Gambling Insider caught up with Iovation Product Marketing Manager Angie White for a detailed analysis on how gaming companies can combat these pressing issues.
How detrimental are bonus abuse, game abuse and player cheating to operators?
I would say bonus abuse is definitely a very large problem for operators. It continues to be the number one type of reported fraud in our Gambling Industry Report. For the last three years, it’s been the number one type of reported fraud or abuse seen by operators. That’s where you see fraudsters coming in to set up new accounts, taking advantage of the bonuses offered. They also take advantage of bonuses offered to VIP accounts.
It has a big impact on revenue because fraudsters can play with the bonus money and cash out their winnings. But it also has a big impact on the business because operators can’t grow their accounts or VIP players because they are having to worry about bonus abuse. It’s really important to be able to identify those fraudulent accounts where it is abuse, so you can streamline that good activity.
What methods do companies have in place to stop these and are they strong enough?
That’s a great question. One of the key things we’re seeing our customers use is machine learning. Through that, you can predict the likelihood an account will become fraudulent. It helps a lot in being able to sort out which new accounts might eventually become fraudulent. You might want to put them through more checks and scrutiny. Accounts with lower risks can be set up with fewer obstacles.
The Gambling Industry Report showed a significant rise in credit card fraud. Is crypto-currency a viable solution to this problem, as blockchain technology is said to eliminate chargebacks?
It’s interesting. Yes, it will probably help bring down credit card fraud. But crypto-currency comes with a lot of its own vulnerabilities. For example, the private key getting uncovered; we’ve seen a lot of news articles about major breaches for crypto-currency. So the main thing there, whether it’s credit cards or crypto-currency, is looking at how you are securing that payment, no matter what is. Adding strong multi-factor customer authentication, such as the PSD2 mandate coming out in Europe, is something that needs to be adopted more widely, especially if it’s a larger deposit.
How big is the issue of selling VIP accounts for money-laundering purposes and what can realistically be done by operators to combat this?
We’ve only heard about it anecdotally, talking to our customers about an emerging threat they’re seeing. But I would say it’s a humongous concern. Those VIP accounts are the bread and butter for a lot of operators; they are the most profitable and are critical for the business.
It’s critical for two reasons as they need to stop money laundering and, two, because they want to secure those VIP accounts and keep it as an important part of their business. It goes back to what we talked about before: putting in those more-robust checks, providing a higher level of security for those accounts.
Would it be fair to say operators should rely on VIP accounts less to combat this problem?
To me, I don’t feel like you should shift your business model in response to a fraud threat. Whatever your business model is, if you want to rely on VIP accounts or have a smaller, more-diversified pool of players, it’s important to identify and stop fraud but not alter your approach.
Does the industry have many effective solutions against bots used to distract operators from fraudulent activity?
It is like one of those dramatic movie plotlines, where the bot is attacking the main site to distract from a different type of crime. It’s really about having layered defences. Bot attacks are not necessarily new but have got more sophisticated, being used in more creative ways. You need to look at the other layers of security you can put in place.
Iovation’s report confirmed there are currently a number of issues surrounding self-exclusion. Do operators do enough to genuinely stop self-excluded players from accessing accounts?
When you talk about player self-exclusion, it’s a tricky area. There are players who genuinely have a problem with gambling addiction. They need to be helped to stay out of the game. But then you also have fraudsters who use player self-exclusion to abuse the system. We interviewed one of our customers, who told us players would come in, use a fraudulent credit card, set up an account, cash out and then immediately self exclude before the chargeback could hit.
It’s tricky, because you have to manage responsible gaming but you have fraudsters using the same system to abuse and commit fraud. I think the best thing is if you identify self-excluded players by the device. By being able to do that with a device, it’s much harder for someone to set up a new account or credit card. You can then see that device is associated with a certain account which is self-excluded. We had 223,000 reports of self-exclusion in 2018. Those reports were associated with 795,000 devices.
That means, for every one of those reports, there were three to four devices associated. That could be a laptop, mobile phone or tablet. Those same reports were associated with 965,000 accounts. So it’s really important to make those linkages. How are people trying to work around the system through different accounts, devices and credit cards? It’s really important to manage.
The ability to collaborate, with operators sharing self-exclusion reports, can also help them proactively keep self-excluded players out of the game.