High risk transactions and stolen credit card fraud: How iGaming operators can protect their platforms

Bots are commonly used to infiltrate active accounts. This is referred to as account takeover and occurs when fraudsters try logging in with stolen credentials — often bought on the dark web. The danger of these attacks are they can be performed at mass scale, with thousands of attempted fraudulent logins occurring in mere minutes. If not prevented, iGaming operators could lose thousands or even millions of dollars from fraudsters who breach accounts and drain the funds. 

How to stop it: The good news is that bot attacks are easily preventable. Velocity checks can detect mass scale attacks and shut them down. How does it work? Characteristics of the user and their device — such as IP address, location, server timestamp, etc. — can be analyzed to identify unusual activity. If the activity seems suspicious, the account can be locked automatically until their identity is verified. But speed is critical. Which is why automation is necessary as manually reviewing thousands of account logins for potential fraud is time-consuming and costly.

Another way fraudsters can utilize bots, is to quickly open thousands of new accounts to exploit lucrative promos. Once the accounts are created, the criminal can even use bots to automatically place bets and claim the promos. While there will be winnings and losses, the losses won’t matter as the fraudsters are using promotional credits.

How to stop it: Multi-accounting is prevented in a similar way to account takeovers. Sophisticated fraud management tools can verify user identity and immediately alert iGaming operators of suspicious activity. The tools can understand typical vs atypical user actions, compare user IP addresses or proxies, and use behavioral analysis to detect fraud. While multi-accounting attacks can happen fast, automated tools can shut down the efforts before they cause massive damage.

If you’ve never had your credit card details stolen, you probably know someone who has. Credit card fraud is common. And there’s good reason. Just like usernames and passwords, credit card details can be bought on the dark web. Once fraudsters set up multiple accounts, they can use stolen cards to place bets, robbing iGaming operators and consumers.

How to stop it: Using a solution with powerful community data is important. The reason is that if one operator has not seen this credit card information before, another merchant may have. Having this unique insight can help prevent losses by immediately understanding if the credit card has been seen elsewhere and if the information associated with the transaction/bet are consistent with previous transactions. If not, the operator can opt to step-up authenticate the user, or call the card holder to verify the bet or deny the transaction. This arms the operators with the data needed to automatically prevent the use of stolen credit cards on their platform. 

Regardless of how a fraudulent transaction occurs, fraudsters want to get actual funds whenever possible and will likely attempt to withdraw the funds stored on accounts. Many iGaming operators are currently forced to manually review each withdrawal, often calling the customer on the phone. As you can imagine, this is an incredibly time consuming process — especially when there are thousands of withdrawals a day. And if a withdrawal takes too long, customers may decide to try a competing platform.

With such a competitive landscape, operators need to find a way to automate this process to stay ahead and keep their best players happy. But, with many iGaming operators having limited fraud teams, this can be difficult.

How to stop it: In order to scale, operators need to use automated withdrawals, which is a fraud prevention solution that blocks fraudulent withdrawal requests. By utilizing this tool, operators can save time and only review suspect transactions needing a human eye while the rest are automatically approved or rejected. How does it work?