Cybercrime is becoming an increasing concern for all types of businesses, with fraud estimated to cost $10.5 trillion (£8.45 trillion/€9.74 trillion) by 2025. With gambling among the sectors most appealing to these opportunistic criminals, Brittany Allen, trust and safety architect at Sift Science, describes the specific threats the industry faces and how AI technology is leading the fightback.
North American gambling giants MGM Resorts and Caesars Entertainment are just two of the prominent businesses that have been targeted during a spate of high-profile cyberattacks in recent months.
MGM Resorts was left with a projected loss of $100m in September after a cyberattack caused chaos. The business was forced to shut down casino systems and its website for a prolonged period of time causing huge losses in revenue. Fraudsters, reportedly from the ALPHV and Scattered Spider groups, accessed customer details including social security and passport numbers.
In the days after the MGM cyberattack, Caesars Entertainment also reported a similar issue. In a filing made to the Securities and Exchange Commission on 14 September, the operator said its loyalty programme had been compromised. It was reported that Caesars paid tens of millions of dollars in ransom to the cyberattackers.
Alongside these two high-profile cases, another recent incident saw online casino Stake.com facing a huge bill after $41m in cryptocurrencies was stolen. The FBI said the hack was the work of the North Korean state-sponsored Lazarus Group, which has pilfered more than $200m this year alone.
The increased threat from cyberattacks is happening so rapidly that the 2023 World Economic Forum’s (WEF) Global Risks Report put cybersecurity in the current and future top 10 risks globally. The cost of cybercrime is projected to hit an annual $10.5 trillion by 2025. By the same token, Gartner analysts predict that over the next two years, 45% of global organisations will be impacted in some way by an attack.
Specific risks for gambling
Allowing fraud to proliferate can have significant long-term impacts on operations and brand reputation. The victimised company may have money and assets stolen or be subjected to extortion. They may also face a considerable bill to repair broken technology systems or cover legal costs relating to hacked data. The outcome? Customers could leave in their droves if they no longer trust the company to protect their data and money.
While cyberattacks are prevalent across the economy – businesses from banks to online shopping platforms are being targeted – the gambling sector faces specific risks. According to Sift Science, the information and insights company, globally the digital fraud rate grew 68.6% in igaming and 29.4% in gambling between 2019-21.
The gaming industry’s shift to digital platforms has brought an influx of fraud in which legacy environments struggle to keep up. This is particularly because igaming is such a competitive industry, with players coming and going from platforms at a rapid rate, which results in multiple entry points and a high velocity of logins and transactions.
Secondly, inconsistent regulatory requirements between countries makes it challenging to implement fraud controls accurately and flexibly.
Finally, it can be uniquely challenging for igaming groups to accurately detect fraudulent activity. In the case of online gambling, customer behaviour that would typically indicate fraud may actually signify a high-value user. This can cause overlapping signals, such as transaction velocity and failed transactions for lack of funds. A broad, rules-based approach may not be able to differentiate between the users, causing businesses to have high false positives or require more manual reviews.
Among those companies protecting the gambling industry from fraudsters is Sift Science, the San Francisco-headquartered digital trust and safety specialist. The reputable company is partnered with igaming operators that account for 75% of the US market and secure more than $45bn annually.
Brittany Allen, trust and safety architect at Sift Science, warns that the threat to the gambling industry is becoming more pronounced as fraudsters find ways to target security vulnerabilities across the player journey.
“Fraudsters are both becoming more sophisticated by leveraging automated attack methods with bots, as well as more savvy at identifying gaps in operators’ defences,” she says.
“Advancements in technology have come a long way to aid fraud teams, but cybercriminals are getting more skilled at weaponising that same tech to bypass businesses’ preventative security measures. We’re seeing a widespread democratisation of fraud, which refers to the increasing accessibility and ease with which anyone, regardless of technical experience, can engage in fraudulent activities.
“Much of this occurs on deep web forums and marketplaces that sell fraud guides, sets of stolen personally identifiable information (PII), ‘fraud-as-a-service’ tools and a variety of on-demand phishing services.”
