As esport gaming continues to boom, your fraud prevention must cope with a growing number of attacks.
While esport gaming is still considered an emerging market, it’s undeniably growing faster than anyone had imagined during the Covid 19 crisis.
Everyone is staying at home, looking for online entertainment. Traditional sporting events are slowly resuming, and esport, which can be streamed online, fits the bill for those who want to keep betting. It’s no surprise that F1’s first virtual grand prix gathered more than 3.2 online viewers.
But the pandemic has only accelerated what was already a booming market. ESPN started covering esport in 2016, and what was once seen as a niche form of entertainment is quickly entering the mainstream.
Which should be good news for anyone involved in esport league gaming and gambling, whether you offer betting on the latest CS:GO games, Dota 2, League of Legends, or skin gambling.
Except for one thing: as demand increases at breakneck speed, so do the attacks of fraudsters.
Fraud Prevention Challenges of the Esport Gaming Industry
There are of course many parallels between the fraud prevention challenges of esport gaming and traditional iGaming or online gambling, betting and casino, as your company may be pushed to deal with:
- Bonus abuse: where fraudsters and organized groups target your referral programs and sign up incentives. It can cost online gaming companies up to 15% of their gross revenue.
- Multi accounting: where one fraudster uses numerous accounts for matched betting, smurfing, arbitrage of affiliate fraud.
- Affiliate fraud: organized fraudsters use multi-accounting to trigger a PPL/CPA, which means you are paying out rewards to non-existent players, or for bad traffic including players with no intention of spending money on your esports gaming site.
- Account takeover: also known as credential stuffing. Fraudsters acquire lists of logins from data breaches, phish for personal logins, or use brute force to steal someone’s account and drain their funds.
- Chargeback fraud: a problem that happens either because fraudsters use stolen credit card details, or because of friendly fraud, when the ID authentication is good, but the player still abuses the chargeback process to erase their bad bets by filing a chargeback.
The Hidden Costs of Esports Gambling Fraud
While the aforementioned recurring attacks will undoubtedly damage your bottom line, there’s more to consider too. In fact, it’s estimated that every dollar lost to fraud actually costs your organization up to $3 in costs.
Long Term Chargeback Losses
You’re not just dealing with the immediate chargeback fees. There is also all the time and effort spent investigating the chargeback and disputing it. It’s likely your risk team will be overwhelmed by a great number of requests, not to mention the fact that it puts you in the card companies’ bad books.
And the damages for enabling too many chargebacks are increasingly punitive for companies. Visa’s new VCR process and Mastercard’s resolution process make things harder for merchants, as the window to dispute a chargeback is shorter than ever.
Wasted Marketing Budgets
Affiliate fraud and bonus abuse are the two main offenders here, as they can considerably reduce your marketing ROI. The time and effort spent designing an attractive strategy to onboard new players is wasted on bad traffic that doesn’t convert.
While esports gaming is somewhat less scrutinized than traditional online gambling, it’s not hard to foresee that government regulators will increasingly crackdown on the industry. The debate following Steam’s infamous skin betting debacle has put the industry in the spotlight, and numerous countries, such as Sweden have already started pushing stronger legislation and heftier fines for protecting gamblers.
Damaged Reputation and Loss of Trust
Building safety and trust is primordial for any company in the iGaming sphere, and it is also true of esports betting. Account takeovers are therefore damaging not just for the users who lose their account’s funds, but also because it is seen as a weakness in the company’s security. Players are quick to take to online forums and review sites to vent their frustration, and your company name will be associated with hacked accounts.
Solution #1: Use Digital Footprint Tools For a 360 View of Users
The golden rule in any fraud prevention context is that the more data you have, the better you can protect yourself. The key challenge is of course to acquire that data in a frictionless matter. We know that even something as simple as 2FA or 3DS are seen as an obstruction by marketing teams, so how do you work with as few data points as possible?
The answer is to use data enrichment processes, such as:
- Device fingerprinting: analyzes the configuration of software and hardware of your users. Multi-accounting fraudsters, for instance, favour desktop and laptop devices to access their records and fraud guides. A desktop using mobile data (dongle) and no phone or email history, can raise red flags in real-time.
