Understanding Post-Account-Opening Fraud in Gambling: Insights from Sift

In the dynamic world of online gambling, fraud is an ever-present challenge that evolves alongside technological advancements. FullCircl recently spoke with experts at Sift to delve into the complexities of fraud in gambling, with a focus on the critical period following account opening. From account takeovers to bonus abuse, the conversation shed light on the tactics fraudsters employ and the emerging trends that operators need to counteract.

Fraudulent behaviour in gambling often intensifies after account opening. What are the primary types of post-account-opening fraud that gambling operators face today, and what trends do you see emerging in these attacks?

The primary types of post-account-opening fraud that gambling operators face today include:

• Account Takeover (ATO): Compromised accounts are a significant issue in the online gambling industry. Fraudsters gain unauthorised access to user accounts, often using stolen credentials. They then change account details, such as passwords and contact information, link new deposit accounts, and engage in suspicious spending. Behavioural analytics can help identify these changes and alert operators to potential takeovers.

‍

• Bonus Abuse and Promotion Fraud: Fraudsters exploit promotional offers and bonuses by creating multiple accounts to maximise their gains. This type of fraud is prevalent as it allows bad actors to benefit from incentives meant for trusted users. Identifying and preventing this requires monitoring for patterns such as the use of a single device for multiple accounts or geolocation discrepancies.

‍

• ‍First-Party Fraud: Also known as friendly fraud, first-party fraud occurs when legitimate users deny transactions or bets they have placed, often to get refunds or avoid losses. Managing these cases involves careful analysis of transaction histories and user behaviour to distinguish between legitimate disputes and fraudulent claims.

‍

• Collusion and Syndicate Betting: Fraudsters collaborate to manipulate betting outcomes, often by placing bets on different accounts to cover all possible outcomes. Detecting these patterns requires sophisticated analysis of betting behaviours and connections between accounts.

‍

• AI-Driven Tactics: More fraudsters are experimenting with leveraging AI to refine their tactics, making it more challenging for traditional detection methods to detect abuse. The democratisation of fraud tools, such as those available on platforms like Telegram, has made it easier for even amateur fraudsters to engage in these activities.

To combat these evolving threats, gambling operators need to leverage advanced fraud prevention technologies that provide real-time monitoring, behavioural analytics, and comprehensive risk assessments. Working with industry experts and continuously updating fraud detection strategies are also crucial in staying ahead of these sophisticated attacks.

Account takeover is a major issue in the gambling industry. How can operators effectively identify and respond to suspicious behaviours without compromising the user experience for legitimate players?

One approach to solving account takeovers with accurate, low-friction processes is to lean on holistic passive datasets, including device intelligence, geolocation, and behavioural analytics. Each example dataset can be tracked during any point across a user session and provide valuable information to analyst teams.

A common process includes the following:

• Leverage device intelligence to consider a list of trusted devices and identify whether a new device is currently being used with the account.
• Geolocation might help identify that this suspicious activity is from a geolocation far away from the typical location(s) of trusted devices.
• Behavioural analytics has the potential to show analysts that the user changed account details, such as the password, contact information change, linking of new deposit accounts, and subsequent suspicious spending.

From a customer satisfaction perspective, user data patterns can be used to eliminate the need to apply additional friction to trusted customers. From a fraud prevention perspective, it becomes much easier to spot suspicious activity by monitoring account activity.

One, or several, passive datasets can be employed in any combination of ways. For the best results, it’s recommended to work with fraud experts not only to define solutions for the challenges of today, but to lay the groundwork required for your company to respond nimbly to future challenges.

With the rise of “bonus abuse” and “promotion fraud,” what strategies can gambling operators use to balance user acquisition through incentives while protecting themselves against exploitation?

The majority of users seeking to exploit promotion and bonus systems rely on multiple accounts to make it worth their while. Trusted players and non-abusers typically maintain a single account on a platform.

Identifying bad actors requires the use of data to determine suspicious activity:

• “First Seen” users can be an intimidating subset of accounts to evaluate due to the lack of information available. Typically, this results in the use of ‘rule-based’ processes, which are not informed enough to perform well, are hard to maintain, and fail even more as the platform scales. By partnering with a fraud prevention vendor, your platform can benefit from the use of network data, which provides insight into the performance of the users across the industry to effectively neutralise the idea of “first seen” users.
• Address information can serve to show platforms that a single address is used for a high number of accounts. This can also be applied to phone numbers.
• Email addresses are known to be manipulated by a single user to create numerous accounts. An example is J.DOE@XYZ.com being turned into JD.OE@XYZ.com. Systems will see that this is a new email address and allow for the user account to be created.
• Device fingerprinting is a highly-viable dataset to deploy. A single device linked to numerous accounts should raise flags for analyst teams.  
• Geolocation that’s far removed from registered addresses might help identify when a bad actor is operating with stolen information.

By employing these datasets, analyst teams are empowered to get the most insight, driving up accurate decisioning without forcing trusted players through additional friction.  

How do gambling operators manage “friendly fraud” cases, such as users denying transactions or bets they’ve placed, and what are the latest trends in managing these types of claims?

