Sports Betting Fraud Detection

While players have fun placing their bets on their favorite teams and athletes, bad actors are placing their bets on something else: a number of different fraud schemes aiming to swindle sports betting platforms and their legitimate users.

Proxy betting 

Proxy betting involves a person (the proxy) making bets on behalf of someone else who is often located in a jurisdiction where such betting activities are restricted or illegal. This practice exploits legal loopholes and essentially sidesteps the regulations put in place to govern online sports betting.

For example, in a recent case uncovered by New Jersey regulators, a casino was investigated for a proxy betting scheme that involved a proxy placing bets for an out-of-state gambler. By doing this, they circumvented the geolocation laws mandating that bettors must be within the proper legal jurisdiction to place wagers.

Chargeback and payment fraud 

Chargeback and payment fraud represent another type of sports betting fraud that occurs online. Chargeback fraud happens when a customer fraudulently disputes a legitimate transaction with their card issuer, causing a forced reversal of the transaction. This action leaves the merchant on the hook for the transaction amount, any lost time and resources spent dealing with the fraud, and often additionally imposed chargeback fees. In the context of online sports betting, a player might request a chargeback after losing a bet, falsely claiming they didn’t authorize the bet.

Payment fraud, another prevalent problem, includes various fraudulent activities related to online transactions. This could range from using stolen credit card information to bet on sportsbook platforms to complex identity theft scenarios.

Account takeover fraud 

Account takeover (ATO) fraud is a critical issue in the online sports betting world. This form of fraud occurs when cybercriminals gain unauthorized access to users' sportsbook accounts, often through phishing scams, data breaches, or credential stuffing. Once they gain control, they can make unauthorized bets, drain the account of funds, or even sell the account on the dark web.

In one high-profile case that underscores the negative impact of ATO fraud, DraftKings, a well-known fantasy sports and sports betting operator, saw user accounts drained of around $300,000 following credential stuffing attacks. Not only did this lead to significant financial losses for the company itself, but it also led to a reputational hit that left users primed for a jump to a competitor.

Identity fraud (synthetic identities & identity theft)

Betting operators have a legal and ethical responsibility to know who their bettors are, and that’s why identity fraud poses a major threat to the sports betting ecosystem.

Synthetic identity fraud occurs when criminals create new, fictitious identities by combining real and fake personal information. These false identities are then used to set up online betting accounts, allowing these fraudsters to sidestep verification processes and proceed with illicit betting activities. Another way to skirt identity verification checks is by using stolen identity information found in data breaches or bought on the dark web.

The anonymity of online platforms, coupled with the digital nature of transactions, makes the online gambling sector particularly vulnerable to identity fraud. Fraudsters can use fabricated or stolen identities to exploit promotional offers, engage in money laundering, or defraud legitimate players, resulting in significant financial losses for sports betting platforms and their users.

Location spoofing 

Location spoofing is another fraud tactic used in online sports betting to bypass jurisdictional restrictions and conceal a fraudster’s true whereabouts. Through the use of technologies like GPS spoofers and virtual private networks (VPNs), individuals can trick a betting site's geolocation technology into believing they’re physically located in a jurisdiction where online betting is legal.

This fraudulent practice allows individuals to engage in online sports betting in regions where it's restricted or outright illegal, potentially leading to financial and legal repercussions for both the user and the platform.

Gambling, both online and land-based, is a highly regulated industry. Failure to stay in compliance with local regulation can have dire impacts for betting operators, which is why it's vital to have as many failsafes as possible against fraudsters that could cause violations through location spoofing or the use of stolen or synthetic identities.

Jurisdictional compliance

Sports betting is legal in thirty-four states in the U.S. as of 2023—however, only some of those states allow online wagering. The Internet might be everywhere, but that doesn't mean that bettors can place bets from anywhere. If you want to bet on sports, you have to be physically located within a state where it's legal to do so; if you aren't and you still manage to place a bet, the casino operator responsible for letting you place that bet could be on the hook for thousands of dollars in fines and other penalties.

Know-Your-Customer (KYC) regulations 

Any platform that processes payments is responsible for putting some safeguards in place against money laundering. In the U.S., this is known as KYC or "know your customer" regulations. Whenever someone uses fake or stolen identity information to move money in and out of an online sports betting platform, there's a chance they're using the platform to launder money. Aside from the obvious ethical problems associated with accidentally enabling money laundering, if an audit uncovers these lapses, it could mean fines, legal penalties, and reputational damage for the operators.

Online betting might be a brave new world, but the world of online fraud prevention certainly isn’t new. Betting operators have multiple tools and techniques at their disposal that they can use to shift the anti-fraud odds further in their favor.

Geolocation compliance software 

Geolocation compliance software is table stakes for maintaining the jurisdictional compliance of any online gambling platform. It's a technology that accurately determines a user's physical location in real-time, ensuring that only users located in regions where sports betting is legal are allowed to place bets.

When a user attempts to place a bet, geolocation software collects data from multiple sources, including IP address and GPS data, to determine the user's location. Based on the results of this real-time verification process, either the user is allowed to make their bet or their bet is blocked.

Geolocation software is designed to detect and block the use of VPNs and proxies that individuals may use to spoof their location. It continually compares the data it collects against a database of known proxies and VPN servers, and if a match is found, the user's access is blocked.

