2019 iovation Gambling Industry Report Highlights
•
3 likes•145 views
This webinar summary covered the following key points: 1) Iovation processes over 500 million gambling transactions annually and stops over 9 million fraudulent transactions, serving 8 of the top 10 global gambling providers. 2) Trends shaping the industry include focusing on enhancing the mobile and player experience, navigating increasing regulatory uncertainty, and leveraging fraud prevention to strengthen authentication. 3) Payment Service Directive 2 (PSD2) compliance requires balancing security and compliance while minimizing player friction through risk-based authentication and fraud insights.
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to 2019 iovation Gambling Industry Report Highlights
Similar to 2019 iovation Gambling Industry Report Highlights (20)
More from TransUnion
More from TransUnion (20)
Recently uploaded
Recently uploaded (20)
2019 iovation Gambling Industry Report Highlights
- 1. WEBINAR ANGIE WHITE, PRODUCT MARKETING MANAGER JANUARY, 2019 2019 IOVATION GAMBLING INDUSTRY REPORT
- 2. 2 PROTECTING THE WORLD’S LEADING BRANDS SINCE 2004
- 3. 3 8 OF THE TOP 10 Worldwide Gambling Platform Providers Use iovation 100+ Active Gambling Operators & Platform Providers 781,000 Confirmed Reports of Fraud & Abuse Placed in 2018 518 million Gambling Transactions Processed in 2018 9.2 million Fraudulent Transactions Stopped in 2018
- 4. 4 3 TRENDS SHAPING THE MARKET Player Experience Regulatory Uncertainty Convergence of Fraud & Authentication Mobile strategy Shifting player preferences Penetrating new markets Player self exclusion Money laundering and fraud rings PSD2 Compliance Privacy Regulations Attracting new players, not fraud Fraud trends in 2018 Emerging threats Leveraging technology and collaboration to stop threats
- 6. 6 WIN THE DAY WITH MOBILE EXCELLENCE A T T R A C T N E W P L A Y E R S W I T H A M O B I L E F I R S T A P P R O A C H % of Mobile Transactions v. Total Gambling Transactions 600M 500M 400M 300M 200M 100M 0M 6% 10% 22% 40% 55% 62% 70% 2012 2013 2014 2015 2016 2017 2018
- 7. 7 MOBILE APP KOISK LOYALTY PROGRAM WEB CALL CENTER AUTHENTICATION IN NATIVE APPLICATION B U ILD TR U ST A S A MA R K ET D IFFER EN TIATOR O M N I C H A N N E L A U T H E N T I C A T I O N A N D A U T H O R I Z A T I O N E X P E R I E N C E Companies with a strong omnichannel strategy saw an average customer retention rate of 89%
- 8. 8 FOCUS ON THE PLAYER EXPERIENCE, OR STAY HOME Automate to dominate Unique regulatory requirements Opening of new markets 2017 U.S. Sports Betting Market Legal Illegal $2.5 to $3B $270M
- 10. 10 ATTRACT NEW PLAYERS, NOT FRAUD B O N U S A B U S E , A C O N T I N U I N G T H R E A T T O N E W B U S I N E S S 250K 6% 2015 2016 2017 2018 200K 150K 100K 50K 0K
- 11. 11 FRAUD INSIGHTS FROM THE IO DATABASE C H E A T I N G R E P O R T S G R O W T H I N I G A M I N G Cheating Reports 2013 2014 2015 2016 2017 2018 140K 120K 100K 60K 20K 0K 80K 40K
- 12. 12 FRAUD INSIGHTS FROM THE IO DATABASE C R E D I T C A R D F R A U D G R O W T H I N I G A M I N G Credit Card Fraud - 5 Year Trend 600M 500M 400M 300M 200M 100M 0M 2014 2015 2016 2017 2018
- 13. 13 IGAMING ACCOUNTS HAVE INCREASING VALUE T H R E E E M E R G I N G T H R E A T S Account Vending Distraction Attacks Account Takeover
- 14. 14 IMPACTS OF ACCOUNT TAKEOVER Loss of brand reputation Regulatory non-compliance Damage to player relationships Cost of lost revenue and chargebacks
- 15. 15 ATO ATTACK METHODS Phishing Attacks Credential Stuffing Social Engineering Malware, Bots, Spyware Data breaches were up 45% in 2017
- 17. 17 PROTECT PLAYERS AND MEET REQUIREMENTS S O C I A L R E S P O N S I B I L I T Y A N D P L A Y E R S E L F E X C L U S I O N 965K Accounts 795K Devices 223K Reports Associated with player self-exclusion Self-exclusion placed By operators Associated with player self-exclusion
