Fraud concerns for iGaming operators extend beyond just basic KYC and AML issues. Tamas Kadar, co-founder and CEO of SEON, a company that provides fraud prevention solutions for gaming companies and beyond.Ever since the Supreme Court of the United States overturned a federal ban on sports betting in 2018, the nation’s iGaming sector has witnessed phenomenal growth. Around that time, the American sports betting market was an unknown quantity. Fast forward only three years and revenues had hit more than $4 billion, with Morgan Stanley predicting this number will continue to rise, potentially eclipsing $7 billion by 2025. As of 2023, a total of 36 states in the US have legalized sports betting, with others, such as California now giving the idea serious consideration.This growth has helped to fuel the rise of businesses like FanDuel and DraftKings while also providing customers with new and exciting ways to engage with their favorite sports. However, this growth has also been beneficial for online criminals, who have been able to target online sports betting operators with concerted and effective fraud attempts. Now, as the sector looks to take the next step in its exciting growth journey, it’s essential that sports betting operators, as well as the broader iGaming sector, are implementing adequate countermeasures to protect themselves.
A growing threat
For the last few years, I’ve been working with iGaming businesses across the US and beyond, to help implement measures that meet these criteria. As such, I have a good idea of what effective anti-fraud solutions look like in this world, as well as the specific challenges that businesses in the space need to protect themselves from. Like anything online, fraud within iGaming is evolving at pace, but there are some general principles the sector can rely on to help it deal with the problems it faces, and to tackle the challenge of iGaming fraud as efficiently as possible.I want to examine some of these issues in finer detail, exploring the challenges that have come to the fore in the iGaming sector in recent times. Let’s start with bonus abuse, which is the process of signing up to a service multiple times using marketing offers normally intended just for new users. It’s an issue that affects multiple industries, but one that has really plagued sports betting, casino, and poker sites in recent years. It’s a difficult problem to tackle, especially with fraudsters increasingly using synthetic IDs to facilitate it.
Synthetic IDs pose a significant challenge
Potentially rivaling the growth of the iGaming sector in recent years has been the explosion of synthetic IDs across the internet. These IDs are a major problem, as they combine fake and real-person data together to form a new identity. Unfortunately, the real information used in these IDs is often stolen and used without the victim’s consent. Fraudsters mix this information with generated data to create new, synthetic, and totally fake identities, which they can use to open accounts, often bypassing basic know your customer (KYC) checks incredibly easily.According to the Federal US Reserve, the usage of synthetic IDs grew by 85-95% in 2019 alone. As mentioned, fraudsters are leveraging these documents to take advantage of promotional offers, and in doing so, engaging in bonus abuse. It might be simple, but it’s extremely damaging, especially as many iGaming providers have leveraged sizeable bonus offers in recent times to try and attract new users. In fact, we published a research paper last year, which highlighted that up to 15% of the online gaming industry’s gross revenue is currently being lost to bonus abuse.
More than money
Many of the same issues are also apparent in another pervasive form of fraud affecting the sector, which is referred to as self-exclusion fraud. This involves players who have self-excluded from a particular site or platform, but then use fake identities or proxy servers to continue playing. On the face of it, self-exclusion fraud is not as immediately costly for iGaming providers from a monetary perspective, but the damage it can cause to the individual gamer, as well as the reputational damage it can inflict on the industry as a whole is potentially far more significant.Given the inherent controversy of the iGaming sector, providers are required by regulators to ensure that individuals with problematic gaming habits can exclude themselves from sites. If these systems are easy to overcome, confidence in the sector could be undermined, which may lead to retaliation from regulators in response. Sadly, many of the KYC systems currently used by iGaming businesses are weak at identifying self-exclusion fraud and bonus abuse, as they are often unable to detect whether a single person has multiple accounts on a platform.
The future of fraud
Up until now, many iGaming businesses have relied on manual verification processes when accounts have flagged as potential fraud risks. Often, this has involved ringing a customer, or using a form of photo or video verification to ascertain whether an individual is who they say they are. Sadly, the rapid development of AI-technologies, such as deepfake video and audio is rendering many of these approaches ineffective. While these solutions are yet to be widely adopted by fraudsters, there’s little doubt they will soon be, so it’s important to be prepared.In preparing for this new dawn in fraud, iGaming operators would be advised to redouble efforts to improve existing KYC and identification verification checks, and to ensure robust anti-money laundering (AML) performance too. Of course, such provisions must be managed in line with the overall customer experience, and providers must be careful not to laden onboarding processes with undue friction, however it’s clear that more must now be done to tackle this pronounced and evolving issue. Thankfully, with the rise of new solutions built for this challenge, such as the one we provide at SEON, my bet is that iGaming operators will provide protection.
