Bonus Abuse in iGaming - One Infographic to Understand and Prevent It


It is estimated that bonus abuse costs the online gaming industry up to 15% of its gross revenue. Combined with multi-accounting fraud, it is substantially more than transaction fraud, yet it is paid little attention. This is mostly because bonuses are such an important tool to attract new players. Unfortunately, they also incentivize users to sign up numerous times to receive them.

To make matters worse, organized criminals abuse bonuses to resell accounts, cash out at scale, and use advantage gambling to maximize their earnings. Luckily, multi accounting isn’t hard to prevent if you know where to look. This infographic will go over every step needed to stop it and show how to curb bonus abuse for iGaming operators.

Why Gambling Operators Offer Bonuses

Online gambling promotions are designed to attract new players and grow user bases. While this doesn’t always incur extra spending (especially with free or matched deposits), it can successfully push them to spend more time on the platform. In some cases, it helps providers carve themselves a biggest share of the market in the long run.

Why Gambling Operators Offer Bonuses

How Much do iGaming Providers
Spend on Bonuses?

How Much do iGaming Providers Spend on Bonuses?
Increase in the average bonus spend from marketing departments between 2015-2019
More Bonuses = More Manual Reviews

More Bonuses = More Manual Reviews

To avoid losing a customer with high lifetime value, operators are reluctant to outright decline suspicious users. Overall, more than 90% of the transactions are approved, leaving the company with the high risk of paying bonuses to the wrong customers.

Security vs Growth

According to our own data, the biggest challenge for fraud teams in iGaming is with performing efficient manual reviews. And more bonus offers means a heavier workload to approve or refuse signups. While 8-12% of all gambling transactions require manual review, only 1-4% end up in decline.

Reducing Friction to Remain Competitive

Similarly, legitimate users who have to go through too many verification processes are more likely to jump ship to other competitors. Avoiding churn is primordial for iGaming operators who wish to onboard new users without letting in the bad guys.

Security vs Friction

The Answer: Adaptable KYC Triggers
Based on Digital Footprint

Light KYC

Light KYC includes frictionless customer risk scoring methods that don’t affect user experience nor increases the churn. It’s much cheaper to implement on a large scale and works well combined with heavy KYC processes.

Heavy KYC

Meanwhile, ID or other document verification processes are providing a higher level of security. They have also downsides, as they are expensive to check, and negatively impacts user experience. Fraudsters are also increasingly adept at bypassing them.

Targeting the Earliest Access Point

The registration stage is often the best time to apply fraud prevention techniques. You can quickly perform a light KYC analysis, and only redirect suspicious users towards the heavy KYC methods. The withdrawal stage always benefits from mandatory heavy KYC, which won’t be so frustrating for legitimate users who had no trouble signing up.

KYC

A Real Life Example of User Digital Footprint

Let’s see it all in action. Below are data points of a genuine customer. At first glance, everything would be approved by an analyst. But after enriching all the information through various tools, let’s see what kind of customer picture we can draw.

User data

Email address

The email address has no searchable history. Why is this a risk? Multi-accounting operators will create an email address fast, and without linking to Twitter, Facebook or other social media accounts. This is not the typical behaviour of a genuine customer, who would use an aged email address, probably used to sign into multiple social media platforms.

10 %
of bonus abusers have a Facebook account registered with their email address
7 %
of bonus abusers use a disposable email address
Risky email

RISKY

The email address is only registered with the email provider.

Risky email

SAFER

An email address linked to numerous social media platforms tends to indicate we are dealing with a genuine user.

Phone number

Phone number

A similar analysis can be performed on phone numbers. Fraudsters are unlikely to register the phone number with messenger apps and other platforms. We can also flag phone numbers that come from “burner” apps, which allow people to enable numerous phone numbers on one device only.

IP address

Fraudsters often rely on mobile IP addresses to hide their multiple accounts. This is because these IPs show no geographical info, and are harder to identify than data centers. Laptops with dongles are the most popular setup amongst multi-accounters, and not typical for genuine players.

57 %
of bonus abusers use a data center IP address
Map
Credit card

BIN range

The BIN range identifies the card as being prepaid, which should increase suspicions. Moreover, it expires in 4 years, giving us a clue that it was created in the last month. Multi-accounters will typically get to work as soon as they have a new card, in order to optimise the value they can extract from reload offers. We’re therefore definitely dealing with a high-risk card here, although other types can also be identified via BIN.

Device data

Multi-accounters favour desktop and laptop devices to access their records and fraud guides. They also allow them to install auto spin features and to work more efficiently. If the device is a laptop or desktop using mobile data (dongle) and no phone or email history, we can be pretty confident we are dealing with a multi-accounting operation.

Multi acounting

Other Strong Indicators

Site referral
Site referral

Traffic coming from from a bonus abuse forum or excel sheet increases risk

Deposit sixzes
Deposit sizes

Users who take the full bonus value and assume there is no winnings cap should be marked as suspicious.

Password
Password

The passwords shared with multiple customers can indicate fraudulent syndicates.

Security question and answer
Security question and answer

Finding the same in use by multiple accounts is a strong indicator of multi accounting.

iGaming Fraud Prevention Statistics

On average, iGaming companies have hundreds of active rules, most of which use some form of our pre-set data enrichment functions and also their configuration.

Each behaviour can be assigned a risk value. When a set threshold is crossed, the action is reviewed manually. Machine learning will also identify common user actions, and assign a risk score to what appears to be fraudulent behaviour.

92%

of bonus abusers have never been involved in a data breach

87%

of bonus abusers use a free email provider

77%

of bonus abusers do not have any social media presence related to their email address

70%

of bonus abusers use a proxy to access the operator website

Final Thought

Onboarding is the earliest access point of the customer journey, which needs to be kept frictionless to avoid churn. Digital footprint analysis at that stage is a key strategy for operators. It allows them to simplify the user journey, gain a full picture of their customers, and speed up manual reviews to reduce multi accounting, bonus abuse, and help the company grow safely.

Download in PDF

To see how the SEON fraud prevention tool can help your organization improve its digital credit scoring,
Download our PDF

SEON sign
Download Infographic