Geolocation compliance software is an essential tool in the arsenal of betting fraud detection systems, but maintaining tamper- and spoofing-resistant software is a constant concern in order to maintain the reliability of the technology.

Identity verification checks

Identity verification checks are a crucial component of any online sports betting platform's anti-fraud and pro-compliance strategy. These checks are designed to confirm the legitimacy of a user's identity, ensuring that the personal information they've entered–such as their full name, date of birth, and home address–is accurate and true.

The verification process typically begins when a user registers a new account. After providing their personal data, the user may be asked to supply documentation that can authenticate the information. This might include uploading a scan of a government-issued identification card, such as a driver's license or passport, and a proof of address like a recent utility bill or bank statement.

In addition to manual verification, many online sports betting platforms also utilize automated identity verification software. These systems cross-reference user data against multiple public and private databases to confirm its validity. They may also check user information against fraud and sanctions lists, ensuring that the platform is not inadvertently facilitating illicit activity.

By conducting rigorous identity verification checks, online sports betting platforms can significantly reduce the risk of fraud, ensure compliance with anti-money laundering regulations, and maintain the trust of their legitimate users.

Automated fraud detection 

Automated fraud detection systems play a pivotal role in securing the integrity of online sports betting. These sophisticated solutions use advanced algorithms and machine learning techniques to monitor betting patterns and user behavior in real-time, identifying anomalies that may indicate fraudulent activity.

For example, sudden large bets from a new user, or a high volume of bets from a single IP address, could trigger alerts for potential betting fraud.

These systems operate continuously without human intervention, providing around-the-clock protection. They also adapt over time, learning from each potential fraud instance to improve their detection capabilities. A good automated fraud detection system helps online sports betting platforms mitigate risks, maintain legal compliance, and preserve their reputation.

Incognia’s solution can unlock a new level of innovation and effectiveness for gaming operators. Incognia uses a combination of location and device intelligence to deliver reliable, tamper-resistant geolocation and risk signals that enable geolocation compliance and fraud prevention, all in one solution.

How Incognia’s solution works 

Incognia recognizes that location and device intelligence are both powerful tools on their own, but not reliable enough to fight fraud when used in isolation. That’s why we use them together.

Our location solution leverages a combination of signals, including GPS, WiFi, Bluetooth, and cellular, to produce an extremely accurate picture of a device’s location—accurate enough to differentiate between different units in an apartment building. Because we use multiple signals beyond GPS or IP address alone, this location data is also resilient against GPS spoofing or the use of VPNs to mask location.

We combine that location signal with device intelligence to help us assess risk. For example, our solution includes device integrity checks, where we look for factors commonly associated with fraud on a user’s mobile device—the presence of app tampering tools, app cloners, GPS spoofers, rooting or jailbreaking, and so on. Finding these red flags early on can help platforms make informed decisions about what level of fraud risk they’re willing to allow for new users.

Using these two signals in conjunction allows us to solve for some of the vulnerabilities of today’s industry-standard geolocation and device fingerprinting solutions. Our location intelligence is resilient against location spoofing, for example, but using location also allows us to identify devices even after they’ve been factory reset. This is our dynamic duo, and it can help the betting industry by answering two major use cases with one single solution.

Fraud prevention 

Device integrity checks can help us to identify fraudsters before they even join the platform, but we can also identify when previously banned devices try to rejoin—even if they’ve been factory reset.

Consider the account takeover problem mentioned above. Incognia’s combination of device and location signals can help identify suspicious activity like unauthorized logins, even if fraudsters think they’re covering their tracks.

To create a holistic risk assessment for logins and transactions, we analyze factors like:

• whether someone is logging in from a known device

• whether they’re in a location where we’ve detected them before

• whether they’re using a device or location that’s been associated with fraud in the past

This way, operators can set their own parameters for what level of risk they’re comfortable accepting when approving unusual user logins and transactions.

Our location technology also gives us a boost by showing us hotspots for fraudulent activity. Since fraudsters typically have more than one device at their disposal, if we see a new device crop up in very close proximity to high-risk devices or devices previously guilty of fraud, we can raise our risk assessment accordingly.

Geolocation compliance

The accuracy and tamper resistance of Incognia’s location solution make it a naturally strong choice for ensuring jurisdictional compliance with geolocation. Say a new user tries to sign up for an online sportsbook platform with fake address information or using a spoofed location. Incognia can perform real-time address verification to determine whether their reported address matches their actual address, and return a risk assessment based on what we find.

If the addresses match, risk is low, and players could be approved without any additional user friction or resources required. If the result is a high risk assessment, platform operators can make the call about whether to use step-up verification or to deny the signup outright.

There are a lot of unknowns in the world of online sports betting—in a way, the unknown is much of what makes wagering so enjoyable for millions of people globally. However, when it comes to protecting users and maintaining compliance with state and federal regulations, it’s best to eliminate as much of the mystery as possible. That’s what innovative solutions like Incognia’s can help operators do—take the gamble out of protecting online gambling.

If you want to learn more about how Incognia can help gaming operators stay secure and block fraudsters, you can find a case study about the results a gaming company saw with Incognia here.