- Email profiling: Fraudsters will create an email address fast, and without linking to Twitter, Facebook or other social media accounts. This is not the typical behaviour of a genuine customer, who would use an aged email address, probably used to sign into multiple social media platforms.
- Phone analysis: likewise, fraudsters are unlikely to register the phone number with messenger apps and other platforms. We can flag phone numbers that come from “burner” apps, which allow people to enable numerous phone numbers on one device only.
- IP analysis: one of the oldest and easiest forms of security available, as fraudsters often rely on mobile or proxy IP addresses to hide their multiple accounts, which show no geographical info, and are harder to identify than data centers. Laptops with dongles are the most popular setup amongst multi-accounters, and not typical for genuine esports gamblers.
This all works together with the same goal: stop fraudsters from logging onto your platform before they can make use of stolen information and credit card numbers, which will reduce chargeback fraud in the long run.
Solution #2 Adaptable KYC Check Triggers
Esports betting, which tends to attract a younger user base, needs to be particularly vigilant with KYC checks. They are mandatory at the withdrawal stage, and depending on the jurisdiction, at the registration stage too.
The problem? Legitimate users are also the most impatient ones with authentication: why should they go through numerous verification processes with one platform when competitors make it much easier?
To avoid churn while maintaining a high level of security, you must use adaptable KYC triggers. These are based on digital footprint analysis (more on that below), and let you leverage both light and heavy KYC, depending on the initial data you get.
- Light KYC: includes frictionless customer risk scoring methods that don’t affect user experience nor increase the churn. It’s much cheaper to implement on a large scale and works well combined with heavy KYC processes.
- Heavy KYC: ID or other document verification processes which provide a higher level of security. They have also downsides, as they are expensive to check, and negatively impacts user experience. Fraudsters are also increasingly adept at bypassing them.
A good fraud prevention tool should let you start with the lighter features for a quick KYC check, and only dynamically trigger heavier KYC checks only for suspicious players. This essentially removes the need for the first round of manual reviews, as the process is completely automated.
It’s also worth noting that this flexibility can be applied to transaction and payment verification. For instance, SEON helps enable dynamic 3D Secure (3DS), which gives you better control over your customers’ journey and UX.
Solution #3 Understand Fraudster Behaviour With Velocity Rules and Machine Learning
Gathering user data isn’t the hard part. It’s running it through the right rules to create a reliable risk score that can be challenging. This is why it’s important to have access to as many data points as possible, but also to be able to test and experiment with your risk scores.
For instance, SEON lets you create rules based on the most commonly aggregated data points such as IP address, device and credit card data. But we also found that the following information could go a long way in reducing friendly fraud and multi-accounting:
- Card BIN Range: it can identify a prepaid card which should increase suspicions. Expiration dates can also reveal risk, and so do card numbers from unusual banks.
- Site referral: Traffic coming from a bonus abuse forum or excel sheet increases risk.
- Password: The passwords shared with multiple customers can indicate fraudulent syndicates.
- Security question and answer: Finding the same in use by multiple accounts is a strong indicator of multi-accounting.
- Deposit sizes: Users who take the full bonus value and assume there is no winnings cap should be marked as suspicious.
Combining these data points with velocity rules gives you a much more precise understanding of fraudster behaviour. Best of all, you can use our Machine Learning engine to generate rules based on historical data, and test them in a safe environment before deploying them live.
Get Better Gaming Fraud Prevention Results Today
Did you know that 77% of bonus abusers in iGaming do not have any social media presence related to their email address? Or that only 10% of bonus abusers have a Facebook account registered with their email address.
These are exactly the kinds of insights you can uncover with SEON’s fraud prevention tools, ranging from lightweight data enrichment to a full end-to-end, modular solution that integrates seamlessly into your platform. To see how SEON can help your esport gaming company reduce chargebacks, perform better KYC checks, and block bonus abuse and mult-accounting, don’t hesitate to contact us for a free demo today!