iGaming operators must do more to ensure geo compliance. Here’s how your IP address geolocation service can evolve.
In early 2019, an individual in Nevada somehow managed to trick the online Hard Rock Casino site into thinking they were based in New Jersey.
The person lost a $29 bet.
A perfect example of how modern technology allows us to be connected at all times and anywhere in the world, and yet the legislations that govern online casinos are still a relic of the past.
As we’ll see in this post, these laws create all kinds of problems, challenges, and incentives for players to cheat the system. Non-abiding by geo compliance laws risks you hefty fines, but also opens the door to gambling fraud such as multi-accounting and bonus abuse.
The Downsides of Digital Fences
Regardless of their views on regional licensing laws, online casinos have to make sure of one thing: that users are where they say they are.
And the first port-of-call is to use a product that monitors and filters IP addresses. Using in-house IP analysis or an IP lookup tool from third-party solutions, they can try to guess where visitors are connecting from, and block those in unsupported areas.
Unfortunately, anyone familiar with the following image will have no trouble understanding the discontentment felt by players.
And imagine how much more frustrating it is when people fail to access their legitimate account on holiday, or when their location is determined based on where the data comes from. An AT&T customer based in New Jersey, for instance, may have their legitimate betting account blocked if the IP appears to be from Texas.
Player Churn, User Friction and Privacy Concerns
Another IP monitoring solution involves asking players to install tools themselves. These third party solutions act as a monitoring solution, either as:
- An app that people must download on their phone
- A browser extension that they must install
- Software that must stay on their computers at all time
While in theory the technology improves accuracy, their effectiveness also leaves a lot to be desired, which becomes apparent when you look at user reviews for one of the most popular IP tracking tool on the App Store:
These include complaints about users who cannot access their accounts, are inexplicably blocked from placing certain bets only, or simply cannot get the app to work properly on their devices.
And let’s not forget that installing what is essentially a tracking app raises all kinds of privacy concerns. Players may have no issues knowing that their IP address is analysed, but actively reporting their exact location (sometimes within meters) is not a step they are willing to take lightly.
Creating all these obstacles has clear consequences: it adds friction to the user experience, damages the casino’s reputation, and frustrates legitimate players trying to access their accounts.
It’s no wonders players take matters into their own hands and begin manipulating their IPs…
The Many Ways Players Fake IP Addresses
A quick Internet search will reveal hundreds of tutorials on how to effectively use a VPN or proxy to access betting sites abroad.
These online resources even list casinos based on their licenses and restrictions, and actively compare different VPNs designed to bypass casinos’ digital fences.
With a projected 12% CAGR between 2020 and 2026, the speed of the VPN market’s growth is remarkable, which gives geohackers increasing options and resources to fake their locations for online gambling.
Evolving IP Spoofing Tools
Geochackers and compliance solutions play a constant game of cat and mouse. The advances in technology give those trying to fake their IP addresses the advantage.
Our consultant and data privacy expert showed in this post how easy it is to change an IP address using Chrome extensions, or advanced spoofing tools – and the kind of technology you need to detect these hacks.
GeoHacking and Fraudsters
“If you can spot IP spoofing, you’re esentially killing two birds with one stone: reducing your fraud rates and improving geo compliance at the same time.”
Players have no qualms about using IP spoofing tools repeatedly. In March 2019, New Jersey’s Division of Gaming Enforcement seized $90,000 from an online gaming account belonging to a man playing from California.
But IP spoofing tools could also point to more serious fraud. We’ve written about curbing bonus abuse in iGaming, but fraudsters and criminal organizations will need multiple accounts to exploit your site. And the only way to do it is to control their IP addresses.
If you spot IP spoofing, you’re killing two birds with one stone: reducing your fraud rates and improving geo compliance at the same time.
Where Fraud Prevention Tools Can Help
An IP address geolocation solution, when it works, is only really designed to do one thing: track where users are.
Fraud prevention tools, on the other hand, offer many advantages. Their IP monitoring features is extremely sophisticated. Integrating SEON will give you a real-time view of:
- Geolocation: pings local servers to get a rough longitude, latitude, country, city and zip code. You can also find a time zone from the right database. Reveals whether a customer is travelling too fast or if their login info matches that of the account and associated withdrawal address.
- TOR or VPN usage: find out if the ISP residential, or from a public library, web server and datacenter. This can uncover VPN usage and TOR exit nodes.
- Open port scan: we can scan ports to understand whether the user is using proxies, and calculate how risky the connection is.
- Spam checklist scan: cross-reference IP addresses to see if they have previously been flagged on spam blacklists. Those found on the DNSBL (Domain Name System Blackhole List) and RBL (Real-Time Blackhole List) are much more likely to be fraudulent than regular users.
The Power of Device Fingerprinting
A simple plug-and-play code integration on your platform (or iOS and Android app) will reveal hundreds of data points. By looking at their software and hardware configurations, we can clearly see if users:
- Use specific browsers designed for geo hacking
- Automate login attempts for multi-accounting or bonus abuse
- Switch browsers, clear their cache or use incognito mode
- Spoof their connection data with emulators
With SEON, risk calculation comes in the form of a predictive fraud score.
The scores are calculated with rules, which can be preset for iGaming compliance, or customized to your business needs.
Your casino can create “dynamic friction”, only requesting more information on the player’s part when, say, they are logging into their account from a new device, or abroad.
How One SEON Client Prevents Risky Actions
There are many parallels between geo compliance and anti money laundering regulations. One of our clients, for instance, uses SEON to analyse user data and connects our platform via a Slack integration.
Their risk team is immediately alerted when a user performs an action that could risk them a compliance fine, which allows them to grow their business with more peace of mind, while proving to regulators that they have the right systems in place.
You can read more about SEON and productivity hacks here.
Finally, there’s one huge advantage of advanced fraud prevention tools over geo compliance vendors, and it’s that the whole analysis is completely invisible to the end-user.
No need for your players to download an extra app on their phone or computer. You can simply gather data as soon as they start browsing your site, and use that knowledge to facilitate their onboarding.
One great example is age verification. You can either ask the user to jump through hoops with a special field with a date of birth, or use a passive screening solution like SEON’s social media lookup to gather that information by yourself.
Geo compliance and geolocation technology are controversial topics in many industries. But the fines demanded by iGaming regulators are particularly damaging, and the rules are challenging to meet.
And while there is no shortage of IP address geolocation services, the technology tends to only look at one data point, which may not be enough to block geohacking users, or for that matter, sophisticated fraud attempts.
At SEON, we believe online casinos and iGaming operators deserve more robust risk tools to lower your customer acquisition cost while controlling compliance exposure.
You might also be interested in reading about:
- SEON: Online Gambling Fraud: How It Works & How To Stop It
- SEON: How to Prevent iGaming Fraud
- SEON: Stop Multi Accounting Fraud
Learn more about:
Speak with a fraud fighter.
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
Sign up for our newsletter
The top stories of the month delivered straight to your inbox