Follow Us! ThumbsUp
How to Prevent Account Takeover in iGaming

Account takeovers in iGaming are a key pain point for operators, especially given the expensive, unauthorized transactions that could occur if fraudsters gain access to accounts on such a platform.

Professionals in the sector will benefit from knowing about both the dangers and the solutions relating to ATOs in iGaming, so let’s take a look at some crucial facts about this problem and how you can prepare your iGaming site against account takeovers.

Reduce Fraud Rates by 70–90%

Partner with SEON to reduce account takeover rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

Why Is Account Takeover a Problem for iGaming Companies?

Account takeover fraud (ATO) is a persistent and costly issue that can cause iGaming companies to lose one or more of the following assets:

  • the control that they have over their customers’ accounts and the safety of those accounts
  • much of people’s trust in and respect for their business
  • their financial stability
  • their overall degree of organizational security
  • their compliance and even, as a result, their license

On top of this, account takeovers are particularly damaging to iGaming companies because iGaming is a sensitive, pressurized, and often volatile industry. The companies behind it are therefore especially affected by account takeover attacks.

Let’s delve deeper into some of the ways that ATOs pose problems to iGaming companies.

ATOs Make It Harder to Trust iGaming Brands

iGaming is an inherently sensitive space. After all, it involves gambling and other forms of betting and therefore requires trust and security throughout. A takeover of an iGaming account is particularly damaging when you consider how sensitive the information and money stored within already is.

When those private details are proven not only sensitive but also insecure and exploitable, the problem of customers’ broken trust becomes even more challenging for iGaming companies to alleviate.

ATOs Lead to Bad PR Pressure

For iGaming companies, there is the pressure of bad PR and press that could occur when a customer reports to public channels that their online account has been broken into and the gambling operator could not stop it. Naturally, there would be concern about their bankroll.

The Incidence of ATOs Is Volatile

iGaming companies can encounter ATOs anywhere along economic cycles, in both peaks and troths, which makes them hard to counteract in a consistent way. This is because their rate of incidence can suddenly increase depending on external events and contexts, such as the ATO surge that follows the explosion of phishing cases during the festive season.

In addition, there are, of course, many other ways in which account takeovers are a problem for iGaming companies. In fact, an ATO fraudster may even use a hijacked iGaming account to carry out money laundering, which could lead to the iGaming company itself facing a fine or worse.

In any event, many of the reasons that account takeovers are collectively such a problem to iGaming companies will stem from the sensitivity, pressurization, and volatility that iGaming companies deal with due to the very nature of the industry.

How Do You Detect ATO in iGaming?

If you would like to detect account takeovers in iGaming, you need to ensure that your iGaming site is equipped with sophisticated fraud prevention and additional security measures such as multi-factor authentication. It is also vital that you remember some common problems relating to ATO in iGaming and the solutions to those problems, such as the following tips.

  • Utilize activity monitoring software: ATOs are often associated with unusual login activity and a sudden increase in high spending. To counteract this, utilize user activity monitoring software and ensure that all your users are made to use multi-factor authentication. And even with these measures taken, always treat unusual account activity with caution and remind your customers to stay aware of the potential for phishing attacks.
  • Have a strong bot mitigation strategy: ATOs are often achieved through bot attacks, especially advanced bot attacks that can bypass typical CAPTCHAs. Make sure you’re prepared for this. In addition to using CAPTCHAs, consider benefiting from the nuances of human-specific behavior: Behavioral analysis will be able to spot human-specific actions that a bot could never carry out. Such actions include making distinctly human cursor movements, or navigating websites and executing actions at a human-like velocity, as opposed to the speed of a bot.
  • Be transparent with customers: It is easier to detect account takeover attacks when you are not inundated with them – and have your customers helping you in the process. Warn iGaming customers of the dangers of social engineering attacks and the need to report them. This transparency and advice will limit how often ATOs can occur in the first place.

    Advise your customers clearly and frequently that you’ll never ask for their passwords or use emotive/persuasive language to force them into knee-jerk responses. And, of course, ask them to report any such behavior to you. This will not only limit the number of potential account takeovers, but also increase your organization’s knowledge relating to how to tackle those attacks targeting your organization specifically.

Even if you act on all of this advice, never believe that you have done everything you can to detect ATO in iGaming. Your strategies for ATO detection, risk mitigation, and risk avoidance should never be static. Ensure that they are always well-informed, frequently updated, and altogether scalable.

Top 3 Custom Rules for Account Takeover in iGaming

SEON’s software allows individuals and organizations to focus their search for potential ATO threats by using custom rules. These are various criteria that help SEON’s users monitor for particular suspicious activity, such as the number of users who have failed password attempts, thresholds for unusual transaction behavior, unusual spending velocities, and so on.