- 18. 18 ASSOCIATION ASSOCIATION A user account on a mobile or web app User account #528 User account #921 User account #150 Is this legitimate new account or a self excluded player? Block new transactions if any of our clients have previously reported PSE Get notified if a global velocity of transactions is exceeded Identify fraud rings FRAUD Blocked User account FIGHT ORGANIZED CRIME S H U T D O W N M O N E Y L A U N D E R I N G A N D F R A U D R I N G S
- 19. 19 ASSOCIATION ASSOCIATION A user account on a mobile or web app User account #528 User account #921 User account #150 FRAUD The fraudster now knows that the device they are using is being blocked …so they switch to another one Blocked transaction Blocked transaction And through the power of associated fraud, transactions can now be blocked from this device too FIGHT ORGANIZED CRIME S H U T D O W N M O N E Y L A U N D E R I N G A N D F R A U D R I N G S
- 20. Payment Services Directive #2 Key Objectives Make cross-border payments as easy, efficient and secure as 'national' payments within a Member State Reduce the cost of transactions Make payments more secure Increase protection for the consumer Foster innovation and competition in payment services Create a level playing field for all players, including new ones The PSD2’s stated aims are:
- 21. Article 4 of the PSD2 (Directive (EU) 2015/2366) defines “Strong Customer Authentication” as authentication based on the use of two or more elements categorized as: Each are independent, so the breach of one does not compromise the reliability of the others. SCA Requirements Goes Into Full Effect September of 2019 something the user is Knowledge Possession Inherence something only the user knows something only the user possesses
- 22. 22 PSD2 COMPLIANCE, MINIMIZE PLAYER FRICTIONL E V E R A G E F R A U D P R E V E N T I O N T O R E D U C E S C A R E Q U I R E M E N T S O F P S D 2 Exemption Threshold Value Reference Fraud Rate % Remote Card-based Payments €500 <0.01 €250 0.01 - 0.06 €100 0.06 - 0.13 €30 (default rate) >0.13
- 23. Maximize fraud exemptions Reduce total number of transactions subject to SCA requirements Satisfy Strong Customer Authentication (SCA) requirements Low friction, in-app MFA Transparent, frictionless Detect and stop: device spoofing, jailbroken devices, bots, high velocities, geo mismatch SCA Transaction Risk Insight Exemption Fraud Detection and Prevention
- 24. Data Minimisation Decreased Friction Transparent Authentication Reduced Attack Surface High Identity Assurance Decentralized Credentials Strong Customer Authentication Privacy by Design Balancing Compliance Customer Experience
- 25. 25 KEY TAKEAWAYS PLAYER EXPERIENCE CONVERGENCE OF FRAUD & AUTH REGULATORY UNCERTAINTY • Mobile first strategy • Shifting player preferences • Penetrating new markets • Attract new players, not fraud • Technology and collaboration • Combatting emerging threats • Player self exclusion • Money laundering and fraud rings • Balance compliance w/ player experience
- 26. Q&A
- 27. CONTACT US www.iovation.com twitter.com/iovation Product Marketing Manager Angie White Info@iovation.com
Editor's Notes
- Thank you all taking the time to join us today. I’m really excited to be able to share some of the results of the 2019 Gambling report with all of you today.
- A little background for those that may not be familiar with iovation. We’ve been working with gambling operators and platform providers for going on 15 years now. Helping secure online operations and prevent fraud. In fact, iovation’s first customer success came from fighting fraud rings using stolen credit cards to launder funds on gambling sites. Since helping to shut down those fraud rings, we’ve protected over 4 billion transactions for our gambling customers and stopped over 47 million fraudulent transactions.
- Here’s a snapshot for Gambling in 2018. We aggregated that data, along with insight from our clients and customer success team to pull out three market trends
- Operators are facing a myriad of new challenges and an increasingly competitive market, where player experience can make or break an operator. With the convergence of offline and online identities, it’s important to fight fraud and protect players across the entire lifecycle without degrading the player experience. We’ll dig into what we saw in 2018 and emerging threats going into 2019. And look at some of the ways you can stay ahead of emerging threats We saw a dramatic increase in fines levied against operators in 2018, particularly in the U.K. where you saw an increase of over ten fold from in only a year. We’ll look at some areas of top concern and methods to combat.
- In the last 6 years, iovation has seen transactions processed via mobile devices grow at an average annual rate of 95% from only 6% in 2012 to 70% in 2018. Customer experience is the new battleground, but customers have never been more fickle. Which is why operators need to go to where their players are, on their smartphones.
- A recent study found that businesses with the strongest omnichannel customer engagement strategies have an average customer retention rate of 89%, as compared to 33% for companies with weak omnichannel strategies. (source: v12 Data, https://www.v12data.com/blog/25-amazing-omnichannel-statistics-every-marketer-should-know/)
- gambling in many new geographies, including the United States, The Netherlands, Singapore and India, presents an opportunity for market expansion but also comes with competition from new operators. Success in these markets depends on executing to meet regulatory requirements while still providing a differentiated customer experience. automate management of such functions as age verification, Know Your Customer (KYC) and document verification. Processes have traditionally been cumbersome process that creates barriers to play. Automation can not only increase efficiencies, but it can also increase customer satisfaction.
- Bonus abuse was again the number one reported fraud by our gambling clients in 2018. We saw a 68% increase from 2017 to 2018 And In the past 3 years, we’ve seen a rise 287% Many operators are augmenting KYC solutions with predictive analytics.
- The growth in game abuses and cheating reports continued, but the growth has slowed from 55% in 2017 to 12% in 2018. Chip Dumping: player caught dumping chips in tournaments Player Collusion: players collaborating to commit fraud All-In Abuse: a player repeatedly abuses the all-ins
- Over the past 5 years, we’ve seen credit card reports increase 155%, an average annual growth of 39%. Operators are met with the challenge of reducing credit card fraud without increasing false declines, reviews and unnecessary step-ups.
- In 2018 many of our gambling clients saw an increase in the cultivation and selling of VIP accounts for the purposes of enabling money laundering. These accounts are typically subject to less scrutiny from operators and can be sold for a large profit on the dark web. Putting your business at risk of non-compliance. Another emerging trend is distraction attacks. Cybercriminals use bot attacks to create a distraction while they perpetrate other fraudulent activity, which often goes undetected because of the focus on the larger scale attack. There are a number of tactics that can be used to combat such attacks. At login, device authentication can be used to confirm that an account is being accessed only by a previously authorized device. If an unauthorized device attempts to access an account, additional step-up authentication can be used to prevent access. Another approach is to add device intelligence and reputation checks at any high-risk touchpoints beyond login. Looking for risk signals such as groups of related devices trying to access multiple accounts or high velocities. Lastly, another effective strategy is to focus on detecting and preventing the fraud caused by such attacks. Lastly, account takeover or ATO. The massive data breaches over the last decade have provided a flood of stolen login credentials and personal data to the dark web. This is accelerating account takeover (ATO), synthetic and true identity fraud which will, in turn, drive other types of fraud. While ATO isn’t yet one of the top threats for Gambling, it is growing and can have major impacts both in terms of revenue and reputation.
