Rising security challenges in online gaming

2020 has seen unprecedented challenges in almost every industry, as Covid-19 virtually shut down or closed many businesses for extended periods. Stay-at-home around the world led to people spending more time at home and, not surprisingly, some turned to igaming. As effects of the pandemic are expected to linger well into 2021, many may continue to lean on gaming and esports sites as a welcome distraction. As such, online wagering and gaming operators need to be more vigilant than ever going into the new year, as fraudsters will continue to try and take advantage of the increased traffic.

As we continue to explore the pandemic’s impact on igaming, we see three areas of focus that will be critical to igaming operators in 2021:

Account takeovers

Account takeovers are one of the most common types of fraud facing online wagering operators. A fraudster illicitly gets a player’s account credentials on the black market, logs in to their account, and starts withdrawing money, using loyalty points, etc. Not only does this impact the players, it significantly impacts the operators’ reputations. If valid customers don’t feel the company can keep their accounts secure, they are likely to take their business elsewhere. Online gaming companies need to have systems in place that detect anomalous behavior in real-time to prevent account takeover attacks. Operators need to closely monitor account log-ins and customer profile changes, such as email address or phone number, for watch-outs – are these activities synchronous with typical or atypical activities? Would this customer typically come from a device located overseas when their home address is Iowa? By looking at the details behind each transaction, operators can understand the true picture and determine if they need to potentially block this user from logging in or placing a bet.

Chargebacks

Chargebacks are an unfortunately growing scenario in which a valid player loses a big bet on a game and then denies they made the bet. Often referred to as friendly fraud or even buyers remorse, the user disputes the charge and either claims their card was stolen or that someone else accessed their account and made the bet. They want the charge back.  It’s a surprisingly common tactic and a frustrating problem for gaming operators. It is important to allow valid users to make their bets and to keep the fraudsters out. However, it can be difficult to foresee a friendly fraud chargeback since the actual user is making the bet, and little to no standard alarms may trigger in that scenario. But there are warning signs that, when noticed, can help prevent this type of fraud. For example, looking at previous transactions can be helpful. Is this bet consistent with previous behavior? Is the time of the bet or time on the site consistent or is the user making bets off-hours? These are a few of the items operators can look at to help reduce the risk of such chargebacks.

Promotion abuse

Competition is fierce among gaming sites. And with possibly increased traffic during the pandemic, many companies are looking to bring new users to their site versus the competition. A way to do this is to offer promotions for new customers. For example, a major igaming organization offers $100 free credit when a new player makes a first-time deposit. It is a great way to bring in new business. Unfortunately, such incentives can also attract fraudsters. A fraudster can recognize there is a deal and create hundreds or even thousands of accounts to get the free fund deposited to their fake accounts. It is critical to find the right balance between security and ease of use. Organizations want and need to make it easy for a new customer to start placing their bets and to receive their free credits. But at the same time, these organizations need to be on the lookout for criminals looking to exploit the offers. By looking at the number of accounts created by a single device, for example, organizations can start to recognize abnormal behavior and block these fake accounts from being opened.

Best way to solve the issue: utilize device intelligence technology

The need to analyze the device used in all transactions is a critical piece of the fraud detection and prevention puzzle. Using a device intelligence solution is one of the best ways to ensure the person on the other end of the transaction is who they say they are. It is so important for operators to have the ability to see, for example, where the mobile device or laptop is located (looking beyond IP address), and automatically compare that with the history on the account.  If the account suddenly is being accessed from a laptop from another country, there may be an issue.  Or, are multiple games being played simultaneously from one account?  While this is common in online tournaments, it may also indicate collusion. Device intelligence can help tell whether a player is chip dumping, whether they are a ‘bot’, if AI systems are being used, and more. The use of device intelligence is very helpful and we recommend more operators take advantage of it.

These are basic, foundational security issues that every online wagering and igaming site should have in place. If they do, they can fully recognize the potential of increased traffic without opening themselves to unnecessary risks.

Dave Champion is global head of online gaming at Accertify, Inc., an American Express company. After graduating from University in South Africa, Champion moved to London to join the investment banking sector. Following 10 years abroad, he returned to his native South Africa, assuming a role with Microgaming. In 2012, Champion moved to Sydney, Australia to take up an opportunity that led to heading up sales at Accertify and helping merchants to fight online fraud.