This type of fraud is a complex and costly problem in iGaming. Let’s explore how to stop it.
One thing I always tell people is that iGaming operators don’t have it as easy as you might think. Not only are they in a highly competitive market, but they’re also under constant pressure from national regulators. Responsible gambling, AML, strong KYC and other territory-specific requirements make it challenging to operate compliantly.
To make matters worse, they’re a common target of fraudsters. Constant attacks such as account takeover (a.k.a credential stuffing), chargeback fraud and bonus abuse mean that the risk teams have to remain alert, prepared, and delivering the best performance at all times.
But one form of fraud is particularly damaging, and that’s affiliate fraud. Let’s see why it happens, why it hurts so much, and how to prevent it at your iGaming company.
What is iGaming / Gambling Affiliate Fraud?
iGaming and gambling affiliate fraud includes any deceitful action taken by a third party to exploit marketing techniques such as affiliate partnerships, PPL, or PPC.
Marketing is heavily regulated for iGaming and gambling companies, which is why they often rely on 3rd party affiliates to bring traffic to their site. While SEO, PPC, media advertising, exhibitions, and other offline activities can also be part of the bigger strategy, in terms of ROI, affiliate marketing tends to give the best results.
Unfortunately, affiliates take advantage of these marketing techniques, using fraudulent techniques such as multi-accounting, bot traffic, and more.
How iGaming / Gambling Affiliate Fraud Works
In iGaming and Gambling, the fraud risk depends on the marketing technique:
- PPC (pay per click): malicious affiliates will send traffic towards your site without the users’ consent. There’s no shortage of options here, from malicious browser extensions or fake links hidden under your browser text and images (pop-under). more sophisticated bots could also register accounts, deposit, and even go for free spins or matched bonuses, where affiliate fraud crosses over into bonus abuse territory.
- Cost-per-lead (CPL): unscrupulous affiliates will exploit it to generate fraudulent traffic with a network of bots, who can be sophisticated enough to onboard automatically, going through all the right steps to trigger a reward.
- Revenue-share model: If you give the players a share of your revenue, it opens the door to player collusion. High-value players can bond together and take huge risky money bets against the casino. Their individual losses will be limited and under control, but potential profit will be huge – and certainly damaging for your business.
Inherent Risks of Working with AffiliatesWithout a doubt, the riskiest affiliate programs are in the pay per lead or cost per acquisition models. Click To Tweet
Working with affiliates means creating partnerships with third parties. In the fast-paced world of iGaming, it can be very hard to vet every partnership and perform your due diligence. The inherent risk of working with affiliates is therefore that you are working with the unknown, allowing fraudsters to take advantage of the situation.
The key point to remember is that your affiliates will know exactly how to trigger the rewards. You’re essentially giving them a guidebook on how to perform affiliate fraud and marketing scams, which is why trust and vigilance are of the essence.
SEON offers a complete set of fraud fighting tools that grow with your business
Book a Demo
4 Ways to Stop iGaming / Gambling Affiliate Fraud
So how do you stop iGaming and gambling affiliate fraud? With adequate risk management features.
Monitor the Traffic
The good news is that isolating bad affiliates shouldn’t be too hard. New customers coming from a referral will have an ID, and you should deploy systems to slice and dice that data.
Within SEON Sense, for instance, the Affiliate tab lets you clearly identify the quality of your partners, to detect affiliate fraud. You can sort them based on the number of conversions they brought to your business, or the percentage of approved vs. declined onboarded users.
Which is useful in and of itself, but still begs the question: How do you acquire and filter user info to automatically decide what makes them good or bad for your iGaming organization? The answer: data enrichment, specifically thanks to device fingerprinting.
Enable Device Fingerprinting
In fraud prevention, the more knowledge you have about your users, the better. And the key for iGaming operators, who tend to automatically onboard users, is to enrich data as soon as people land on your website.
