Online sports betting in the U.S. is heating up! As new players are attracted to your betting site and platform, how do you expedite onboarding to optimize their experience? How do you comply with new regulations and combat fraud while not adding more friction?
Join iovation, a TransUnion Company, to understand the challenges facing operators launching in the newly legalized U.S. sports betting market, including:
Expedite onboarding: An onboarding process that is too long or difficult will drive up abandonments, but it’s crucial to balance compliance with player experience.
Age verification: Depending on the state, the legal online gambling age is between 18 and 21. Much like anything elsewhere, if there is an age limit, underage people are going to try and participate.
Bonus abuse: Many operators provide incentives like money or betting to attract players. But often, fraudsters exploit these programs which result in real losses. iovation has seen bonus abuse rise 287% from 2015 to 2018.
Credit card fraud: iovation found credit card fraud increased in online gambling by 155% globally from 2014 to 2018, with an average annual growth of 39%.
Managing play by boundaries: Online gambling may be legal in one state and then illegal within a neighboring state, operators will need to pinpoint a gamblers’ location and limit play where required.
Self-exclusion: It can be difficult to manage legitimate problem gamblers who try to access different sites within a gambling operator’s system, set up new accounts using falsified account details and even change payment methods.
14. 14
Attract New Players, Not Fraud
R i s i n g b o n u s a b u s e
250K
6%
2015 2016 2017 2018
200K
150K
100K
50K
0K
287% Increase
in the Past 3 Years
Not a new concept
6 years ago TU talked about cookies…
Tony Guitar spoke last year about synthetic modeling
Continues to evolve…
NOT to
12 months from July 8, 2019
This requires a wholistic approach that considers both terrestrial identity and digital identity.
Functional Areas of Responsibility and Risk
There are a number of things that the
Over time, using multiple devices as a single user, relationships are built on that anonymous online user or “device ID”
When a transaction arrives, you’re not just looking at a single device and whether it’s a new or existing one, but you’re looking at the usage of all related devices it’s associated with
Is this user doing business in the consortium network?
Total devices seen at more than one subscriber – 84 Million
Transactions from crossover devices – 2.5 Billion
Transactions from crossover devices associated to fraud – 211 Million (8% of transactions from crossover devices)
Through these kinds of relationships, even before you have personal information you can get a good sense of whether someone is here to do business with you or not.
What might be possible if online data, offline data, behavioral data, telephony, reputational and credit histories could be united and carry your transaction beyond an anonymized device?
Rather than relying on customers repeating information over and over, rather than increasing the degree of difficulty of online security question tests, what could you do if you could see more –
About the device they take everywhere with them to do business with everyone in the world
About their payment history
About their public records, their registrations and licenses
About the address they live at, the SSN they’re claiming as their own, the mobile number you’re SMSing them????
Bonus abuse was again the number one reported fraud by our gambling clients in 2018. We saw a 68% increase from 2017 to 2018
And In the past 3 years, we’ve seen a rise 287%
Many operators are augmenting KYC solutions with predictive analytics.
We provide a layered approach to managing bonus abuse.
Identify potential good customers – our machine learning solution allows you to predict the likelihood that a transaction will become fraudulent. This is very helpful in on boarding because you can decrease barriers for low risk customers and only challenge those where risk is predicted.
Known customers – with our device-based authentication you can confidently identify devices associated with known, good customers, and target your promotions to only those accounts
Stop repeat offenders – our consortium allows you to report promo abuse and share that with our network of customers. Get alerted to devices that have a history of promo abuse or that are associated with other devices linked to promo abuse
Velocities – another way we fight promo abuse is by looking at velocities. If you have a single device that has setup 100 new accounts in an hour, that’s not a normal consumer behavior and likely requires further investigation
Financial Fraud
Over the past 5 years, we’ve seen credit card reports increase 155%, an average annual growth of 39%.
Operators are met with the challenge of reducing credit card fraud without increasing false declines, reviews and unnecessary step-ups.
(ALL GEOS)
At least 16 separate security breaches occurred at retailers from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores. - https://www.businessinsider.com/data-breaches-2018-4
Data breaches were up 45% in 2017, with the flood of stolen credentials and personal data available on the dark web fraudsters are using that data to perpetrate ATO through a variety of tactics.
