Fraud in Gambling: “What the Fraud” Podcast

DR NICOLA HARDING: So what criminals want to do is they want to hide that paper trail as much as possible. We call it money laundering. They want to clean their money.

You’ve got people who’ve got gambling addictions who are potentially committing criminal acts to fund their gambling. For criminals, this is their job. They spend all day every day. Trying to perfect a better ID.

They will do whatever suits them to get from A to B and they don’t care who it hurts. They don’t care what ramifications that has for the victim. All they care about is themselves and what their aim is trying to do.

THOMAS TARANIUK: Hello and welcome to What The Fraud, a podcast by SumSub, where digital fraudsters meet their match. I’m Thomas Taraniuk, Head of Partnerships here at SumSub, the global verification platform helping to verify users, businesses, and transactions. The iGaming industry is growing rapidly and is predicted to surpass 172. 2 Billion US dollars by 2030. As a result, regulators are taking a closer look at compliance in the industry, imposing heavy fines for violations of AML or anti money laundering and responsible gambling requirements.

In 2022, Entain, the owner of Ladbrokes and Bwin, was handed the biggest fine in UK iGaming history, 17 million pounds or 20. 6 million US dollars for AML and responsible gambling failures. In the same year, 24 iGaming platforms received fines totaling 48 million pounds in the UK alone.

So how can gambling companies balance compliance, fraud prevention, and convenience for users? And what can they do to protect themselves and their customers? We’ll investigate all of this and more in today’s episode.

Today’s guest is Dr. Nicola Harding. Nicola is a lecturer in criminology and director of the Centre for Crime, Law and Justice at Lancaster University in the UK. She’s the CEO of the crime prevention group, We Fight Fraud, and has conducted research into crime and gambling related harms among both women and ethnic minorities.

Suggested read: Top 9 Gambling Friendly Countries

Her team helps businesses identify, understand, and manage the threats of serious organised crime. Thank you so much for joining us today, Nicola. Thank you for having me. So, we all know that online gaming is an incredibly valuable sector. Huge sums of money are constantly changing hands between companies and their customers, so it appears inevitable that it would be a primary target for fraudulent individuals and also networks.

So as we know, the gaming industry suffers the most from fraud and tight regulators as well. What are the most common scams happening in online gaming right now, do you believe?

DR NICOLA HARDING: I think it’s hard for me to say, oh what are the most common scams because the people I work with who are former criminals will tell me, particularly my business partner Tony Sales, always tells me there are no new scams.

They’re just old scams done new ways and I think within the gambling industry that’s what we see is the more we develop, particularly in the digital space, online spaces, the more we do develop that way, criminals are just going to find loopholes and, and new ways of attacking. So it’s not so much that there’s new scams.

It’s the criminal opportunity is the same, right? Particularly for gambling and iGaming because transactions that happen in the gambling space, the money in and the money out, it’s not like you’re going and buying a product. If you were going and buying an iPhone, for example, they’re the same price every single time.

There’s a unit price. You can expect what you’re likely to pay or how many are going to be bought. You can predict all of those things. In gambling and gaming, you can’t really predict how much someone’s going to come in and bet, how much they’re going to lose, how much they’re going to win. Obviously, there’s probability in it, but it means that there’s high levels of unexpected or variable transactions.

That’s really valuable to a criminal, right? Because it’s difficult if you’re wanting to get kind of mess with transactions or mess with buying products that have a set price. You can only get so many of them. It’s going to look a bit odd if you do a transaction for 100, 000 iPhones, for example. But if you were to put 100, 000 pounds through gambling, then that doesn’t look that odd because you may have just had a really big win or, you know, something else could have happened.

So any industry where there is these variable transactions is really attractive to a criminal because they can hide amongst those networks, hide within those transactions. And the reason why they would want to is that it helps them launder money. So, in serious organized crime, there’s certain products that they would be selling or making money off.

So, drugs, for example, illegal arms sales, the funding of, you know, terrorist financing, but also fraud more generally. All of those things, though, when there’s a transaction, when money or cryptocurrency or assets are exchanged, there’s a paper trail. So what criminals want to do is they want to hide that paper trail as much as possible.