In addition to determining the fraud score for each transaction, these factors and much more help both the software and the user to determine whether certain account activity is cause for concern.

For example, take an ecommerce business owner who wishes to observe the account activity of their online customers. That person can use SEON’s custom rules to filter their search for a sudden and suspicious spike in their new subscribers.

Focusing their search criteria on such a spike can also help the shop owner to determine whether an affiliate fraud attempt may be upcoming or even underway.

Let’s now focus on three custom rules that can help SEON’s software to fight account takeover fraud in iGaming.

#1: Suspicious Increases in Transactions

In the context of iGaming, because many online players are already spending a lot of money on gambling, it is hard to tell whether substantial transactions are suspicious or not. Unless, that is, those payments occur in quick succession and are not only high – but high even when they’re compared to the account holder’s previous transactions.

Anyone wishing to counteract iGaming ATOs will benefit from using this logic and applying it to the following custom rule: Check for a 200% increase in transaction value compared to previous transactions, within one day. By creating this rule, users allow their SEON software to focus on both abrupt and significant increases in an account holder’s spending habits.

200% Increase in transaction value

As reflected in the above screengrab, any user who spends, in the period of one day, upwards of twice as many dollars as they usually spend will trigger a response from SEON’s software.

Above, the user has set their SEON platform to add 20 points to the holistic fraud score of anyone who triggers the 200% transactional increase custom rule.

This is one of the many examples of how SEON’s custom rules can help users to combat iGaming ATO attacks by considering their own risk appetite, assigning their own risk values accordingly, and ultimately helping the software to inform their own fraud prevention decision-making process.

#2: Unrecognized Device Hash

An unrecognized device hash may be suspicious because it means that a user has logged in on a completely new machine, such as a smartphone or laptop that’s not registered to the given account.

While the unrecognized device alongside any other potential red flags could be innocent coincidences, fraudsters will almost always be flagged as using unrecognized devices as they break into a person’s account from a different device than the legitimate player.

This makes the risk associated with an unrecognized device hash a matter of individual risk appetites, and SEON users who wish to counteract iGaming ATOs should therefore use a custom rule that reflects their particular risk adversity. One solution is to use a rule that increases the fraud score by a small – but nevertheless significant – number for any instance of an unrecognized device hash.

Unrecognised Device Hash

As reflected in the above screengrab, with all of these points in mind, many users of SEON will assign a fraud score of 10 to the Unrecognized Device Hash custom rule. This is a practical way of ensuring that your iGaming ATO mitigation and prevention strategies are both proactive and proportionate.

#3: Account Using the Tor Browser

The Tor router (also sometimes called TOR because it’s an acronym for The Onion Router) is used to ensure privacy and security on the internet. Naturally, a lot of Tor users utilize it purely to feel safe online. However, if an account is already looking like it has a potential ATO attacker and they’re using Tor, then there is a legitimate reason to question the Tor user’s integrity.

SEON not only detects Tor users but also allows its software customers to assign their own fraud score based on how suspicious they consider a detected Tor user to be.

As reflected below in the screengrabbed example of the custom rule – Customer is using TOR – the use of Tor is very suspicious indeed. The iGaming platform may decide to block them based on their fraud score, or ask them for further proof they are who they say they are – but out of the box, SEON will suggest an increase of +95 fraud points whenever Tor is identified.

TOR risk rule

Having a clear understanding of the potential risks associated with Tor users and applying SEON’s default rule – or one customized to the organization’s particular sensitivities – is a crucial way to enhance your approaches to tackling iGaming ATO risks.

Help Your iGaming Company Fight ATOs with SEON

Partner with SEON to help reduce account takeover rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How SEON Helps iGaming Fight Against Account Takeover Attacks

SEON helps iGaming fight against account takeover attacks by equipping its users with software that can detect an extensive range of potential red flags in iGaming at the login stage, such as substantial gambling transactions that are suspiciously high in price and frequency, as well as other behavior that deviates from known patterns for that customer.

Knowing and detecting these red flags will help iGaming business owners weigh up the likelihood that an ATO has taken place. In fact, iGaming platforms’ fraud analysts are able to easily create any custom rules they wish to suit their particular risk appetite and circumstances. If you prefer, SEON’s Customer Success team can create those rules for you instead, or in collaboration with your team.

Ultimately, it is software such as SEON’s platform whose fraud fighting efforts not only detect and counteract account takeover attacks, but also fundamentally deter potential ATO attackers.

After all, fraudsters only commit the crimes that they think they’ll get away with!

Related Articles for Account Takeover Attacks


Share article

Speak with a fraud fighter.

Click here

Author avatar
Tamas Kadar

Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox