ccording to data from PwC, some $42 billion was lost to fraud over the last few years. During 2020, a shift has occurred whereby more and more people are transacting online. Shopping, socialising, education, investing, and of course, online gambling all require the use of credit or debit cards and the submission of personal information. This is rich pickings for cybercriminals who try to gain access to sites, databases, and the personal information of users.
When in possession of such information, they proceed to carry out fraud in several different ways. This includes synthetic identity fraud, true identity fraud, or fake identity fraud.
What is synthetic identity fraud?
Synthetic identity fraud (SIF) is where synthetic entities are created by using a mixture of real, fake, or wholly fake information that is then used to open a bank account. The information could include a real or fake name, date of birth, address or other personally identifiable information (PPI). This information is usually obtained by hackers and criminals via the dark web or gathered via social engineering methods.
Those most at risk from SIF are younger people who have little to no credit history. This means that banks are unlikely to have files on them, making it easier for fraudsters to set up fake accounts in their names. Account applications made in their names are less likely to be flagged by financial institutions.
If you’ve ever received a letter from the bank or similar to your home address but bearing someone else's name, this could be a case of SIF. In the online gambling world, accounts can be set up with fake or stolen credentials and then used to launder illicit funds. Bank accounts opened with fraudulent details can also be used to pay and withdraw money from an online gambling site.
SIF is by far, the fastest type of financial crime in the US, and the rest of the world.
What is true identity fraud?
True identity fraud is the type that you are most likely familiar with. This is where a criminal uses your actual information such as passport, name, address, social security number, and credit card information to create new accounts or even take over existing ones. Essentially, the criminal assumes the identity of the individual whose details they have stolen.
This kind of identity fraud is a threat to the iGaming industry as it raises few red flags, even with the most stringent compliance and due diligence processes. Some companies have now started verifying the opening of accounts via real-time video chat, so they can match the account holder and the photo in the passport with the person in the video call.
Fake identity fraud
The last example of different kinds of identity-based fraud is that of a counterfeit identity. This is where a genuine government-issued document or similar, is reproduced, edited, or manipulated in an unauthorized manner. For example, a fake passport or identity card that appears the same as an original, but in reality is not.
Thankfully, the use of fake identities is becoming more difficult as electronic passport technology makes them much more difficult to forge. Typically, governments will update the model or series number periodically, making it even more difficult for criminals.
Mitigating the risk
As an online gambling operator, it is both your moral and legal obligation to take steps to prevent fraud. This includes ensuring that any private client information submitted to you, is saved securely. Operators must ensure that adequate safety protocols, programs, and systems are in place to both prevent and detect any breaches or hacks from third parties. In the case of an issue, all processes should be reviewed and upgraded to lessen the risk of it happening again.
Secondly, you must be sure you have comprehensive onboarding procedures in place. These must include several forms of identity verification, including if possible, via webcam. They should also adhere to local and international laws and best practices in terms of compliance. Fraudsters should not get through the onboarding process and if they do, ongoing work should be conducted to identify them. Any instances of wrongdoing must also be reported to the authorities.
Hand-in-hand with these procedures, operators should also be using software to check the veracity of identity documents and conduct research on whether they are PEPs, have a suspicious record, or exist at all.
Considering all of these factors may seem like a bit of a headache, especially if you are a startup and haven’t given much consideration to fraud and other risks. Engaging an experienced corporate service provider can make things easier as they will help you understand your legal and compliance obligations. They can also conduct periodic reviews and suggest updates, so your processes and policies are in line with recent developments.
Fast Offshore has more than two decades of experience in online gambling, fraud prevention, and compliance. We have assisted countless operators in tightening their processes and policies as well as auditing, conducting risk assessments and more.