Do you think that a variety of Regtech tools can protect you against bonus abuse? Ozric Vondervelden, Greco’s co-founder, disagrees.
The allure of beating a house in the world of high stakes gambling is as old as the hills. Even with the most advanced tools for fraud detection, payment risk assessment, and verification, fraudsters still abuse bonuses, which costs billions.
Gambling has a bad reputation, which makes it easier for people to rationalize ethical violations. In answering “what is your job?” there’s always an element of intrigue around the cleverness with which fraudsters are able to outwit the gambling industry. The Robin Hood story is about defying the odds.
Hollywood blockbusters such as Ocean’s Eleven and real-life figures, like MIT’s card counters, have almost achieved legendary status. This is often portrayed as an intellectual battle against raw capitalism.
Jonathan Howard is a father and husband who was jailed in the UK earlier this year. Howard wouldn’t necessarily see that his actions were wrong if he was asked. The moral ambiguity combined with the huge potential gain drives people to go to extreme lengths in order to exploit vulnerabilities within systems and processes. After all, scaling bonus abuse is equivalent to owning your very own money-printing press.
The counter-industry, which is worth billions of dollars, against bonus abuse continues to flourish despite the abundance of fraud and validation tools on the market. Bonus abusers know the secret well, but the rest of the industry is less aware.
Gaps between the armor
Device fingerprinting is a popular security measure, but it has limitations. In New Jersey, our research revealed that one identity could make up to $18,000 by exploiting all welcome offers. This figure can be even higher in many countries.
The fraudster can use this to scale across several identities using IP addresses and devices that are unique for each. Hardware costs will have a minimal impact on their income. Most of the time, however, simpler methods work. You can use dynamic IPs, clear cookies or common devices and browsers that are in a gray area.
Verification is never in line with the user’s experience or cost. Background verification is easy to use, but it’s still vulnerable to data theft and scraping.
Companies House, the UK’s register of companies, contains all the information required to verify thousands of casino accounts. What data sources are used by many verification tools? Although Social Security Numbers are considered to be more secure than other data sources, constant leaks of information have shown that this method is ineffective.
Fraudsters can also use collusion to exploit “document upload on withdrawal”, another common practice. They can target operators with multiple identities by aggregating the winnings of several accounts and creating a new account.
The advancements in AI has made it more difficult to detect these fakes. A recent LinkedIn viral demonstrated how AI could animate images in order to avoid costly liveness tests, which are considered the best defence.
The AI-versus AI situation creates an arms race in technology, which leads to security measures that are outsmarted.
Is it possible?
Digital wallets and virtual card have changed the face of gambling risk management. The requirement for a unique payment card was an obstacle to multi-accounting. Digital wallets such as PayPal, Apple Pay and Skrill, have made it easier to create multiple accounts.
Virtual cards have exacerbated the problem, as they allow users to create hundreds, or even thousands of card numbers for a single wallet. When trying to block virtual card, the identification codes (BINs), which are often used for physical cards, can overlap.
By blocking all cards issued by providers such as Monzo or Revolut, you could alienate an important customer base. It also goes against trends for banking innovation, and the privacy needs of consumers.
We may find solutions to these problems. Perhaps blockchain-based digital identity will allow players to be tied to a digital score of trust, which is validated by an encrypted retinal scan.
This still does not solve the problem of syndicates.
How it works: A ringleader recruits people who will exploit bonuses. They will be given guides to help them exploit the bonuses and then they will get a share of their profits. This setup has a problem because each participant is using his own IP address, cookies, browsers, geographical location, payment method, and KYC documents. There are no correlations.
Finnish bonus cheats are notoriously hard to capture because of the open banking system they have adopted. This has caused many operators to go bankrupt. As a result of geolocation tracking, the US faces a similar challenge.
Stopping bonus abuse by analysing the gameplay
Do not get me wrong: risk management solutions are a necessity. They are not a complete solution, and those who rely on them for that purpose risk being exposed.
A full solution is required in high-bonus markets. This includes device fingerprinting and verification as well as payment analysis, gameplay analysis, and analysis of payments. Almost all of the risk mitigation tools used by this industry have a multi-industry focus. The industry is not focusing on what makes it unique: gameplay.
The only thing that cannot be faked is gameplay. It acts as an absolute failsafe. A player who takes value is taking value. A player who cheats is a cheater. There’s no grey area.
Operators are not well-equipped to distinguish between these types of accounts. It is possible to exploit top-tier operators for up to 12 months with a single account. This can cost thousands of dollars before the operator realizes it. It is important to improve our ability to analyse gameplay risks and to eliminate the barriers between CRM and risk departments.
The value of VIPs, and those who abuse bonuses are on the opposite ends of the scale.
Ozric Vondervelden is a leading expert in the field of igaming bonuses and risk management. He has advised more than forty operators, saving them millions each year. Ozric Vondervelden is a co-founder at Greco. This industry first engine identifies gameplay risks, and determines the value of each player.