The growth of online gambling shotupduring the pandemic. However, thispromising spike for the industry has beena double-edged sword, as it coincided with a sharp increase in fraud targeting online gambling.
The iGaming sector is booming across in the states in which it is active(Connecticut, Delaware, Michigan, New Jersey, Pennsylvania and West Virginia), and legislatures across the country are preparing for more to follow. The American Gaming Associations and industry players all believe that online gaming is the next huge thing.
But with this influx of new customerscomes more concerted and ingenious schemes devised by onlinefraudsters to take advantage.
The statistics to back this are daunting:globally theyshow a 393% increase infraud attempts over 2020, with this figure amounting to a 261.9% spurt in the US. This rate came to 36 billion breaches of personal records across the industry.
Among the guises this activity assumesinclude the mimicry of real account holders as well as those who have engineered to withdraw winnings through what are known as synthetic identities, as well as the use ‘synthetic identities,’ in which the fraudster combines real identities with fake information to create an account and abuse the promotions that gambling operators are so fond of.
Exacerbating this problem is the issue of credential stuffing, a term that refers to the use of the same password on multiple accounts. Once one account’s password is obtained, the fraudster has access to a range of them. Of course, this is nearly as much the fault of the user as it is the criminal: according to one study, no fewerthan 71% of user accounts are boundtogether with the same password.
Finally, one of the biggest informationleaks in the business revolve around theoffering of bonuses, a technique thatgambling companies use to lure in new customers. In fact, about 45% of Tier 2operator revenue goes to these bonuses. Incidentally, they are easily exploited. Amongthe different methods you can deploy to exploit this system are emulators, virtual machines and residential IP addresses.
The risk is nothing if not real, andto combat it more sophisticatedtechniques for addressing fraud are required.Cybersecurity is at risk of falling behind the increasingly advanced methods of the ill-intentioned. One-step verification, the industry norm, simply no longer works.
To get a better idea of what can be done to counter thisefflorescence of fraud, Gaming America talked to JonathanWilson, Chief Risk and Compliance Officerat AU10TIX, an Israeli company thatspecializesin identity verification, one of the keybulwarks in the further prevention of fraud.
You mentioned identity fraud and theft are rising with the spread of legal gambling, both worldwide and in the US.
Please talk about some of the factors causing this increase. How much is due to there simply being more states legalizing gambling and how much is being driven by other reasons?
The increase in legal gambling is presenting bad actors with more opportunities tocommit fraud within gambling operatorsystems, as well as abuse operator systemsand games. The gambling and gaming platforms themselves are often targeted for illicit purposes and fraudsters don’t want to use their real identities for these activities.
If a fraudster has managed to take over a legitimate account and wants to withdrawwinnings, they may easily use the identity ofthe real account holder to perform the withdrawal.
A bad actor may also use a fake or synthetic identity – in which breadcrumbsof real identities are combined with fake information – to create an account toabuse a promotion that the operatoris running. Often, promotions provide monetary incentives in exchange forgameplay, and these are often abused to generate a large sum of money owed from these incentives without engaging in legitimate gameplay.
If the industry relies on one-step verification - what is that one step exactly? Tagging on to Question 2, what is “reverification” and how will it help slow down fraud?
One-step-verification often comes inthe form of platforms requiring players to provide identity verification atonboarding,for example providing a government-issued ID. This is a step in the right direction to preventing fraud, however, reverificationcan slow down fraud by requiring anindividual to reverify if their activity is deemed risky. Instead of relying entirely on a single onboarding check, companiescan execute identity checks periodicallyover the lifespan of the account whenthe level of risk is deemed appropriatefor reverification. Reverification can becompleted more than once depending on the activity performed by the individual,such as a suspicious amount of withdrawals.
You mentioned AU10TIX is working with 888, Aspire and Genesis. What are some of the biggest compliance hurdles these companies are facing as they expand into new states?
Obtaining the licensing necessary tooperate within each state is time-consuming and cumbersome. Each state operates its own licensing and compliance framework which can be challenging to navigate.Fortunately, the technical solutions existto comply with the state requirements,including the requirement to verify that the consumer is physically in the state when engaged in game play.
Is AU10TIX going to be involved in Canada as legalized sports betting goes online there? How many US states is the company in today?
AU10TIX may look to get involved in supporting gambling operators within Canada if the operators start to move there, however there are many factorsthat must be considered. In the United States, we arefollowing the spread of legal gamblingfrom up close and definitely eyeing anexpansion of our footprint here soon.