Find Out Who's Misbehaving to Stop Online Gaming Fraud

Online gaming is big business. It is an industry valued at almost $31 billion worldwide, representing a 30 percent growth rate in the last three years. The market includes the categories of sports betting, bingo, casino and poker. Technology has been the driving force behind the phenomenal growth of the online gaming industry. Unfortunately, while the Internet makes it easier and more convenient to place bets, it also provides the means for more organized cybercriminals to defraud these sites and their good players.

Unlike other online businesses, the online gaming industry has security challenges particular to its industry. Whereas other e-commerce businesses sell an item to a buyer and typically enjoy a predictable income stream, online gaming, whether it’s pay-for-play card games or traditional betting, is more erratic in terms of the flow of money. For this reason, it is a tempting target for fraud.

As the industry booms, the threat of criminal activity looms. Cheating at cards has a long and infamous history. It’s no wonder, then, that we see it happen in the virtual world as well. But that doesn’t mean the online gaming industry has no security measure in place. Because statistics are at the heart of gaming, the industry has developed incredibly sophisticated data analysis tools that can determine with high accuracy if, for example, a six-player poker hand is being gamed by one person with multiple accounts. But that just looks at one point in the player’s history. Why settle for a snapshot when you can see an entire interaction from beginning to end?

Creating Layers of Security

Just as online gaming sites have created advanced tools, so have fraudsters. By using methods to circumvent traditional detection like IP address, geolocation, third-party credit verifications, even using data analysis of other players, it means that despite the gaming industry’s best efforts, fraudulent deposits, cheating and collusion, chargebacks and money laundering persist.

Gaming sites can use its tools to analyze a game while it is being played, and that’s a good thing. However, there is another security layer that should be added, one that observes the players before the game starts and even across the lifetime of the player. Building complex models of behavior is the secret weapon about to sweep online security – a real game changer that will show the difference between a flesh-and-blood player and sock puppet accounts and scam artists.

That’s because, even online, people are individuals. Each person has unique behaviors and habits that can identify them, despite their best scams. Behavior-based security looks at hundreds of signals and allows us to confidently know when we are seeing the genuine player, signals such as how they hold their device, how they type or whether they use a mouse or a trackpad when playing. It is these non-identifying but wholly unique behaviors that create a player profile that can’t be spoofed.

Types of Online Gaming Fraud

There are a variety of methods people use to commit online gaming fraud. For instance, credit card fraud occurs when stolen cards are being used to set up or fund betting. In some cases, these stolen cards are used by a single player running several accounts in the same game so they can purposefully lose on the stolen card and funnel the winnings into their personal account, which can be cashed out later.

However, stolen credit cards don’t always figure into a scam involving an individual user running multiple accounts. A typical scenario would have a six-player room filled with only two players, one who is unaware of the scam and another running the other five players, essentially guaranteeing that the scammer will win. The use of multiple accounts is not limited to intentionally scamming other players by rigging the odds. Many gambling sites offer an incentive for new players, matching an initial startup deposit or giving the players cash bonuses for completing a set number of games, too.

It boils down to the individuals and how they create accounts. Account creation is the first point of contact for legitimate users and would-be scammers alike. While robust data analysis can catch some of the scammers when the games are happening, wouldn’t it be better to catch fake accounts before they can even start a game?

Gaming sites suffer loss, but so do their genuine players, who are just there to play a hand of cards. They don’t know they have been hit with the bad luck of being in the same virtual room as a scammer. And once they find themselves defrauded, customer retention becomes a huge issue. If a site becomes known for fraud, there is little a company can do besides invest in a costly rebranding and build anew.

To Defeat Fraud, Analyze Behavior

With so many ways to be defrauded, it makes sense that gaming sites create a more stringent account setup process than a typical e-commerce website would. A first round of registration needs to confirm things like the user’s birthday, and checks are typically run against personally identifying information. But with the prevalence of data breaches flooding the market with exactly these kinds of credentials, such types of checks are of limited use. If personally identifiable information can be faked or stolen, what is left? Behavior.

How an authentic user creates an account and then interacts with the site is going to be different from someone creating multiple accounts to perpetrate fraud. How the user goes on to use the site after account creation, outside of even game play, continues to build profiles very distinct from each other.

Beyond determining which accounts are legitimate and which are puppets, behavior-based security methods will also tell you if an account has been stolen from its owner or if a new account is being made by a customer with past gaming difficulties. Behavior can even be leveraged into predicting a budding gaming addiction by comparing the behavior of past addicts against current users and taking the necessary steps to stop chargeback complaints, also known as first-party fraud, from players who have lost control.

The online gaming industry has a lot to lose, and behavior-based security has a great deal to offer to help gaming sites protect their players, their reputation and their bottom line. By analyzing the behavior of both legitimate and fraudulent players, this layer of security can identify fake accounts as they are being created, stopping fraud at its source. It can also reduce chargebacks and create a better user experience by working behind the scenes unless an issue occurs. The secret to securing online gaming is being able to identify good user behavior 

About the Author:

Ryan Wilk is the director of customer success for NuData Security. Previously, he was manager of Trust and Safety at StubHub and spent eight years with Universal Parks & Resorts in various e-commerce roles.