Credential Stuffing - According to Verizon’s 2017 Data Breach Investigations report the number of data breaches involving stolen or weak passwords has gone from 50 per cent to 66 per cent to 81 per cent during the past three years. This alarming trend clearly illustrates that today’s security isn’t working. Source: https://www.cso.com.au/mediareleases/29642/hacked-passwords-cause-81-of-data-breaches/
Social Engineering - Case study on ATO: https://drive.google.com/file/d/1G4C0IqUSTUsIm4oYLk0plsqPbMy7SB7P/view?ts=5b906058
SIM Swapping – Recent
These solutions go hand in hand
iovation recently analyzed over half a billion online transactions from our global gambling customers from March 2018 to March 2019 and found that U.S. consumers are trying to bypass system controls to gamble online at a much higher rate than those outside of the use. In our analysis, we saw that 4.13% of online gambling transactions from the U.S., predominantly to European gambling operators, used evasion techniques such as trying to hide their location -- 119% higher than the 1.89% of online gambling transactions from outside of the U.S. which used evasion techniques.
iovation recently analyzed over half a billion online transactions from our global gambling customers from March 2018 to March 2019 and found that U.S. consumers are trying to bypass system controls to gamble online at a much higher rate than those outside of the use. In our analysis, we saw that 4.13% of online gambling transactions from the U.S., predominantly to European gambling operators, used evasion techniques such as trying to hide their location -- 119% higher than the 1.89% of online gambling transactions from outside of the U.S. which used evasion techniques.
Geo Compliance
For operators launching apps or online betting in new markets, one of the key regulatory constraints is controlling play based on geographical boundaries without degrading the player experience. Emerging technologies are making these processes much more seamless to manage, right in your native application. Geofencing can be enabled as an authentication constraint directly through your mobile app so that players can place bets in Nevada, for example, but are restricted from betting as soon as they cross the border into Utah.
Geo Compliance
For operators launching apps or online betting in new markets, one of the key regulatory constraints is controlling play based on geographical boundaries without degrading the player experience. Emerging technologies are making these processes much more seamless to manage, right in your native application. Geofencing can be enabled as an authentication constraint directly through your mobile app so that players can place bets in Nevada, for example, but are restricted from betting as soon as they cross the border into Utah.
Problem gambling
In 2018 we saw the U.K. Gambling Commission impose numerous multi-million pound fines on operators for ‘fair gaming’ violations. Of particular concern is managing player self-exclusion (PSE).
When players self-exclude on a gambling site that uses iovation, that operator submits a self-exclusion report on that account. We have seen a marked increase in the number of reports from operators in the last 2 years, increasing 73% since 2016.
Managing and preventing self-excluded players from creating new accounts and attempting to use your service requires collaboration across the industry. During 2018, over 795,000 devices and nearly a million accounts associated with a self exclusion report attempted to access one or more of the digital
properties in our network of iGaming clients — more than four times the number of self-exclusion reports placed in 2018.
Even with national databases such as GamStop, being able to associate self-exclusion with multiple devices and accounts, across operators, is a key tool in managing this problem.
AML
These device associations reveal a lot about both good and bad consumers
Device intelligence is crucial in preventing money laundering. By looking at device and account associations, you can uncover otherwise hidden connections. Associate groups of devices that are related to one another by looking at common account access.
Functional Areas of Responsibility and Risk
Sources:
http://www.sparkhound.com/blog/does-one-password-reset-cost-your-company-7-or-70-every-time-the-password-is
iovation
By implementing ClearKey, you can reduce the overall volume of calls to your call center. Good customers with no risk indicators are automatically authenticated when we recognize their paired device. Allowing them seamless access to low risk transactions such as making a payment, or viewing their statement.
When customers do need to contact the call center, your agents can push an authentication request straight to their phone. This allows you to quickly sort the fraudsters out from good customers. If the user is authenticated, the agent can proceed with the call and help with higher risk activities such as changing account details. A common ATO target.
For the highest risk interaction points , such as adding new lines or large purchases of phones, your agent can push an authorization request straight to the users phone. This feature can be used by individual customers or groups. For example for a large corporate account, you could set it up so that any purchase over $500 requires 2 of 3 approvers to proceed. Effectively shutting down ATO attacks on commercial accounts.
Functional Areas of Responsibility and Risk
There are a number of things that the