- At least 16 separate security breaches occurred at retailers from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores. - https://www.businessinsider.com/data-breaches-2018-4 Data breaches were up 45% in 2017, with the flood of stolen credentials and personal data available on the dark web fraudsters are using that data to perpetrate ATO through a variety of tactics. Credential Stuffing - According to Verizon’s 2017 Data Breach Investigations report the number of data breaches involving stolen or weak passwords has gone from 50 percent to 66 percent to 81 percent during the past three years. This alarming trend clearly illustrates that today’s security isn’t working. Source: https://www.cso.com.au/mediareleases/29642/hacked-passwords-cause-81-of-data-breaches/ Social Engineering - Case study on ATO: https://drive.google.com/file/d/1G4C0IqUSTUsIm4oYLk0plsqPbMy7SB7P/view?ts=5b906058
- Operators are under increased regulatory scrutiny. Fines rose against gambling operators in the United Kingdom from £1.6 million to £18 million over the year from April 2017 to 2018 for money laundering violations and unfair practices. The U.K. Gambling Commission issued another round of fines totaling £14 million in November 1, so this trend doesn’t look to be slowing.
- In 2018 we saw the U.K. Gambling Commission impose numerous multi-million pound fines on operators for ‘fair gaming’ violations. Of particular concern is managing player self-exclusion (PSE). When players self-exclude on a gambling site that uses iovation, that operator submits a self-exclusion report on that account. We have seen a marked increase in the number of reports from operators in the last 2 years, increasing 73% since 2016. Managing and preventing self-excluded players from creating new accounts and attempting to use your service requires collaboration across the industry. During 2018, over 795,000 devices and nearly a million accounts associated with a self exclusion report attempted to access one or more of the digital properties in our network of iGaming clients — more than four times the number of self-exclusion reports placed in 2018. Even with national databases such as GamStop, being able to associate self-exclusion with multiple devices and accounts, across operators, is a key tool in managing this problem.
- Secure Customer Authentication (SCA) through the use of Multifactor Authentication (MFA) Every single user has to be protected from fraudulent activity by all means Prevent unauthorized access to consumer accounts by adding strong multi-factor authentication at the login Protect against risky behavior such as profile changes or password resets by requiring step up authentication for user action verification
- Secure Customer Authentication (SCA) through the use of Multifactor Authentication (MFA) Every single user has to be protected from fraudulent activity by all means Prevent unauthorized access to consumer accounts by adding strong multi-factor authentication at the login Protect against risky behavior such as profile changes or password resets by requiring step up authentication for user action verification
- GDPR has ushered in a wave of awareness regarding the responsible use and protection of personal data. There are many new privacy mandates including California Consumer Privacy Act, which is widely believed to be just the start of similar data protection laws worldwide. What to do? Embrace it! Data Minimization – look at solutions that are built with data privacy in mind. The GDPR’s requirement for “data minimization” means that organizations should only collect the data necessary for a specific purpose. This reduces the amount of personal information your organization is responsible for protecting. Less data to protect means less impact in the event of a breach. This is something that iovation has embraced in all of our solutions. Our device-recognition technology uses hundreds of device attributes and their unique orientation with each other to instantly identify over 5B devices in our database without requiring users’ directly identifying information. Shut down account takeover Most authentication solutions continue to rely on usernames and passwords. Yet time and again we’ve seen how easy it is for criminals to steal, buy, or brute force these credentials — raising the possibility of account takeover (ATO). The spirit of the GDPR seeks to preserve users’ privacy and the security of their accounts. By adding adding a layer of transparent authentication, you can gain powerful risk insight that allows you to assess risk factors indicative of ATO, including device anomalies, spoofing, and evasion. This adds a second, invisible layer of authentication that drives step-up authentication if new or suspicious devices try to access an account, enhancing your existing authentication procedures without heavy lifting or intense coding. Allowing you to decrease ATO, and increase security without adding customer friction Minimize Your Breach Risks Pseudonymisation – The GDPR actually states that breaches involving data that has been pseudonymised will not necessarily require notification to the regulator or data subject where the risk to the subject is low. A major benefit when the fines are so steep. So it’s important to make sure any solutions you employ use advanced cryptography or tokenization to pseudonynimize data Decentralized Credentials – Take away the target
- What are you hearing from your customers on potential emerging threats? - Star Sports What do you think explains significant rise in bonus abuse? Is subscribers sharing of reputation reports compliant with the GDPR? Is iovation a global company? Good question, yes we serve clients across 54 countries