We call it money laundering. They want to clean their money and get it out in a way that is not traceable back to them. It becomes clean and they can either put that into clean, You know, bank accounts, or they can withdraw it fully from the system without being detected. And that’s the criminal opportunity for mostly for iGaming and the gambling sector for criminals.

There’s also things like criminal lifestyle spend. So if criminals have got a lot of money, maybe they want to go and gamble with that money because it was easy come, easy go. But for the most part, serious organized crime, when they’re targeting gambling and iGaming is to launder their money. You know, and that’s a crucial part of how the organized crime world works

THOMAS TARANIUK: Definitely, and it sounds like a lucrative piece of the pie, let’s say, when you’re targeting a vertical instead of going to a bank, going to the iGaming sector, as you said, with fluctuating, let’s say, bets, withdrawals, and deposits, makes it quite hard to identify as well.

So we are looking at different archetypes here. The first being fraudster networks, as well as the lone fraudsters, which are going after these iGaming operators and platforms, and those who actually want to spend their money as well. Are there fraudulent schemes that are on the rise in terms of their popularity?

And are there some schemes that are becoming more redundant?

DR NICOLA HARDING: Across the kind of different archetypes, there’s a lot going on in gambling and there’s lots of things to consider. Within your kind of gaming company or within your land based casino, you’re going to have an MLRO, which is your money laundering regulatory officer, right?

And it’s their responsibility to make sure that crime stays out of the gambling sector and the iGaming sector. So the things that they have to think about and the concerns is, obviously, a top concern is organized crime. Got people who’ve got gambling addictions, who are potentially committing criminal acts to fund their gambling.

You’ve also got potentially criminally exploited people. So that could be someone who’s got a gambling addiction or who’s coming from a vulnerable kind of background for whatever reason, who, you know, is being exploited by criminals to launder money in a casino, so the criminals aren’t coming in and doing it themselves, or they’re not going online and using their own accounts, but they’re using the criminally exploited person’s accounts.

Suggested read: A Global Guide to AML Compliance in Gambling, Gaming, and Betting (2024)

So when you trace it back, if you were to detect fraud on an account, for example, and that person’s being criminally exploited. It’s not them actually doing it. It just looks like it’s them that’s doing it. So there’s both a perpetrator linked to that account and there’s a victim linked to that account as well, which makes it equally more challenging.

And then obviously you’ve got things like the kind of criminal manipulation again, or exploitation of things like young people where there’s any kind of financial links to gaming. So, you know, like when your kids are playing like Minecraft or Roblox or whatever, and they can get their Robux and they can get…

THOMAS TARANIUK: Digital tokens tokenized and you see it in lots of different industries, especially iGaming as well.

DR NICOLA HARDING: Yeah. And so if they’re on social media, social media scams are, you know, big part money mule recruitment is as well on social media where you could go after young people with like, Oh, get free Robux or get free boxes within games. There’s been big calls by the gambling regulator and gambling kind of charities and stuff to, to ban those types of things for underage children.

Because there’s a distinct link between, oh, well, you know, spin this wheel or, or spend that money and you might get, you know, something back, but they’re just happening in games. It’s not actual gambling. So there’s a, a fine line. So charities are saying, well, this is priming young people to, you know, become gambling addicts later.

But also criminals can exploit that by looking to recruit money mules through enticing them with, you know, you do this for us, you know, put some money through your bank account and we’ll get you whatever amount of Robux that you want, you know, or we’ll give you a voucher for you, your game. So I think there’s the kind of explicit money laundering and criminal activity that could be going through the accounts and then there’s the criminal activity that goes on potentially around these accounts with the people who are kind of trying to engage in either gaming or gambling legitimately, but maybe they’ve been drawn into something they don’t really know that they’re getting drawn into by promises.

And obviously we see it a lot across the gambling industry, right? There’s a big thing at the moment is kind of bonus abuse where criminals are potentially opening up multiple different types of accounts because there’s some sort of credit back, cash back, bonus, whatever to entice legitimate players in, but criminals are maybe saying, Oh, we’ve we got, you know, 15 of these accounts opened.

