Why 2FA and Digital Identity in iGaming Matters

Sports gambling has long been a pastime of casual bettors and fans alike. Each autumn, many in the workplace draft fantasy teams, fill out brackets and wager just enough money to make things interesting. With the advent of recent legislation in the United States and Europe alike, app-based gaming platforms or iGaming have contributed to the industry's rapid growth. Morgan Stanley suggests that the sports betting market could reach $8 Billion by 2025 in the U.S. alone. In the EU, that number is expected to balloon to 30 Billion Euros by 2022.


Many traditional and non-traditional betting platforms predictably want a slice of that enormous pie. FanDuel and DraftKings, once associated with the 'daily fantasy' movement, have pivoted to be more full-scale iGaming platforms. Popular sports blog Barstool Sports has partnered with Penn National Gaming to create the Barstool Sportsbook. Lost in all of this excitement perhaps are the security challenges of running a full-scale casino on a mobile device.


What constitutes iGaming?


In its simplest iteration, iGaming encapsulates any app or web-based wager on an event or game. This arena includes video poker, slots, online casino games, and sports, but can be expanded to current events such as betting on the outcome of elections or the World Cup's opening coin flip. Some mobile sportsbooks are now taking wagers on eSports, introducing a curious overlap of two emergent industries. While the legality of iGaming varies by country or territory, most platforms have set up shop in certain tax havens in Europe or Asia and allow an international audience to access their platform using a variety of legal loopholes.


How are iGaming platforms susceptible to fraud? 


On the customer side, the immediate concern with iGaming is account takeover. Through phishing or a simple brute force attack, a fraudster can hijack a customer account. Most betting apps are directly linked to a credit/debit card or bank account, so in this sense losing control of an iGaming account is just as damaging as an attack on your financial accounts. Two-factor authentication protects from these attacks. TeleSign data shows that phone-based 2FA is 100% effective in stopping automated bot attacks, and 96% at blocking bulk phishing. One of the vulnerabilities of 2FA is SIM Swap fraud. SIM Swap occurs when a fraudster uses social engineering with a customer service rep to port your phone number to a SIM card that the fraudster controls. Digital identity solutions such as PhoneID Porting Status and SIM Swap Detection can prevent this when used to complement 2FA.


For the platforms themselves, there is a litany of ways people will try to defraud the house. Think of any Ocean's 11 films; people have been trying to rip off casinos for years. In the virtual space, we are looking at bonus abuse, money laundering, and collusion.


Bonus abuse occurs when bettors create multiple accounts to take advantage of new player incentives. This abuse could happen in the form of free bets, free chips, or some form of a free multiplier (i.e., bet $50 and the book matches your bet). Commonly seen in both ticketing and on-demand services, this bonus fraud (also known as promo abuse) can seriously harm revenues. Fortunately, simple digital identity APIs can detect these fraudulent accounts. Most fraudsters will try to use a dubious phone number to register their fake accounts. This fraudulent attempt will come from VoIP numbers, burner phones, or SIM cards belonging to SIM farms. TeleSign's PhoneID and Score solutions can help detect phone number type and the likelihood of fraud, allowing platforms to block the registration.


Collusion occurs when one or more players plot together to defraud the house. A famous example happened when Bachelorette star Jade Tolbert colluded with her husband to win one million dollars from FanDuel. Interestingly enough, a player that created one or more fake accounts could, in theory, conspire with themselves, making bets between two accounts, guaranteeing one win and one loss. This activity is done to hit certain bonus thresholds or benchmarks that can also be associated with bonus fraud. Again, by limiting fake accounts, platforms can eliminate this type of collusion.


Lastly, we look at money laundering. iGaming is not the first example of fraudsters looking at innovative ways to clean dirty money. Micro-transaction in video games has long been used to dump drug money. iGaming platforms are no different. A player can make a large wager or even buy thousands of dollars of chips and immediately cash out. To limit this activity, we once again turn to digital identity. Criminals associated with drugs and terrorism are much less likely to use a clean phone. By running digital identity checks at registration, platforms can block these dubious numbers and keep black market money off of their platform. The same technique can deter folks from committing chargeback fraud and credit card fraud.


It's essential always to stay one step ahead of the fraudsters because they are always innovating. By focusing on holistic security solutions, iGaming platforms can take advantage of the rabid interest in gaming and gambling across the world and capitalize on the market's explosive growth.


TeleSign has been engaging and protecting customers for over 15 years. We support the largest web properties in the world and we're prepared to help you. Contact TeleSign now and for all of your security needs. As the pioneers of phone-based security, we are a one-stop-shop for all of your digital identity and programmable communications needs.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.