In the UK alone, revenue for online gambling was estimated at more than £11 billion.2 Those are staggering numbers. They are even more eye-opening considering that many countries significantly restrict online gambling, and other countries ban it outright.
The lucrative opportunities from igaming make for high competition among gambling operators who rely on free bets and spins, bonuses, tokens, and other promotions to attract new customers and reward and retain loyal players. These incentives also attract fraudsters intent on exploiting the promotions for malicious gain rather than normal gameplay.
Bonus abuse is a thorny and pervasive problem that siphons millions of dollars in lost revenue from operators’ coffers. Approximately 15% of operators’ annual revenue is lost to bonus abuse fraud.3 In fact, igaming is considered the highest risk sector for fraud attempts in the UK.4
Online gaming and gambling operators in highly regulated gaming markets such as the UK and Europe must meet stringent requirements for due diligence to comply with national and international regulations and anti-money laundering (AML) laws. That means vetting players in line with know your customer (KYC) requirements, understanding the source of funds, and monitoring transactions for unusual activity.
Bonus abuse occurs when an organisation’s online identity verification and authentication protocols fall short and fail to detect signals that are indicative of fraud. Bad actors are adept at finding and exploiting vulnerabilities. Keeping up with their evolving tactics is a significant challenge.
One of the ways fraudsters game the system is by using stolen or synthetic identities to open multiple accounts and claim bonuses in each. Synthetic identities are created by piecing together both real and phony personally identifiable information (PII), making them particularly vexing to identify. Generative AI (GenAI) is another growing threat as it enables fraudsters to create deepfakes so realistic that they are increasingly difficult for identity verification systems to detect.
Fraudsters also conceal their location through VPNs, TOR browsers and other proxies that mask their true IP addresses. This makes it appear as if multiple new customers are signing up for bonuses from different locations. The use of multiple devices and email addresses is another way fraudsters disguise their digital tracks. Another igaming fraud tactic is collusion – working in tandem with other players or criminal rings to exchange stolen details, match bets and cash in on affiliate ‘family and friends’ offers. Money-laundering gangs gravitate to high-roller bonuses that encourage large deposits as a way to “clean” dirty money.
Regardless of the tactic used to gain access, once a fraudster gets in, the cycle of abuse begins. The fraudster deposits the requisite funds into an online casino or sports betting account and receives the advertised bonus. As soon as the playthrough requirements for the promotion are met, the fraudster withdraws the money, only to repeat the process again and again using new credentials.
Closing the door on bonus abuse starts with blocking fraudsters from creating new accounts. A layered approach built on digital identity, location, and behavioural intelligence provides a holistic view of the customer that helps mitigate the risk of fraud while delivering a safe player experience for trusted users.
Advanced identification and verification technologies look at PII, email address, location of an email domain, and other elements to highlight anomalies that are indicative of fraud. An IP address in the UK and an email domain in Russia, for example, are the type of mismatch that would raise a red flag.
Data linking and device analysis technology provide additional insight for peeling back the cloak of bad actors by revealing multiple uses of the same hardware and software combination with different identities. A device associated with multiple emails globally is a strong indicator of fraud, particularly if the account name appears with high frequency.
User behaviour, such as how fast someone moves through the process, offers yet another layer of intelligence for assessing risk. Players that sign up, collect the bonus and then cash out quickly are more likely to be fraudsters or bots than legitimate players. Behavioural biometrics assesses keystrokes, mouse movements, and other behaviours that are unique to each user. It is highly effective at detecting anomalous human behaviour as well as non-human threats such as bot attacks, session hijacking and remote access trojans.
Although new account opening is a key entry point for fraudsters, it is not the only point of vulnerability. Accurate risk assessment from onboarding and log in to deposits and withdrawals is crucial for reducing operational risk across the customer lifecycle and ensuring a safe and seamless experience for legitimate players.
Risk assessment starts with information. And when it comes to fighting igaming fraud, there is no such thing as too much information. By leveraging real-time insights from digital, physical, device, and behavioural data points, you can gain a 360-dgree view of a player’s digital identity. Being able to quickly assess who to trust and who to block without impacting legitimate players is crucial to the success of your igaming business.
LexisNexis® Risk Solutions combines risk intelligence from our global network of digital identities and email addresses, with advanced verification and authentication tools. This multilevel approach delivers a proven solution to identify suspicious betting patterns, bots, high-risk payments, collusive fraud, and other signs of bonus abuse.
Click here for more information on how to combat bonus abuse.
Transform human interactions into actionable intelligence.
Learn MoreUnleash the power of global shared intelligence with the Digital Identity Network.
Learn MoreIdentity management platform for verifying and authenticating an individual’s identity.
Learn MoreEnable cybersecurity and risk management through data science innovation and shared intelligence.
Learn More