Cyber Criminals Target Online Gambling Sites

Tuesday, March 22, 2011

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Do you gamble online? Millions outside the U.S. do and love it.

My gaming experience consists of online Solitaire and Tetris, which shows you how adventurous I am. But for those who gamble online, there can be significant risks.

The same cyber criminals targeting banks and retailers working hard to collect and sell stolen personal data, including names, addresses, Social Security numbers, and credit card details, are using those stolen identities to win big in defrauding online gambling sites.

And as more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more sophisticated ways to take advantage of legitimate players and the gambling sites themselves.

Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse.  Plus, the operators have the responsibility of keeping problem gamblers (self-excluders) from re-entering their sites.

Bonus incentives, as explained in this case study on WagerWorks, are offered to attract new players to games and to increase overall play time, but these incentives also attract the attention of cyber criminals since they can set up multiple accounts under stolen identities, and take advantage of the free money offered for each new account.

Gambling sites, like banks and retailers, are forced to deal with a wide spectrum of Internet crimes and other in-game abuses that cost the industry hundreds of millions of dollars in fraud losses each year.

Many gambling sites have increased efforts to detect suspicious players, but Internet-savvy criminals have learned to mask their true identities, changing account information to circumvent conventional methods of fraud detection.

It is increasingly necessary for online casinos to deploy more effective solutions, which analyzes information beyond that which is supplied by users.

By starting the fraud detection process with a device reputation check from companies like Oregon-based iovation Inc., gambling sites can stop problem players within a fraction of a second and avoid further checks and fees when the device is known to be associated with fraud. 

According to Chrystian Terry, Director of Casino Operations at WagerWorks, “iovation helped us shut down 20 sophisticated rings. Imagine the lifetime value of bonuses on nearly 300 accounts – that’s tens of thousands of pounds! The service paid for itself on the first day.”

At the recent Caribbean Gaming Show and Conference in Santo Domingo, Max Anhoury, Vice President of Global Sales at iovation, shared in his presentation to attendees that 350,000 fraudulent attempts within gambling sites alone have been reported and shared in their global knowledge base in the last 12 months.

And while iovation’s database of half a billion devices typically sees about 2% of devices within most industries associated with negative behavior, within the online gambling industry, that number increases to 5% of devices associated with fraud.

That’s approximately 500,000 “known” unique devices trying to defraud gambling sites. Sites armed with device reputation know when they are on their sites and can keep them out.

The online casino industry has an opportunity to work in tandem with merchants, banks, travel sites and even shipping companies to share data that helps pinpoint the devices responsible for fraudulent activity.

Shared device reputation intelligence makes this possible for the first time.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Social Security Numbers as National IDs on Fox News. (Disclosures)
Possibly Related Articles:
6645
Webappsec->General
fraud Web Application Security Cyber Crime Online Gambling
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.