Dramatic changes are in store for the online gambling industry which will no doubt impact their fraud management teams. New operators are cropping up even as existing operators consolidate. This, along with strong market growth and new operating geographies (including the recently opened up online sports betting market in the United States), significantly increases the competitive pressure on gambling operators. We’re in a situation where every new player counts and every new VIP player is crucial to the success of the business.
Players habits are also significantly shifting. As players move from playing on a desktop computer to a mobile device, there is less tolerance for friction caused by security and fraud prevention measures. Players are also now playing on multiple devices (phone, tablet, laptop, desktop) and expect a consistent experience across all devices.
Techniques employed by fraudsters also continue to evolve and are growing increasingly complex. Fraud activities are no longer limited to just using stolen credit cards or other kinds of payment fraud. Advanced computer tools and techniques are being utilized by fraudsters worldwide. Detecting and preventing their efforts now requires sophisticated technologies like machine learning and artificial intelligence.
Finally, changes to online data privacy regulations in the UK and European Union are the largest in a generation and potentially could impact your security and fraud prevention activities by limiting the type of data that you can collect about your players.
What is the impact of these trends? They are creating an environment where the fraud management team can no longer work in relative isolation while focused on fraud-only activities like reducing chargebacks and other types of targeted fraud. Instead, by working closely and coordinating with marketing, sales, product/business owner, and data security teams, the fraud prevention team can make a broader impact on the business such as improved user experience, increased player account security, and revenue growth.
Changing Habits of Players
Gambling on the go from mobile devices is on the rise. According to Online Gambling Quarterly, 61% of gambling operators’ revenue comes via mobile devices. Furthermore, 72% of betting stakes are from mobile devices. There are several important implications here.
At iovation, we also are seeing this move towards mobile device.
First, mobile players demand convenience and ease of use. Having to login each time by typing the traditional username/password is often unacceptable to these users. Even with password managers, the extra seconds needed to lookup/copy/paste a username and password is often enough of a hindrance that a player will switch to a different game that is easier to use yet incorporates more advanced protections like biometric identification.
Second, mobile players are not using only their mobile phones for these games. They are also using devices such as their tablet, work laptop, or home computer. Having a consistent user experience across these different platforms is vital to the overall user experience.
Why does this matter to fraud prevention specialists? The most obvious impact is that fraud prevention technologies used by the operator must not only support multiple playing platforms, but must be able to track fraud committed across all platforms. Tracking fraud across multiple devices is difficult without proper device-fingerprinting fraud prevention technology. These tools allow for devices to be identified and then later recognized regardless of which user is actually using the device.
Growing Fraudster Sophistication
Even though fraudsters and criminals continue to utilize payment fraud resulting in expensive chargebacks as well as increased credit card processing expenses, they also utilize a number of other fraud practices.
Fraudsters perpetrate a wide range of fraud and in-game social abuses including credit card fraud, fraudulent deposits, chargebacks, cheating and collusion, chip dumping, promotion and bonus abuse, email spam, money laundering and account takeover. Despite gambling sites’ efforts to detect suspicious players, Internet-savvy criminals have learned how to mask their true identity by changing account information to circumvent conventional methods of fraud detection such as IP address and geo-location validation, third-party credit verification, and other tools that monitor and analyze player activities such as winning percentage, hands played, and who they’ve won and lost to.
As fraudsters routinely change identities, many online gambling sites are being abused by the same people over and over again without even knowing. Unfortunately, for online casinos that lack the ability to identify fraudulent computers, even if a fraudulent account is detected and shut down, there’s nothing to prevent the fraudsters from immediately creating a new account under another identity.
As fraudsters continue to hide behind the Internet’s built-in anonymity, identity and financially-based fraud management systems alone are not sufficient in catching sophisticated fraud and abuse. The inability to identify fraudsters sitting alongside legitimate players at a virtual poker table underscores the growing need for online casinos to deploy more effective solutions that look at information independent of what data is supplied by users.
In order to effectively combat identity theft, online gambling sites must move beyond relying almost
solely on personal information for fraud analysis. As identity-based fraud management systems
continue to crunch the same identity data in a variety of ways, an entirely different technique, one
that looks at information independent of what is provided by the user, creates significant value and
uplift in the fight against fraud.
A device fingerprinting fraud prevention solution focuses on the device—not the person—to identify and re-identify a user. This kind of device-centric solution provides online gambling/gaming sites with unique insight into account creation and relationships and exposes fraud that is invisible to other tools.
This type of solution has the added advantage in that it minimizes, and often eliminates, the need for storing and processing personal information which is a hot topic currently in the UK and European Union.
Better User Experience
Most fraud and risk departments are considered cost centers with little influence to increase revenue. If anything, sales and marketing groups may occasionally get frustrated with the often conservative approach of a fraud team when it comes to rejecting new players obtained from a marketing campaign because of risk concerns.
However, the fraud team has a wealth of data at their disposal that is beneficial for improving user experience (of interest to the sales and marketing teams), but also useful to the business data security team to improve player account security.
Frictionless, Flexible, and Secure Login
As mentioned earlier, as more players utilize on the go mobile devices their tolerance for repeatedly entering usernames/passwords is significantly reduced. From a user experience perspective, it is important to get players into the game and playing as quickly as possible, while not jeopardizing the security of their accounts. Furthermore, as these same players move from one device platform to another, they have an expectation that ease of login on one platform should be available on all.
A device fingerprinting solution can help improve this aspect of user experience. When a specific device is paired with a user account, and then is reliably and accurately recognized as the same device in the future, traditional username/password login procedures can be safely skipped as long as there are no device risk indicators (information that a fraud prevention tool can provide) present.
Further enhancements to the user experience can occur by incorporating flexible and configurable multifactor authentication technology. This gives every player the ability to determine how much security they want to incorporate for activities such as logging in, playing a game, etc. These additional security factors could include things such as PINs, biometrics sensors, or even the presence of a trusted bluetooth device.
Identifying VIP Players
One of the best ways to differentiate user experience from the competition is to offer them rewards, incentives, and promotions. However, fraudsters are aware of this and often abuse these types of programs. Device fingerprinting coupled with sophisticated machine learning capabilities allows one to predict (refer to Figure 3) the trustworthiness or risk for any online transaction just by comparing device characteristics to billions of other past transactions that have similar characteristics. With this information, you have the ability to offer lucrative incentives to trustworthy VIPs and limit the incentives for suspected fraudsters.
Fraud prevention teams should no longer be siloed in their efforts. Nor should they be considered just a cost center focused on minimizing fraud losses. When using technologies such as device fingerprinting, the fraud prevention group possesses data and technologies that can help the organization achieve business objectives such as growing market share and revenue, increasing player retention and new player acquisition, and even improving player account security.