Andrew Sever
The Big Game: perfect target for cybercriminals?
In 2022, the BlackByte ransomware group published a 292MB file containing sensitive information from the San Francisco 49ers. Like teams, venues and vendors, bookmakers are also in danger as they handle a large volume of personal data in the run-up to major events, during the events themselves and in the aftermath.
With the Big Game coming up soon in Arizona, Sumsub, an all-in-one verification platform that secures the entire customer journey with customizable KYC, KYB, transaction monitoring and AML solutions, has outlined what to expect and how to avoid threats associated with major events.
Expected traffic increases
Last year’s Big Game registered more than 101 million viewers according to the Nielsen consultancy. American fans avidly continue to bet on major sporting events as more and more states legalize gambling following the removal of a federal ban. By the end of 2022, the online betting industry registered a growth of two billion dollars, driven by sports pools.
Based on its experience with traffic spikes at major sporting events, Sumsub expects to see a traffic increase of more than 83% at sportsbooks around the last game of the football season.
“Though major sporting events attract much-desired traffic to betting platforms, cybercriminals and scammers increase in number as well, so bookmakers need to take extra care. Manual verification is not optimal because, with the increased user traffic, onboarding time grows accordingly, so the best choice would be to find a trusted all-in-one verification provider offering an advanced automated solution for KYC, AML and anti-fraud,” said Andrew Sever, co-founder and CEO of Sumsub.
As user traffic increases and verification takes longer, it can be tempting for betting platforms to cut some expenses. This is especially true for bookmakers used to performing manual verification, which can take more than 24 hours under normal circumstances and much longer during big events. Bookmakers know that if verification takes too long, users will go to the competition. As a result, they may be willing to sacrifice verification accuracy for speed.
However, this type of compromise inevitably leads to regulatory sanctions. For example, Entain, the owner of Ladbrokes, was fined £17 million ($20.6 million)—the largest ever fine in the UK—for failing to enforce player security and anti-money laundering measures.
Surge in fraud
Fraud is increasing in the gaming sector. In Q1 2022, fraud increased 50.1% compared to Q1 2021. There was also an 85% increase in fake account registrations compared to Q4 2021. The upcoming Big Game is expected to attract even more fraudsters.
The list of fraud schemes that bookmakers experience is extensive:
- arbitrage betting
- multiple accounts
- identity theft
- account takeover
- money laundering
- affiliate fraud
Cybersecurity threats
“Big sporting events and hacking go hand in hand and the bigger the event, the more threats there are. Attackers can be individual hacker groups looking to make a quick buck or politically oriented groups wanting to steal sensitive information,” added Andrew Sever.
Cyberattacks range from hacking into match broadcasts and security cameras to stealing the personal data of athletes, organizers and spectators. More attention needs to be paid to collecting and storing user data securely, as well as increasing the overall resistance of betting platforms to hackers.
Best ways to avoid threats while enjoying high traffic?
During major sporting events, the challenge for bookmakers is to onboard users without reducing approval rates, all while remaining AML (anti-money laundering) compliant and maintaining security.
The solution is to create an automated verification flow that allows users to easily onboard and go through extra checks only where and when it really matters. Below is a list of checks bookmakers can employ at each stage of the customer journey. There are also some suggestions on how to make this flow even more agile:
Request a minimum number of checks at the time of registration. When a user registers for the first time, platforms may limit verification procedures to collecting names and checking phone numbers or email, and verifying the user’s Social Security Number (SSN). This way, the user becomes familiar with the service and is more motivated to go through the full verification procedure when he really wants to place a bet.
Deploy simplified checks when appropriate. For low-risk users, bookmakers can introduce a simplified check using a single document, as long as it contains identity and address information. This allows users to avoid uploading additional documents to verify their address, thus increasing approval rates.
Add additional checks when users make their first deposit. This could include bank card verification and facial biometric check to ensure that the true cardholder is making a deposit.
Introduce facial recognition to prevent fraud. Doing this at the onboarding stage combats multi-accounting. Adding biometric verification when users log in or recover their account ensures that fraudsters can’t hack it. And it’s often even more important to use it at the stage of withdrawal of funds, which is where more fraud tends to occur.
“Adding these checks to the flow reduces verification time and still ensures security. For example, Kaizen Gaming moved from manual verification to Sumsub’s automated solution, reduced their average onboarding time to 1 minute 39 seconds and increased its overall performance by 350%, all while eliminating fraud,” concluded Sever.
Powered by WPeMatico