Monitoring one trillion events per year
Sift Science is one supplier whose fraud prevention solutions are designed to address the specific fraud challenges facing igaming and online gambling with industry-specific automation templates to set businesses up for success.
Sift Science uses machine learning (ML) models to closely monitor trends in fraud thanks to a global data network that covers more than one trillion events per year across over 34,000 sites and apps worldwide. That information looks across industries, regions and fraud vectors that feed into the AI models.
The network can detect new attack patterns within 250 milliseconds, providing customers with near-instant protection. When fraudsters launch an attack on one Sift Science customer, that data is automatically fed into the machine learning models and blocked from impacting other customers in the network.
“Sift Science’s global, as well as custom, ML models drive automated learning, based on the nuances of user activity,” Allen explains.
“Because fraudsters not only cross verticals, but also attempt fraud on different competitive sites, it’s crucial to have multiple ML models that are capable of tracking the larger fraud landscape as well as industry-specific patterns in real time. Sift Science’s robust global network includes some of the top names in igaming and online gambling, and industry-customised automation templates that align with business’ specific needs.
“It also simplifies the process of migrating to real-time ML systems. We provide expert integration support to help businesses get up and running quickly with our simple-to-use platform.”
78% of consumers would abandon a brand
So, what do those one trillion events tell us about how threats are mutating?
Among the criminals’ tactics causing most concern, Allen says, is multiple account fraud whereby scammers create dozens to hundreds of accounts using fake credentials to tilt the balance in their favour online. They use these accounts to perform various cheating and collusion scams, such as bonus abuse, affiliate fraud and chip dumping. The latter, commonly used in poker, sees a gambler intentionally lose chips or credits to another person at the table in order to transfer the funds to that one player’s account. These players may be colluding to commit money laundering and bonus abuse.
Account takeover attacks (ATO) are another common tactic whereby criminals gain access to legitimate player accounts and make unauthorised transactions. Sift Science avoided a staggering 354% jump in ATO attacks year-over-year in Q2 2023, after an already significant 169% YoY increase in 2022. Sift Science estimates that ATOs will be behind $635bn of fraud losses by the end of 2023.
“These ATOs compromise platform security and can lead to stolen funds and damage player trust in the business,” Allen says. “In fact, recent research from Sift found that 78% of consumers would abandon a brand due to account takeover.”
The Sift Science network has seen significant spikes in payment fraud, including in igaming. For example, the payment fraud attack rate increased 31% year-over-year (Q3 2022-Q3 2023) across the network.
“Fraudulent transactions create risk for igaming businesses on multiple fronts, making it crucial to have effective fraud prevention and detection measures in place,” Allen says. “Some common forms of payment fraud in igaming include phone top-up abuse, chargeback fraud and first-party fraud.”
Fraud prevention can drive growth
With the threat of fraud rising, the outlay on prevention service provision seems one gamble that’s sure to pay off. Indeed, rather than being a business cost, it can drive growth. Sift Science says its technology can increase accepted player transactions to 99%.
Fraud prevention technology can be introduced without inconveniencing customers too. Technology from leading providers can seamlessly approve legitimate users through machine learning-driven automation. Sift Science estimates that operators can reduce manual reviews by up to 60%.
With the supplier already central to the fight against fraud in the US, its expertise can also help operators beat the threat elsewhere, as Allen explains.
“In EMEA, due to varying region-specific restrictions, it’s critical to have fraud prevention technology that’s flexible enough to adapt to different market needs. It’s also important to find the right balance between fighting fraud and reducing friction for trusted players.
“Leading fraud solutions will be able to accurately differentiate between friends and foes in order to accelerate secure player transactions and address complex regulations at scale. Sift Science understands what it’s like to navigate emerging compliance challenges and makes it easy to stay flexible.”
Brittany Allen is a Trust and Safety Architect at Sift. She has more than a decade of experience combating e-commerce marketplace fraud at companies such as Etsy, Airbnb, 1stdibs, and letgo. Her current role focuses on trust and safety education, developing industry best practices and strategies, and representing the merchant’s voice at Sift.