A new ThreatMetrix Cybercrime Report revealed that identity spoofing, fuelled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry. It also pinpointed a marked growth in location (IP) spoofing attacks.
In the second quarter, location spoofing became the fastest growing attack vector in the space, increasing 257% year-on-year. This is due to the availability of more sophisticated location spoofing tools, which fraudsters use to attempt to disguise their true location to launder money. From collusive play and self-excluders, to malicious account takeovers (ATOs), operators must always be able to differentiate trusted users from fraudsters.
“Rising cybercrime levels is no small issue for a sector that enjoys a truly global customer base,” said Ellie Burns, Fraud and Identity Manager at ThreatMetrix, a LexisNexis Risk Solutions Company. “With more than two billion gamers worldwide, nearly 60 percent of the industry’s traffic is cross-border. Operators must contend with a rapidly evolving regulatory landscape and stringent new anti-money laundering laws, making the verification of the true location of a transacting gamer a vital component in authenticating identity.”
The high volume of cross-border traffic is driven by several factors, including users trying to access services that might be restricted in their locations, which has driven the remarkable growth of IP spoofing attacks.
Mobile transactions also continue to rise, as people increasingly use smartphones to place bets and access accounts. 71% of all gaming and gambling transactions are now made via mobile devices, a 45% increase year-on-year. Fraudsters have identified mobile as a key opportunity to monetize stolen credentials, with mobile payments more heavily attacked than any other transaction.
“To deal with these challenges, gaming and gambling operators must incorporate dynamic digital identity intelligence that pieces together key indicators such as device intelligence, true geo-location, online identity credentials and threat analysis, to better inform risk decisions. The key is to be able to effectively differentiate trusted users from fraudsters and understand changes in trusted user behaviour, without adding unnecessary friction,” said Burns.