Which is why one of the most important sources of intelligence you can tap is probably device fingerprinting. Put simply, it is designed to scan the configuration of software and hardware from the user and identify their connection with what we call hashes.
These hashes are effectively user IDs, and they offer a surprisingly clear picture of who the users are. This is true whether they clear their cache, switch browsers, use incognito mode, or rely on emulators and spoofing tools – a practice that often points to bot usage.
SEON’s solution, whose progress I’ve been monitoring for some time, was developed with Gabor Gulyas (from Panopticlick). And as far as I can tell, it is one of the most complete device fingerprinting solution on the market, working with real-time data to help you answer questions such as:
- Have they appeared on the site before?
- Do they switch devices too often?
- Is the software they use suspicious?
- Do they use emulators like FraudFox, AntiDetect, Kameleo, Linken Sphere or MultiLogin?
- And more importantly: are they likely human or bots?
For a list of all the parameters SEON’s Device Fingerprinting tool can aggregate, you can read our dedicated post here.
And don’t forget that device data enrichment is only one of the tools in your arsenal to detect affiliate fraud, however combining it with social media lookup, IP, email and phone analysis, you can build the most complete profile of your players, before they even reach the withdrawal stage.
Analyze User Behaviour
Thanks to device fingerprinting and other data enrichment tools, you can get a good idea of who users are. But the other key element is to confirm suspicions users by looking at their behaviour.
In the world of fraud detection, this is done by feeding data through risk rules, which output risk scores. For instance, you could have a rule that increases risk if the user connects with an email address from a free domain. Another one could increase risk if they use a VPN.
You also need to look at their actions on your site, specifically using velocity rules. These work with more complex parameters, for instance, the number of connection attempts per minute, or how fast the fields are filled.
Here again, I was pretty impressed by how SEON leverages the power of machine learning for fraud detection. It’s entirely possible that some a bad affiliate program may be invisible to even the most astute risk managers. But by feeding your user data (both historical and current) to their engine, the algorithm can help suggest rules that highlight suspicious behaviour.
What you get is an invisible security layer that understands how CPA fraudsters behave, before they get to deposit and abandon their account. You can then automatically reject their sign up attempts, even if you’re working with very few user fields, and the bare minimum to meet KYC requirements.
Control the Withdrawal Stage
One of the greatest challenges you might face is dealing with an affiliate who brings you a mix of good and bad traffic. Is it affiliate fraud or not? Your incentive is of course to onboard as many players as possible, but how can you ensure the bad ones slip through the net?
The answer is to take control of the withdrawal step. The same sophisticated risk rules that stopped bots in their tracks can also be applied to block players who are about to cash out their virtual chips.
And while you might already have a risk team on the case here, a tool like SEON’s gives you plenty of options to improve your detection accuracy, and to tailor the rules to how your specific casino does business.
Using custom attributes that were unique to their iGaming operations, for instance, SEON customers improved withdrawal automation from 60 to 90%.
This is a huge time saver for the risk team, who can refocus manual efforts on less clear-cut cases, and decrease fraud rates across the board.
iGaming Fraud Software Solutions
Unfortunately, the burden of monitoring and controlling the traffic is on the operators. The good news, however, is that thanks to fraud prevention platforms like SEON, you have all the tools at your disposal to mitigate affiliate fraud risk based on your specific business model.
Best of all, the same tools used to block bots and collusion players before they onboard can also prevent bonus abuse, account takeover, and credit card fraud. Enriching data will let you know which leads are genuine or not in order to optimize bonus spend – and of course your revenue.
SEON’s anti-fraud tools are designed to detect suspicious usage and uncover hidden fraudsters
Book a Demo
You might also be interested in reading about:
Learn more about:
Sources in this article:
See a live demo of our product
Expert in Customer Base Risk Management
Jeremy is an independent subject matter expert in customer base risk management for the gambling industry having spent 14 years operator-side in businesses.