ThreatMetrix®, a LexisNexis® Risk Solutions Company, today released insights into cybercrime attacks on the gaming and gambling sector in its Q2 2018 Gaming & Gambling Report.
The ThreatMetrix Cybercrime Report is regarded as a reliable barometer of global cybercrime patterns due to the scale of transactions analyzed globally. This industry deep-dive revealed that identity spoofing, fuelled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry. It also pinpointed a marked growth in location (IP) spoofing attacks.
In the second quarter, location spoofing became the fastest growing attack vector in the space, increasing 257% year-on-year. This is due to the availability of more sophisticated location spoofing tools, which fraudsters use to attempt to disguise their true location to launder money. From collusive play and self-excluders, to malicious account takeovers (ATOs), operators must always be able to differentiate trusted users from fraudsters.
“Rising cybercrime levels is no small issue for a sector that enjoys a truly global customer base,” said Ellie Burns, Fraud and Identity Manager at ThreatMetrix, a LexisNexis Risk Solutions Company. “With more than two billion gamers worldwide, nearly 60 percent of the industry's traffic is cross-border. Operators must contend with a rapidly evolving regulatory landscape and stringent new anti-money laundering laws, making the verification of the true location of a transacting gamer a vital component in authenticating identity.”
The high volume of cross-border traffic is driven by several factors, including users trying to access services that might be restricted in their locations, which has driven the remarkable growth of IP spoofing attacks.
Mobile transactions also continue to rise, as people increasingly use smartphones to place bets and access accounts. 71% of all gaming and gambling transactions are now made via mobile devices, a 45% increase year-on-year. Fraudsters have identified mobile as a key opportunity to monetize stolen credentials, with mobile payments more heavily attacked than any other transaction.
“To deal with these challenges, gaming and gambling operators must incorporate dynamic digital identity intelligence that pieces together key indicators such as device intelligence, true geo-location, online identity credentials and threat analysis, to better inform risk decisions. The key is to be able to effectively differentiate trusted users from fraudsters and understand changes in trusted user behaviour, without adding unnecessary friction,” said Burns.
Findings are based on analysis of 91 million gaming and gambling transactions on the ThreatMetrix Digital Identity Network®, the largest such repository of global shared intelligence, from April through June 2018.