How to Detect & Tackle Identity Theft in iGaming

There’s no shortage of reasons why iGaming operators must identify who their customers are.

From detecting bonus abuse to collusive play and even money laundering, here’s how to do it effectively. 

iGaming and Identity Theft: Why It’s a Problem

In an ideal world, you would be able to allow everyone to play on your platform. But being too trusting doesn’t work for iGaming operators. Here’s just a few reasons why:

1. Fraudsters create multiple accounts and abuse your iGaming bonuses.
2. Fraudsters collude to take money from other players.
3. Fraudsters steal accounts from legitimate customers. 
4. Regulators require you to comply with KYC and AML legislation.

Then there is also the risk that you’re dealing with legitimate customers who marked themselves on self-exclusion lists, in which case there are legally defined steps you need to take as a real-money gaming brand.

Healthy gambling regulations require that you monitor them, and failing to catch one of their alternative accounts may land you in legal hot waters. 

How to Detect Identity Theft in iGaming

Detecting fake, stolen, or synthetic identities in iGaming requires deploying a number of tools and strategies. These include:

• Identity verification: Usually done with a third-party IDV provider, which will check an ID document against known databases.
  
• Digital footprint analysis: Relying on alternative data such as IP address information or social media profiles can help verify identities – sometimes also acting as a pre-KYC check to filter out obvious fraudsters.
  
• Device fingerprinting: Investigates the hardware and software setup of the user to catch multi-accounting, ID theft, and other red flags. Will, for example, flag known software and tools used by fraudsters to trick their victims.
  
• Behavior analysis: Verifying someone’s identity is one thing, but understanding if customers act like legitimate customers is also key in helping flag fraud. 

• Spotting connections between users: Uncovering links between a number of accounts can point to fraud rings, multi-accounters, or collusive players, all of whom are likely to have used fake IDs to register on your iGaming platform.

Why Are Identity Theft Checks Important for iGaming Companies?

Catching identity theft is a legal requirement for KYC compliance. Anti-money laundering regulations also push iGaming companies to learn more about their users.

So, in essence, you want to understand who you’re dealing with to:

• avoid regulatory fines
• continue operating in high-risk markets
• stay out of legal trouble
• protect your revenue from abuse
• protect your users and reputation
• be able to grow your business

When fraudsters manage to infiltrate your games with fake profiles, your reputation as a safe, player-friendly platform may suffer. This is particularly damaging for online casinos that host multiplayer games such as poker.

3 Top Custom Rules to Verify Identities in iGaming

Before you even send your user data to an identity verification provider – which is an expensive, high-friction step to take – it’s possible to run quick pre-KYC checks to verify their identity. Here are three excellent examples of custom rules to help with that.

#1: Does the Customer Have an Online Presence?

It’s no wonder that, in today’s day and age, an absence of social profiles is a strong indicator that you may be dealing with a fraudulent, made up profile. Or one created to pretend they’re someone else. 

Everyone has some level of online footprint but online accounts are hard and time-consuming to create for fraudsters. Plus, the fraudster needs to pass the platform’s own verification checks, which requires extra work. Building a convincing online profile spanning across websites takes even longer.

So, if you’re looking for a fast way to flag highly suspicious accounts (that probably point to identity fraud), this is a fantastic tool in your fraud-fighting arsenal. 

However, there is always the likelihood you are dealing with a privacy-minded player instead, which is why you should use this information as part of your risk-scoring strategy rather than the only way to decide.

#2: Suspicious Device or Browser

Another way to stop those who create accounts with stolen identities: You can catch people who pretend they’re connecting from a new device.

Whether it’s via a computer or mobile device, fraudsters need to access your iGaming site. And the browser they use can leave traces that point to multi-accounting or identity theft. 

In terms of data signals, you’ll want to look at the use of privacy-enhancing browsers and tools, such as Tor and VPNs. You should also look at spoofed data, which is manually tweaked to provide false information. 

At SEON, we have several built-in rules dedicated to identifying suspicious browsers. They will look at the age, version, and spoofed data points that fraudsters may rely on to pass your iGaming KYC checks.

Note that there is a chance you could be dealing with legitimate players whose configurations happen to look suspicious. This is why you want to increase the fraud score for each suspicious data point rather than outright block access to your site. 

#3: Suspicious Country Data from Card Lookup

We’ve looked at two custom rules set at signup. But in iGaming, you will find there is also great value in a screening stage when the user first deposits money into their account. 

Even if it’s to claim a new signup bonus, chances are that you ask for card information. If the data appears suspicious, it could point to identity fraud. 

In the screenshot above, we’ve highlighted two key results of our card lookup.

One, the CVV is wrong. The fact that it’s a US card isn’t alarming in itself, but combined with our rule below, you should have reasonable doubt to question why a Russian IP address would deposit using a US payment method. Perhaps this means it is time for a manual lookup, or perhaps warrants monitoring of the user.

It all depends on your risk appetite.

How SEON Helps iGaming Operators Detect Identity Theft

SEON works closely with a number of high-profile iGaming operators, allowing them to stop fraud and streamline their operations. Specifically:

• optimize the onboarding process while meeting KYC requirements
• Aid in kyc automation
• stop fraudulent deposits and withdrawals 
• catch bonus abuse and affiliate fraud
• find out who is lying about their identity
• flag suspicious behavior that could point to player collusion
• find who may be an AML risk to comply with legislation
• and more

With a strong focus on low-friction intelligence that does not cause player churn, SEON allows you to know as quickly as possible if your customers are who they say they are – or identity thieves and fraudsters masquerading as genuine players.

Related Case Studies

• iGaming Operator Catches 90% More Multi Accounting With SEON’s Tech
• iGaming Operator Leverages SEON to Design Abuse-Proof Bonuses and Reduce Self-Exclusion Fraud

Related Articles

• Guide to Synthetic Identity Fraud: Prevention & Solutions
• How to Prevent iGaming Fraud in 2022