It is estimated that bonus abuse costs the online gaming industry up to 15% of its gross revenue. Combined with multi-accounting fraud, it is substantially more than transaction fraud, yet it is paid little attention. This is mostly because bonuses are such an important tool to attract new players. Unfortunately, they also incentivize users to sign up numerous times to receive them.
To make matters worse, organized criminals abuse bonuses to resell accounts, cash out at scale, and use advantage gambling to maximize their earnings. Luckily, multi accounting isn’t hard to prevent if you know where to look. This infographic will go over every step needed to stop it and show how to curb bonus abuse for iGaming operators.
Online gambling promotions are designed to attract new players and grow user bases. While this doesn’t always incur extra spending (especially with free or matched deposits), it can successfully push them to spend more time on the platform. In some cases, it helps providers carve themselves a biggest share of the market in the long run.
According to our own data, the biggest challenge for fraud teams in iGaming is with performing efficient manual reviews. And more bonus offers means a heavier workload to approve or refuse signups. While 8-12% of all gambling transactions require manual review, only 1-4% end up in decline.
To avoid losing a customer with high lifetime value, operators are reluctant to outright decline suspicious users. Overall, more than 90% of the transactions are approved, leaving the company with the high risk of paying bonuses to the wrong customers.
Similarly, legitimate users who have to go through too many verification processes are more likely to jump ship to other competitors. Avoiding churn is primordial for iGaming operators who wish to onboard new users without letting in the bad guys.
Light KYC includes frictionless customer risk scoring methods that don’t affect user experience nor increases the churn. It’s much cheaper to implement on a large scale and works well combined with heavy KYC processes.
Meanwhile, ID or other document verification processes are providing a higher level of security. They have also downsides, as they are expensive to check, and negatively impacts user experience. Fraudsters are also increasingly adept at bypassing them.
The registration stage is often the best time to apply fraud prevention techniques. You can quickly perform a light KYC analysis, and only redirect suspicious users towards the heavy KYC methods. The withdrawal stage always benefits from mandatory heavy KYC, which won’t be so frustrating for legitimate users who had no trouble signing up.
Let’s see it all in action. Below are data points of a genuine customer. At first glance, everything would be approved by an analyst. But after enriching all the information through various tools, let’s see what kind of customer picture we can draw.
The email address has no searchable history. Why is this a risk? Multi-accounting operators will create an email address fast, and without linking to Twitter, Facebook or other social media accounts. This is not the typical behaviour of a genuine customer, who would use an aged email address, probably used to sign into multiple social media platforms.
The email address is only registered with the email provider.
An email address linked to numerous social media platforms tends to indicate we are dealing with a genuine user.
A similar analysis can be performed on phone numbers. Fraudsters are unlikely to register the phone number with messenger apps and other platforms. We can also flag phone numbers that come from “burner” apps, which allow people to enable numerous phone numbers on one device only.
Fraudsters often rely on mobile IP addresses to hide their multiple accounts. This is because these IPs show no geographical info, and are harder to identify than data centers. Laptops with dongles are the most popular setup amongst multi-accounters, and not typical for genuine players.
The BIN range identifies the card as being prepaid, which should increase suspicions. Moreover, it expires in 4 years, giving us a clue that it was created in the last month. Multi-accounters will typically get to work as soon as they have a new card, in order to optimise the value they can extract from reload offers. We’re therefore definitely dealing with a high-risk card here, although other types can also be identified via BIN.
Multi-accounters favour desktop and laptop devices to access their records and fraud guides. They also allow them to install auto spin features and to work more efficiently. If the device is a laptop or desktop using mobile data (dongle) and no phone or email history, we can be pretty confident we are dealing with a multi-accounting operation.
Traffic coming from from a bonus abuse forum or excel sheet increases risk
Users who take the full bonus value and assume there is no winnings cap should be marked as suspicious.
The passwords shared with multiple customers can indicate fraudulent syndicates.
Finding the same in use by multiple accounts is a strong indicator of multi accounting.
On average, iGaming companies have hundreds of active rules, most of which use some form of our pre-set data enrichment functions and also their configuration.
Each behaviour can be assigned a risk value. When a set threshold is crossed, the action is reviewed manually. Machine learning will also identify common user actions, and assign a risk score to what appears to be fraudulent behaviour.
of bonus abusers have never been involved in a data breach
of bonus abusers use a free email provider
of bonus abusers do not have any social media presence related to their email address
of bonus abusers use a proxy to access the operator website
Onboarding is the earliest access point of the customer journey, which needs to be kept frictionless to avoid churn. Digital footprint analysis at that stage is a key strategy for operators. It allows them to simplify the user journey, gain a full picture of their customers, and speed up manual reviews to reduce multi accounting, bonus abuse, and help the company grow safely.