How to Prevent Cryptocurrency Account Takeover

Published on November 23, 2022 by Tamas Kadar
There’s no shortage of reasons why iGaming operators must identify who their customers are.
From detecting bonus abuse to collusive play and even money laundering, here’s how to do it effectively.
In an ideal world, you would be able to allow everyone to play on your platform. But being too trusting doesn’t work for iGaming operators. Here’s just a few reasons why:
Then there is also the risk that you’re dealing with legitimate customers who marked themselves on self-exclusion lists, in which case there are legally defined steps you need to take as a real-money gaming brand.
Healthy gambling regulations require that you monitor them, and failing to catch one of their alternative accounts may land you in legal hot waters.
Read how the iGaming operator spots connections between accounts with SEON’s tech.
Read the Case Study
Detecting fake, stolen, or synthetic identities in iGaming requires deploying a number of tools and strategies. These include:
Catching identity theft is a legal requirement for KYC compliance. Anti-money laundering regulations also push iGaming companies to learn more about their users.
So, in essence, you want to understand who you’re dealing with to:
When fraudsters manage to infiltrate your games with fake profiles, your reputation as a safe, player-friendly platform may suffer. This is particularly damaging for online casinos that host multiplayer games such as poker.
Before you even send your user data to an identity verification provider – which is an expensive, high-friction step to take – it’s possible to run quick pre-KYC checks to verify their identity. Here are three excellent examples of custom rules to help with that.
It’s no wonder that, in today’s day and age, an absence of social profiles is a strong indicator that you may be dealing with a fraudulent, made up profile. Or one created to pretend they’re someone else.
Everyone has some level of online footprint but online accounts are hard and time-consuming to create for fraudsters. Plus, the fraudster needs to pass the platform’s own verification checks, which requires extra work. Building a convincing online profile spanning across websites takes even longer.
So, if you’re looking for a fast way to flag highly suspicious accounts (that probably point to identity fraud), this is a fantastic tool in your fraud-fighting arsenal.
However, there is always the likelihood you are dealing with a privacy-minded player instead, which is why you should use this information as part of your risk-scoring strategy rather than the only way to decide.
Another way to stop those who create accounts with stolen identities: You can catch people who pretend they’re connecting from a new device.
Whether it’s via a computer or mobile device, fraudsters need to access your iGaming site. And the browser they use can leave traces that point to multi-accounting or identity theft.
In terms of data signals, you’ll want to look at the use of privacy-enhancing browsers and tools, such as Tor and VPNs. You should also look at spoofed data, which is manually tweaked to provide false information.
At SEON, we have several built-in rules dedicated to identifying suspicious browsers. They will look at the age, version, and spoofed data points that fraudsters may rely on to pass your iGaming KYC checks.
Note that there is a chance you could be dealing with legitimate players whose configurations happen to look suspicious. This is why you want to increase the fraud score for each suspicious data point rather than outright block access to your site.
We’ve looked at two custom rules set at signup. But in iGaming, you will find there is also great value in a screening stage when the user first deposits money into their account.
Even if it’s to claim a new signup bonus, chances are that you ask for card information. If the data appears suspicious, it could point to identity fraud.
In the screenshot above, we’ve highlighted two key results of our card lookup.
One, the CVV is wrong. The fact that it’s a US card isn’t alarming in itself, but combined with our rule below, you should have reasonable doubt to question why a Russian IP address would deposit using a US payment method. Perhaps this means it is time for a manual lookup, or perhaps warrants monitoring of the user.
It all depends on your risk appetite.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
SEON works closely with a number of high-profile iGaming operators, allowing them to stop fraud and streamline their operations. Specifically:
With a strong focus on low-friction intelligence that does not cause player churn, SEON allows you to know as quickly as possible if your customers are who they say they are – or identity thieves and fraudsters masquerading as genuine players.
Showing all with `` tag
Click here
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
The top stories of the month delivered straight to your inbox