How to Detect Gnoming & Multi Accounting for Matched Betting

Matched betting, multi accounting and gnoming may not always be illegal, strictly speaking, but iGaming brands have a lot to gain from identifying and stopping these practices.

In addition to protecting your bottom line, a better strategy to prevent multi accounting will keep good players happier, and boost your risk mitigation overall.

Here’s how.

Why Is Multi Accounting Matched Betting a Problem in iGaming?

Matched betting, when users rely on bonus offers and probability to win bets rather than pure chance, is already a problem for iGaming operators. It skews the odds in the favor of the customer, which isn’t technically illegal but rather frowned upon.

Here are some of the unintended consequences:

  1. Matched bettors realize they can multiply their winnings by the number of accounts they control.
  2. They begin to create multiple fake accounts, often pretending they’re for friends and family – a practice called gnoming.
  3. There is an inevitable incentive to create accounts for non-existing people or use stolen credentials (which is downright fraud).
  4. All the new accounts can claim signup bonuses, then used for matched betting.
  5. The multiple accounts skew your marketing analytics and damage your bottom line.

In short, matched betting attracts the wrong kind of players to your site.

Now, multi accounting, it should be noted, is a wholly fraudulent practice. This involves creating multiple accounts using different identities – all of which are controlled by the same player. 

Gnoming, when a player controls multiple accounts ostensibly created for friends and family, or just non-existent people, is more challenging to prove and prevent – though it is discouraged in operators’ Terms and Conditions, if not forbidden.

How Do You Detect Gnoming and Multi-accounting for Matched Betting?

Detecting any kind of multi accounting attempt starts by spotting connections between users. While some betting operators may wait until the withdrawal stage to look for similarities in banking details, a much better strategy is to start examining these players at the onboarding stage.

When your new user opens an account for the first time, here is what you should do:

  1. Gather as much as possible (without slowing their journey down too much).
  2. Enrich that data with extra information (more on that below).
  3. Feed the data through risk rules designed to catch multi accounting.
  4. Calculate a risk score to let you decide if the signup is suspicious or safe.

Based on the results of your calculations, you can either automatically allow the user’s registration, block highly suspicious users, or ask medium-risk players for extra verification details – a process sometimes called dynamic friction as it introduces friction only for suspicious users, letting obviously good customers through interruption-free.

gambling user journey

But what about the risk rules we mentioned in step number three above? Let’s look at some of the most effective risk rules for detecting gnoming, multi accounting and fraud rings below.

Discover SEON for iGaming

Boasting unique social and digital footprint analysis, ML and end-to-end customizability, SEON helps iGaming vendors stay safe and grow.

Ask an Expert

Top 3 Custom Rules to Detect Matched Betting Multi Accounting and Gnoming

How can a betting operator or iGaming company detect gnoming? Let’s break down three effective risk rules. 

Gnoming attempts for matched betting don’t tend to be too sophisticated. The player will ask their friend or family if they can open an account for them. But rather than creating every account on the loved one’s phone, computer or tablet, the multi accounting fraudster is more likely to do it all from one device.

Password Hash

This gives fraud fighters a great opportunity to spot connections in how several accounts connect to your site. SEON, for instance, will create encrypted identifying strings of letters and numbers called hashes for:

  • The browser used via browser hash: Browser setups are remarkably unique due to the numerous variables such as developer, version, plugins installed, language, system clock, etc…
  • The cookies found via cookie hash: What are the chances that two web visitors share an identical browsing history out of pure coincidence?
  • The device used via device hash: Similar to browsers, the configuration of software and hardware is a treasure-trove of identifying data.

The key to detecting multi accounting is to gather, enrich and combine all these data points and identify hidden connections between users. If there are similarities, you should definitely flag the accounts as belonging to a potential fraudster.

Operating System

#2: Cookies Not Enabled

So, how would a sophisticated multi accounting fraudster avoid being caught by the aforementioned rules? Simply by hiding their data. Luckily, the act of spoofing, removing, or manipulating data also leaves a trace, which you can pick up during your investigation.

Cookies Not Enabled

In the example above, we can see that our user has deactivated cookies and is trying very hard to spoof a legitimate browser. The system has added risk points for this, bringing their total score to 23.60 – a highly suspicious rating.

Chances are that they are using one of the following tools, which are marketed to data privacy enthusiasts but are commonly used by fraudsters as well.

opsec tools

While some users are indeed concerned about their online data, it’s much more likely that you are dealing with someone who doesn’t want to be found. Ask yourself why, and update your risk scoring accordingly. 

#3: User Connecting via VPN

VPN masking checked on SEON

VPNs are fairly ubiquitous in today’s online landscape, but there is a clear reason matched betting players love them: A VPN allows them to quickly spoof their IP details. 

In fact, if you look at matched betting tutorials found online, one of the first things they will recommend is that you arm yourself with a good paid VPN service. 

For betting operators, this is a balancing act. On the one hand, you don’t want to create too many false positives by blocking every VPN user.

But you also want to be suspicious of users whose connections have been manipulated – especially with other accounts who use the same type of VPN or proxy.

Enter an IP address in the field below to see what SEON’s IP module can tell about someone by examining it, including use of proxies, VPN or Tor:


How SEON Can Help iGaming Companies Detect Matched Betting and Gnoming

SEON is a fully-fledged fraud prevention solution that specializes in real-time data enrichment. Simply put, it’s about giving you a complete view of your online users as soon as they begin creating an account on your site. 

Now, the good news is that all that extra data is sourced in real-time, and it can help you:

  • instantly identify suspicious users
  • spot connections between accounts
  • catch bonus abuse and detecting affiliate fraud
  • flag stolen IDs and synthetic IDs
  • allow good users to sign up with less friction

The goal? To give your iGaming company complete control over how to mitigate risk, and manage your tolerance when it comes to matched betting. 

Partner Up with SEON

Speak with us to get a real-world taste of SEON’s expertise in iGaming fraud prevention, unique social footprinting and granular customizability.

Ask an Expert

Share article

Speak with a fraud fighter.

Click here

Author avatar
Tamas Kadar

Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox