November 13, 2018
Fraud Prevention and the Evolving Threats to Online Gambling
Posted October 5, 2017
Fraud prevention in online gambling is quickly becoming a roll of the dice as cybercriminals come to the table with all-new tricks up their sleeves.
Recently, fraudsters spread fake news using automated bots to pull off a betting scam involving odds-making in professional soccer.
Meanwhile, popular gambling site 888 was hit with $7 million in fines over allegations that one customer was somehow allowed to make 850,000 bets worth $1.3 million using money stolen from their employer.
Clearly, pressures are mounting on a number of fronts.
Hitting the Jackpot
Despite still being illegal in many countries and most of the United States, online gambling has succeeded in gaining serious traction in many parts of the world.
Still, gambling has always been a lucrative target for money launderers and other criminals. And now, online operators are discovering that the rapidly growing digital economy behind their meteoric growth may be stacking the cards in favor of fraudsters.
According to the latest quarterly cybercrime report from ThreatMetrix, gambling sites have been seeing dramatic and sustained spikes in bot attacks this year. Indeed, bots make up as much as half of all daily traffic during key attack peaks.
One reason for this spike is that, like most online entertainment companies, gambling operators are transitioning to premium models that enable customers to save credit card numbers and other identity information to their accounts—creating irresistible opportunities for cyberthieves.
Using bots, fraudsters and organized crime rings hack into existing accounts or create new ones using massive amounts of stolen identity credentials harvested from data breaches and the dark web. According to ThreatMetrix data, 2.1 percent of all account logins are now fraudulent in this industry, as are 4.6 percent of new account creations and 3.5 percent of all payments.
This is no small matter, and it’s not going away. A successful attack enables thieves to misuse or sell bonus and promotional codes, resulting in as much as $82.5 billion in losses per year. They can also place fraudulent bets and wagers, and steal card-on-file details to make larger purchases elsewhere.
Once burned, customers tend to move on to other venues, sparking a battle for loyalty in this booming market. But fighting back is proving difficult.
Making Bets in a Burning House
Today, operators are under increased pressure to comply with regional regulations designed to encourage responsible gambling.
This is, in part, what led to that large fine against 888. UK regulators accused the site of allowing more than 7,000 people who had voluntarily banned themselves from gambling to still access their accounts.
Meanwhile, external threats continue to grow. This year, online gamblers are seeing a rise in mobile engagement and real-time betting via new apps. While considered more secure than other options, the popularity of this channel has fraudsters increasingly training their sights there.
Nonetheless, operators aren’t about to let the chips fall where they may.
Turning the Tables on Fraudsters
As fraud goes mobile, global and increasingly organized, a growing number of online gaming and gambling operators are turning to dynamic digital identity-based smart authentication to ward off cybercriminals.
Instead of relying solely on static login credentials, digital identity-based systems link anonymized, shared global intelligence on users, their devices, behaviors, credentials, locations and transactions to confirm a user is really who they claim to be, and score the risk associated with that identity.
So far, operators that have deployed these solutions report dramatic reductions in bonus abuse, saving them hundreds of thousands of dollars.
By being able to accurately recognize users and block fraud, these organizations say they’re also able to detect problem gamblers and self-excluders, providing conclusive evidence of compliance in up to 100 percent of regulatory disputes.
Still, is dynamic digital identity really an ace in the hole against cybercrime?
With global revenue from this sector projected to reach as much as $1 trillion by 2021, operators are hoping it, at least, helps them hedge their bets.