The world of online casino fraud and real money games is very diverse; the scams are as varied as the games and bets themselves. Let’s take a look at the common types of casino fraud seen in this industry:
Promos are a great way to get people in the digital door—after all, it’s hard to say no to free spins, chips, credits, or other forms of bonuses or discounts. Promotions, coupons, and bonuses are usually a win-win for users and operators. The user gets something free, discounted, or extra, and the operator gets to draw in new business and encourage returning users to keep coming back. But when bad actors get involved, the house doesn’t win.
By creating multiple accounts, using multiple devices, and using app cloners and tamperers to run multiple instances of the gaming app at once, promo abusers can take advantage of promotional offers in a way that wasn’t intended. Handing out a few free chips in exchange for encouraging a new user to sign up isn’t a bad deal, but unknowingly handing out hundreds of free chips to the same person under different accounts can have a large negative financial impact. The more the problem scales, the worse the impact gets.
Chargebacks are an important part of protecting consumers from the negative impacts of fraud, but unfortunately, they can also be abused to leave merchants in the cold. In this form of gambling fraud, a consumer makes bets and spends money at the online casino using their own card, only to dispute the charge later as though it was made illegally. Of merchants who dispute chargebacks, the average win rate is only 32%, and those odds only get worse for an adult-oriented industry like online gambling.
Identity theft is a high-stakes problem in the online gambling world. Bad actors who commit identity theft score big, not by mastering the game or getting lucky, but through stealing other players' personal and financial details. Identity theft can have financial consequences for the platform in the form of chargebacks from true cardholders, and it also undermines players’ trust in the platform’s integrity, hurting retention and spending.
Account takeover (ATO) fraud
Account takeover fraud is a losing situation for everyone (except the fraudster). The victim loses access to their account as well as any money, personal information, or other assets the attacker is able to steal. They also have to endure the stress of knowing their account has been compromised until it can be secured again.
The platform has to cope with the loss of consumer trust and any financial consequences related to compensating the victim or addressing chargebacks from transactions made by the attacker. Additionally, investigating and reinstating compromised gambling accounts takes up precious time that might have otherwise been spent benefiting the platform instead of putting out fires.
Part of the fun of skill-based real money games like poker is the combination of chance and skill—you might draw a poor hand, but if you’re good enough, you could bluff your way into a win. Colluders remove this chance-based element of the game by rigging it in their own favor. When players collude, particularly in card games like poker, they join an online game as though they were strangers, only to communicate and manipulate the game in secret.
Meanwhile, the other players have no idea that the deck is stacked against them. This form of cheating can lead to legitimate players feeling burned by unfair games as well as the platform losing money in payouts to fraudsters.
Location spoofing is a kind of Swiss army knife for online casino fraud. It allows fraudsters to mask their true identity and to manipulate aspects of the online gambling industry that rely on location, such as jurisdictional compliance and some automated fraud detection measures.
Gambling laws in the U.S. change by state and jurisdiction. If someone using location spoofing is in a jurisdiction where online betting is illegal, they can use spoofing tools to jump location to a jurisdiction where it’s allowed.
Multiple accounts (multi-accounting)
Multi-accounting is another technique that allows fraudsters to scale and spread their fraud activities out across multiple attack vectors. For example, in gnoming schemes, bad actors can use multiple accounts to populate a game like poker—all of the “players” would be multiple accounts owned by one bad actor. To the platform everything appears normal, but the bad actor is able to use the phony accounts to throw the game and pocket the winnings.
Multi-accounting can also be used to support a collusion scheme in a practice known as chip dumping. In this case, one or more fraudsters might join a game against real people while also using fake accounts to join the same game and tilt it in their favor.
Promo abuse is another practice that can’t scale meaningfully without the ability to make multiple accounts. People can abuse promotions by making multiple accounts, using multiple devices, or using cloning apps. Multi-accounting is particularly appealing to fraudsters because it’s much more cost-effective than purchasing dozens of different mobile devices.
Lastly, having multiple accounts gives fraudsters much more ability to avoid accountability. After all, if you have dozens of accounts to use for fraud, it matters less if one account gets caught and banned for abuse. If casino fraud cases can’t be connected to the same person across different accounts, it’s much harder to enforce a penalty.