). There's no VC in the game, so the only inventory operations are when the player makes a purchase or watches an ad. The average game session is 15 minutes, and ads are offered at the end of a session. The average across all players is 5 sessions per day, playing 4 days a week. So, you're looking at well under 100 calls per player per month, on average.

Higher usage: The title logs the player in each time (no saving of Session Ticket). The game has VC, and a grind currency. There are 1,000 items in the in-game catalog that are mostly used to provide bonuses to gameplay. The average game session is 2 minutes, and unskippable ads are played before each session. The average across all players is 10 sessions per day, playing 4 days a week. Players are rewarded VC for every ad and again based on their score at the end of the session. The average player uses 1 power-up per game session.

You can put together an estimate for your costs using our pricing info (Pricing (playfab.com)) and the meter docs (Pricing Meters - PlayFab | Microsoft Docs). An easy way to start is to make the calls you believe will occur in a single player session (and you could just use Postman to do this) and then check the daily CSV from your Billing Summary page, to see the specifics of the metered usage for those calls.