While players have fun placing their bets on their favorite teams and athletes, bad actors are placing their bets on something else: a number of different fraud schemes aiming to swindle sports betting platforms and their legitimate users.
Proxy betting involves a person (the proxy) making bets on behalf of someone else who is often located in a jurisdiction where such betting activities are restricted or illegal. This practice exploits legal loopholes and essentially sidesteps the regulations put in place to govern online sports betting.
For example, in a recent case uncovered by New Jersey regulators, a casino was investigated for a proxy betting scheme that involved a proxy placing bets for an out-of-state gambler. By doing this, they circumvented the geolocation laws mandating that bettors must be within the proper legal jurisdiction to place wagers.
Chargeback and payment fraud
Chargeback and payment fraud represent another type of sports betting fraud that occurs online. Chargeback fraud happens when a customer fraudulently disputes a legitimate transaction with their card issuer, causing a forced reversal of the transaction. This action leaves the merchant on the hook for the transaction amount, any lost time and resources spent dealing with the fraud, and often additionally imposed chargeback fees. In the context of online sports betting, a player might request a chargeback after losing a bet, falsely claiming they didn’t authorize the bet.
Payment fraud, another prevalent problem, includes various fraudulent activities related to online transactions. This could range from using stolen credit card information to bet on sportsbook platforms to complex identity theft scenarios.
Account takeover fraud
Account takeover (ATO) fraud is a critical issue in the online sports betting world. This form of fraud occurs when cybercriminals gain unauthorized access to users' sportsbook accounts, often through phishing scams, data breaches, or credential stuffing. Once they gain control, they can make unauthorized bets, drain the account of funds, or even sell the account on the dark web.
In one high-profile case that underscores the negative impact of ATO fraud, DraftKings, a well-known fantasy sports and sports betting operator, saw user accounts drained of around $300,000 following credential stuffing attacks. Not only did this lead to significant financial losses for the company itself, but it also led to a reputational hit that left users primed for a jump to a competitor.
Identity fraud (synthetic identities & identity theft)
Betting operators have a legal and ethical responsibility to know who their bettors are, and that’s why identity fraud poses a major threat to the sports betting ecosystem.
Synthetic identity fraud occurs when criminals create new, fictitious identities by combining real and fake personal information. These false identities are then used to set up online betting accounts, allowing these fraudsters to sidestep verification processes and proceed with illicit betting activities. Another way to skirt identity verification checks is by using stolen identity information found in data breaches or bought on the dark web.
The anonymity of online platforms, coupled with the digital nature of transactions, makes the online gambling sector particularly vulnerable to identity fraud. Fraudsters can use fabricated or stolen identities to exploit promotional offers, engage in money laundering, or defraud legitimate players, resulting in significant financial losses for sports betting platforms and their users.
Location spoofing is another fraud tactic used in online sports betting to bypass jurisdictional restrictions and conceal a fraudster’s true whereabouts. Through the use of technologies like GPS spoofers and virtual private networks (VPNs), individuals can trick a betting site's geolocation technology into believing they’re physically located in a jurisdiction where online betting is legal.
This fraudulent practice allows individuals to engage in online sports betting in regions where it's restricted or outright illegal, potentially leading to financial and legal repercussions for both the user and the platform.