This year’s SBC Summit will premiere the Affiliate Leaders Awards, a new addition spotlighting standout contributions in the affiliate marketing industry.The Affiliate Leaders Awards...
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All", you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
ARRAffinity
session
ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite
session
This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
AWSALBCORS
7 days
This cookie is managed by Amazon Web Services and is used for load balancing.
botd-request-id
session
No description
cf_clearance
30 minutes
cf_clearance specifies the duration our website is accessible to a visitor that successfully completed a previous Captcha or JavaScript challenge
cli_user_preference
1 year
This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to store whether or not the user has given consent for cookie usage. It does not store any personal data.
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
This cookie is set by GDPR Cookie Consent plugin. It records the default button state of the corresponding category & the status of California Consumer Privacy Act (CCPA). It works only in coordination with the primary cookie, viewed_cookie_policy.
isChecked
4 hours
No description
matomo_sessid
14 days
A security cookie that prevents Cross-Site Request Forgery (CSRF) issues when using opt-out features. Contains no personal identification information.
mtm_consent_removed
30 years
Placed only when you choose to opt out of tracking. This cookie remembers your preference to not be tracked on future visits.
mtm_cookie_consent
30 years
Records your consent status for analytics tracking. This cookie remembers that you've given consent to the use of cookies.
PHPSESSID
session
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie
2 years
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie
2 years
LinkedIn sets this cookie to store performed actions on the website.
lang
session
LinkedIn sets this cookie to remember a user's language setting.
lidc
1 day
LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory
1 month
LinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
__utma
2 years
This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb
30 minutes
Google Analytics sets this cookie, to determine new sessions/visits. __utmb cookie is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmc
session
The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt
10 minutes
Google Analytics sets this cookie to inhibit request rate.
__utmz
6 months
Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the site.
AWSALB
7 days
AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__gads
1 year 24 days
The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_hjAbsoluteSessionInProgress
30 minutes
Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen
30 minutes
Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample
2 minutes
Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample
2 minutes
Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_pk_cvar
30 minutes
Stores custom variables about your visit to provide additional analytics data about how you interact with our site during your session.
_pk_hsr
30 minutes
Used exclusively for heatmap and session recording features to analyze how visitors interact with our website. It captures data about areas of the page you interact with.
_pk_id
13 months
Creates a unique identifier to recognize returning visitors. This cookie tracks visitor interactions on the site including page views, eCommerce activity, goal completions, and attribution across sessions.
_pk_ref
6 months
Stores information about how you arrived at our site, including referral source (search engine, social media, external website, or campaign URL) to help us understand our traffic sources.
_pk_ses
30 minutes
Links all actions performed during a browsing session (page views, downloads, events) to a single visit for accurate analytics measurement.
_pk_testcookie
end of session
A temporary technical cookie that checks if your browser supports cookies. It is automatically deleted when you close your browser.
_pk_uid
13 months
Enables cross-domain tracking to recognize the same visitor across multiple domains and subdomains of our website.
iutk
5 months 27 days
This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
MatomoAbTesting
No expiry
Ensures you consistently see the same version of webpages when A/B testing is in progress, maintaining your testing group across different browsing sessions.
vuid
2 years
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
__Host-GAPS
2 years
This cookie allows the website to identify a user and provide enhanced functionality and personalisation.
_fbp
3 months
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr
3 months
Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
test_cookie
15 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
Ever since the Supreme Court of the United States overturned a federal ban on sports betting in 2018, the nation’s iGaming sector has witnessed phenomenal growth. Around that time, the American sports betting market was an unknown quantity. Fast forward only three years and revenues had hit more than $4 billion, with Morgan Stanley predicting this number will continue to rise, potentially eclipsing $7 billion by 2025. As of 2023, a total of 36 states in the US have legalized sports betting, with others, such as California now giving the idea serious consideration.This growth has helped to fuel the rise of businesses like FanDuel and DraftKings while also providing customers with new and exciting ways to engage with their favorite sports. However, this growth has also been beneficial for online criminals, who have been able to target online sports betting operators with concerted and effective fraud attempts. Now, as the sector looks to take the next step in its exciting growth journey, it’s essential that sports betting operators, as well as the broader iGaming sector, are implementing adequate countermeasures to protect themselves.
