Part I
Fraud in the iGaming Industry: the imperative role of identity verification
As online platforms proliferate, fraudsters are leveraging users’ identities in new ways to take advantage. But, organizations can also use customer identities to better fight fraud. In this two-part post, we look at the dynamic identity landscape and how it’s shaping the iGaming industry’s evolution.
In 2022 two headlines underscored the challenges of a burgeoning iGaming industry. First, ESPN reported that criminals used legitimate identity details to create fraudulent accounts on online poker apps, withdrawing up to $10,000 (about €8,900) in unauthorized transactions.[1] Later, the sports betting and daily fantasy sports site, DraftKings, reported that credential stuffers breached customers’ accounts by repeatedly trying credentials those same customers already used for other services.[2] The two stories represent just a small portion of industry fraud worth north of $1 billion (about €900,000).[3]
The two stories about fraudulent accounts and credential stuffing illustrate how stronger identity verification practices can mitigate some of these major risks.
Identity’s role in fraud fighting is evolving
Fraud in the iGaming industry is clearly an escalating concern, affecting the integrity and profitability of this rapidly growing sector. iGaming — any form of online wagering, including sportsbooks, poker, eSports and fantasy sports — is a nearly $65 billion (€50 billion) market globally that is expected to reach $117 billion (€108 billion) by 2025 as platforms for different online games and betting blossom.[4]
The role identity has played through the growth of iGaming in recent years has evolved drastically. From simply ensuring users are of age, to battling payment fraud, money laundering and account-takeovers, the landscape in which iGaming operators must utilise identity to mitigate risk is constantly developing.
Fraud and money laundering represent largest risks to the online gaming industry
Signing up for an iGaming account requires that customers reveal certain personally identifiable information (PII) to the service provider. Repeatedly signing in requires that customers remember and input login credentials. Because many of these new platforms are competing for customers, they leave identity verification at typical password and username pairs, hoping that quick access means more paying account holders. New operators, however, are leveraging customer identity in a more thoughtful way to combat risks, such as fraud.
Simple online login processes coupled with cybercriminal actively targeting system weaknesses create scenarios where iGaming operators are exposed to compromised accounts. The industry must also contend with the risk of money laundering and collusion. Identity is central to combating these problems.
Download Mitek's new iGaming eBook to learn more
Modern identity verification practices are about who the customer is, not what they know
In the ESPN story, hackers set up fraudulent accounts using personal information from real-life poker players. One player’s information was used to create a fraudulent account and deposit $10,000 (€8,900) from his bank account, then quickly withdraw the funds to the criminal’s own accounts. This example of account takeover (ATO) shows how fraudsters can buy, hack or otherwise obtain login credentials and use legitimate identity information to achieve their aims. The DraftKings example demonstrates identity theft, wherein criminals steal identity information like login credentials to gain access to or open new accounts.
Had either platform required more stringent identity verification methods, these cautionary tales may have been avoided. To tackle these risks, iGaming operators must implement robust identity verification processes. These measures not only comply with relevant regulatory requirements — which depend on the location of the player and the landscape of the jurisdiction — to ensure legality and protect customer interests, but they also improve the customer experience and ensure legitimate gameplay.
Stronger identity verification begins at onboarding, when vendors can ask customers submit pictures of government-issued IDs and corroborated with bank statements or utilities bills to confirm residences. Enrolling customers in onboarding this way verifies identities and ages and that each customer is who they say they are.
From there, operators can use that information to verify customers at future login attempts. Leveraging intelligent platforms allows operators to establish risk-tolerance thresholds that trigger alerts. These thresholds may include when customers place a high-value bet, suddenly increase their bet volume or withdraw large amounts of funds to a financial services account.
When the criminal used the poker player’s actual PII to deposit and then withdraw funds, the platform may have instead asked for some form of biometric identity verification, such as a selfie. If the poker player had onboarded with a photo ID, the verification system could have matched his selfie with the ID on file to prevent the fraudster from gaining access to his account.
The same is true of the DraftKings fraud case. If DraftKings asked the fraudster to verify his identity through biometric identification or other passwordless login method, it would have been very difficult for them to log into the customer’s account and withdraw funds.
To bolster these efforts, collaboration and data sharing among iGaming operators are paramount. By sharing information on known fraudsters and banned players, the industry can collectively combat fraud. Collaborations with regulatory bodies and law enforcement agencies can also enhance fraud-prevention efforts.
Part II
Stronger identity verification practices have many benefits for iGaming operators
iGaming operators can lean on identity to enhance their operations and mitigate risks. Strengthening their verification practices can also yield additional benefits. However, more modern identity verification methods may cause users to abandon the onboarding process. Our survey found that, on average, 30% of customers drop out of the onboarding process during the proof-of-ID stage; while 27% drop out of the proof-of-address stage; and, 35% drop out when asked for proof of funds. Some drop out is inevitable and likely helps prevent fraudulent actors signing up to begin with.
But, operators need to keep the rest of customers who aren’t criminals but otherwise drop out of the enrolling process. Implementing platforms that facilitate the proof-of-funds process by educating customers on why it is necessary can reduce dropouts. Automated AML checks at payout can swiftly guide the user to provide an image of their payment card to help prevent account takeover and money laundering at pay out, further improving the customer journey.
Implementing rigorous identity verification processes benefits iGaming operators in many ways, including:
- Strengthening customer trust and loyalty, as players can game with confidence knowing they're on a secure platform
- Ensuring regulatory compliance, safeguarding operators from potential legal challenges
- Reducing financial losses from fraud, improving the operator's bottom line in the process
- Improving payout speed
- Limiting bot accounts
iGaming operators can also evaluate platforms that include with key UI & UX considerations, such as dynamic customer prompts, device language detection, reminder messages, white label customization, logic steps to reduce friction and customized journeys, which all help to maximize the success of customer account opening processes.
Implementing intelligent identity verification practices such as these enhance operators’ reputation and brand image, making it more attractive to both new and existing players.
Better identity verification is a boon to iGamers everywhere
In the realm of online gaming and gambling, identity verification serves multiple crucial roles. First and foremost, it ensures that players are who they claim to be, reducing the risk of fraudulent activity. It plays a critical role in preventing underage gambling, a major regulatory requirement. Moreover, identity verification helps to detect and prevent the creation of multiple accounts, a tactic often used by fraudsters to exploit sign-up bonuses or skew gaming outcomes. Both the online poker platform and DraftKings would likely have been able to avoid their respective fraud cases by implementing stricter identity verification practices.
Yet, given the persistent and evolving nature of fraud and fraud-enabling tools, the iGaming industry must continually refine and enhance its identity verification processes. Emerging technologies such as decentralized identity solutions hold promise in this regard and are poised to further transform identity verification.
The challenge is substantial, but by adopting robust identity verification measures, operators can turn the tide against fraudsters and safeguard their platforms, ensuring a secure, trusted, and enjoyable gaming experience for all users. In doing so, they not only protect their business but also contribute to a safer, more secure and more transparent iGaming industry.
Interested in seeing how Mitek helps iGaming operators keep fraudsters at bay and customers coming back?
[1] https://www.espn.com/chalk/story/_/id/35056813/poker-pros-victims-creation-fraudulent-sports-betting-accounts
[2] https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/
[3] https://venturebeat.com/gaming-business/mobile-game-and-app-markers-are-exposed-to-5-4b-in-fraud-appsflyer/
[4] https://www.grandviewresearch.com/industry-analysis/online-gambling-market