First of all, could you give us a ‘status report’ about the current online gambling environment? How concerned should players be about fraud? Is it a widespread threat?
Online gambling has experienced enormous growth thanks to digital platform improvements, stay-at-home orders, and loosening regulations. The United States in particular reached record highs with more Americans gambling in 2021 than ever before. Mobile sports betting was one of the main drivers as many states turned to online gaming to capture tax revenue and bolster budgets. New York is a clear example; mobile betting went live at the beginning of the year and immediately set records with more than $1.6B wagered by residents in January. Large states like California, Massachusetts and Florida are considering similar legislation and it’s a matter of time before they join the mobile betting market too.
All this growth, attention, and revenue has been great for the industry, but naturally it’s also attracted the attention of criminals. The challenge with measuring fraud is that you have to catch it to count it, but even with that limitation, TransUnion’s 2022 Global Digital Fraud Trends Report saw a 19.2% increase in suspected digital fraud targeting the gambling industry.
We expect attention from fraudsters to keep pace with the growth of online gambling, and it should be a major concern for both players and gaming companies. That’s supported by what we’ve seen in Europe, where online gambling has been legal for some time now and fraud has been a continuous issue. The silver lining is that the U.S. can benefit from Europe’s example and adopt the most effective compliance, risk, and regulation best practices for consumers and the industry.
What are the reasons behind the rising number of fraud crimes committed?
Fraud will always follow large amounts of money, but much of the recent uptick in fraud can be attributed to bonus abuse. The competition from operators for all these new mobile customers is fierce. To stand out, companies are offering thousands of dollars in deposit bonuses when players sign up. These lucrative bonus offers, and incentives have become table stakes in attracting players to online operators.
In the rush to acquire new players operators have opened themselves up to fraud. They are susceptible to things like arbitrage betting where players make opposite sides of the same bet on different platforms but capture the deposit bonuses from each company. There are also bad actors using synthetic identities to create multiple fake accounts to try and clean funds or capture bonuses.
Bonus abuse will continue to be widespread when there’s such an emphasis on offering enormous bonuses to try and draw new players onto platforms. Ultimately bonus abuse in the US is somewhat of a commercial decision for operators as they strive to balance player acquisition with bonus abuse. Even in Europe, where there are more mature markets and smaller deposit bonuses, this type of fraud continues. It’s up to operators to take steps to protect themselves and customers.
What type of information is at risk? How can they be used against players?
The primary concern of players should be account takeover fraud. Fraudsters are actively looking to gain access to account credentials and are using increasingly complex techniques to accomplish that. Everything from phishing scams to SIM swapping to capture one-time passcodes have been used to gain access to funds in betting accounts. Once they gain access, fraudsters will directly withdraw the funds to one of their own accounts or sell that information on the dark web to other bad actors who will do the same.
Players can protect themselves with robust info security practices. When it comes to online gambling, using a password manager is still effective, but other techniques like VPNs aren’t available to consumers since regulation requires geolocation. Ultimately, good cyber hygiene and being vigilant in monitoring your account will be enough to repel most fraud attempts.
What can game providers do against these attacks? Is it possible to protect players without impairing player experience?
There’s a lot that online operators can do to vet and identify potential fraudsters – there are near-countless customer authentication methods available – but the industry as a whole has largely prioritized the player experience due to the risk of player abandonment. Player abandonment is estimated to be near 70% in the online gambling space right now and it’s easy to imagine why. Most people sign up for a mobile betting account with a specific bet in mind, something that’s especially true for sports wagers. A prospective player sits down on the couch to watch the game, decides they would like to make a wager, but only has a limited amount of time before the game starts. If that person has authentication issues or is impeded in any way during the onboarding process, they’re very likely to abandon the attempt or find a more lenient operator.
I would surmise that operators in the US are more tolerant of having fewer authentication methods in place because player acquisition is the priority right now. That will inevitably change as the industry matures, so operators will have to find a balance between a smooth player experience and better fraud prevention practices.
How does TransUnion ensure safety? What makes the company stand out?
Many online operators believe they must choose between the player experience and fraud prevention – but our team at TransUnion knows that’s not the case. Our experiences in Europe show that you can offer a frictionless player journey and a robust prevention strategy that does give you the best of both worlds.
The key to that is intelligence. Our approach measures confidence levels across three different data categories for each player: who they are, where they are, and what devices they are using. You can quickly identify fraudulent activity from any misalignments in those data elements. For example, if an address doesn’t match with the geolocation or an identity doesn’t match to a device, our team can flag for operators that this account needs an extra layer of scrutiny or friction before allowing access.
This is possible through the industry consortiums we support and work with to share information on potential fraudsters. If a device is associated with healthcare, credit card, or synthetic identity fraud, our gambling operator partners know and can act accordingly if the same information or devices are used on their platforms.
Our teams cast the widest net possible to ensure that online operators don’t have to ask for additional information and can avoid increasing friction in the onboarding process and improve the chances of legitimate players going through the experience seamlessly.
My belief is that with a fully accurate summation of fraud in the gaming market in the US would dwarf the fraud that happens Europe. Operators haven’t been able to put procedures in place to adequately protect themselves during the race to bring on new players. This is temporary; operators will eventually incorporate more robust fraud prevention into the onboarding process as the emphasis on player acquisition is reduced with market maturity. But knowing when to do it, and understanding how to preserve your player journey and experiences, will allow operators to apply a “friction-right” approach where they can have the best of both worlds.