Gambling operators manage friendly fraud cases, such as users denying transactions or bets they’ve placed, by leveraging advanced fraud detection tools and strategies. These include analysing transaction histories and user behaviour to distinguish between genuine disputes and fraudulent claims. Operators often use behavioural analytics to identify patterns that indicate friendly fraud, such as frequent chargebacks or disputes from the same user. The latest trends in managing these types of claims involve the use of AI and machine learning to detect anomalies and predict potential fraud before it occurs. Additionally, operators may implement more stringent verification processes to ensure that transactions are legitimate.

Collusion and syndicate betting pose unique risks to gambling operators. What are some of the best ways to detect patterns of collusion between accounts, especially as fraudsters become more sophisticated in masking their activities?

To detect patterns of collusion between accounts, gambling operators use sophisticated analysis of betting behaviours and connections between accounts. This includes monitoring for unusual betting patterns, such as multiple accounts placing bets on all possible outcomes of an event. Operators also utilise advanced multi-account detection systems that analyse various signals, including account details, payment data, and device information, to uncover potential links between accounts. Real-time monitoring and AI-powered risk scoring are also employed to assess risk based on player behaviour and quickly identify suspicious activities.

As fraud techniques in gambling continue to become more complex, what are some effective ways for operators to account for regional differences in fraud patterns, payment methods, and regulatory requirements?

As fraud techniques in online gambling become more complex, operators account for regional differences in fraud patterns, payment methods, and regulatory requirements by customising their fraud prevention strategies to fit the specific needs of each region. This involves understanding the unique fraud trends and regulatory landscapes of different regions and adapting their detection methods accordingly. Operators may also work with local experts and leverage region-specific data to enhance their fraud prevention efforts.

What data signals or user behaviours are most predictive of post-account-opening fraud in the gambling industry, and how can operators prioritise these without creating false positives?

The most predictive data signals and user behaviours for post-account-opening fraud in the gambling industry include unusual payment behaviours, high-velocity transactions, and the use of multiple payment methods. Operators prioritise these signals by employing AI and machine learning models that can differentiate between legitimate high-value players and potential fraudsters. This helps minimise false positives while ensuring that genuine users are not subjected to unnecessary friction.

In the fast-paced environment of online gambling, how can operators detect and respond to fraud in real time, particularly when high-volume events and live betting add pressure to systems and teams?

Operators detect and respond to fraud in real time by using advanced fraud prevention technologies that provide real-time monitoring and behavioural analytics. These systems can quickly identify and flag suspicious activities, allowing operators to take immediate action. During high-volume events and live betting, operators rely on automated systems and AI-driven risk scoring to manage the increased pressure on their systems and teams.

How are gambling operators addressing the challenge of high-risk accounts with unusual spending or withdrawal patterns, and what measures can be taken to minimise financial loss while avoiding alienating genuine users?

Gambling operators address the challenge of high-risk accounts with unusual spending or withdrawal patterns by implementing measures such as enhanced verification processes and continuous monitoring of account activities. These include access from new devices or geolocations, changing of account contact information, changing of linked accounts (for deposit or withdrawals), and more.

They use AI and machine learning to identify and flag high-risk behaviours, allowing them to take proactive steps to minimise financial loss while avoiding alienating trusted players. Operators may also offer personalised support to high-value players to ensure a positive user experience.

Given the growing regulatory scrutiny in the gambling industry, what challenges do operators face in balancing regulatory compliance with fraud prevention, especially as anti-money laundering (AML) and KYC requirements become stricter?

Given the growing regulatory scrutiny in the gambling industry, operators face challenges in balancing regulatory compliance with fraud prevention. This includes adhering to strict anti-money laundering (AML) and Know Your Customer (KYC) requirements while maintaining effective fraud detection systems. Operators address these challenges by integrating compliance checks into their fraud prevention platforms and using AI-driven systems to ensure ongoing compliance with regulations. This approach helps operators meet regulatory requirements while protecting their platforms from fraud.

We sometimes hear of gambling operators “accepting the cost of fraud” – How does Sift support these operators to empower a more proactive approach to fraud prevention?

When fraud prevention providers initially carved out their own industry, it was reasonable to maintain that fraud was a cost of doing business. The risk of insulting trustworthy users outweighed the benefit of catching bad actors at a less-than-profitable level. This was due, in large part, to the stunted availability of actionable data and supporting technology. Times have changed. For 13 years, Sift has worked in tandem with some of the most notable platforms worldwide to build a robust network of data. This data supports the machine learning models we have worked with since our inception.

Sift empowers businesses with consistent innovation, new datasets, and advanced functionality, leading to accurate and timely decision-making. For teams aiming to transition from reactive to proactive fraud prevention, Sift offers three primary benefits:

• Clearbox Decisioning: No one knows your business better than you. Network models perform well, but have limitations. By empowering your team with data and technology, your platform can perform at its best. More businesses are seeking transparency and control with their processes and are looking to prepare for future AI/ML regulations.

‍

• Efficiency Solutions: Reduce manual review by leveraging simple (or robust) workflows. Trigger events from any point along your customer journey and build cases with more information.

‍

• Industry Expertise: Instead of waiting for the attacks to reach your front door, identify emerging industry trends proactively by working with Sift’s Trust and Safety Architects (TASAs) and build workflows proactively.

Explore how to prevent post-account opening fraud with Sift here.