So they’ll do things like try and conceal the digital footprint of the devices that they’re on using multiple identities or potentially stolen credit cards to try and pass ID checks and stuff like that. So there’s all of that kind of going on, which can seem fairly low level and seem trivial almost because it’s like, well, if it’s a bonus, it didn’t really exist.

But the thing with opening up multiple accounts for bonus abuse is that there’s then multiple accounts open for money laundering. So it all kind of plays into each other, but equally very difficult to identify really because you’ve got the added issue of people who have gambling addictions who may operate in very similar ways to organized crime within a space.

So for the MLRO or for anyone doing transaction monitoring, the big question is, is Is this criminal, or is it an addicted gambler, and how do you safeguard against that?

THOMAS TARANIUK: I’d love to talk about fake IDs. And scammers are increasingly targeting the US and the UK for document forging. The percentage of fake IDs, in fact, in these countries has risen by an average of 163%, while the percentage of fake passports has actually increased by 147%. I was going to ask you as well, Nicola, what can online gaming or gambling companies do to protect themselves from this kind of identity fraud.

DR NICOLA HARDING: I think it’s a real challenge. I think we always think about fake IDs as being something of the past, you know, we’ve got biometrics in now, haven’t we? Isn’t it much more difficult to do? We almost to an extent think, oh, we surely we must be past that, our detection systems are great, but we have to remember that for criminals, this is their job.

They spend all day, every day trying to perfect the better ID to then fool the system and it is a game of cat and mouse. And I think that one of the things that I’ve found, so obviously I work with a really interesting group of people and I do research with them. So Tony Sayles, who was Britain’s greatest fraudster, is my business partner.

Um, but also Andy McDonald, who was the head of fraud and counter terrorism at New Scotland Yard. We worked together looking at what is the threat and What we found is how ahead criminals are, you know, when we see what these identification is like, and it’s getting more and more sophisticated, but it comes down to just because the criminals are getting more and more sophisticated it doesn’t mean that we have to go, Oh, well, we’re in a losing game. We just have to keep abreast of what’s going on, not sit back and think, Oh, we implemented this detection system, you know, two years ago and everything’s fine. Yeah. We need to take a real kind of layered approach because You know, obviously we do testing and we look at things like KYC models and you know, the testing team have never failed before.

We’ve got a hundred percent record and it is because no matter how infallible you try and be, there’s going to be ways to get around it and there’s going to be ways to slip through the net. You just have to be testing your own systems. You have to be testing the systems of those that you work with. So, you know, if you’re relying on kind of third parties to do your identity checking, are you going in and onboarding as customers and understanding that process yourself and how it could be kind of got around.

But also there’s some things that are extremely difficult. to protect against, and one of those is the falsely obtained genuines. So this is where someone has committed potentially identity theft, but by the time that they get to your systems, they’re not using fake documents, they’re using someone else’s you know, correct documents.

And you could think, well, how difficult is that to achieve? And like I say, we’re in test all the time. I did a test two years ago now where our team went onto the streets of London and they socially engineered, I think seven people within about 17 minutes to not only allow them to be filmed, um, enough data that we could have created a deep fake of them to bypass biometric identity verification, because that’s what we were looking at the time.

But the key thing of it, forget the biometric stuff. The key thing of it is, is they all sent us right to work documents. So we got copies of their passport. We were strangers on the street. We showed them no ID. There was no verification. I emailed them from a Gmail account to be able to do it. just the public are not necessarily aware. And these weren’t, you know, kind of vulnerable people. This was just people that we happened to stop on the high street. One of them actually worked for both UK and a foreign government and had dual nationality and sent us driving license copies from both jurisdictions. And they were in a governmental position from their work email address.

THOMAS TARANIUK: That’s really surprising. Of course, a lot of it is about education as well, Nicola. So if you’re looking at those specific people with a wider audience as well, what would you tell the consumer to do to help them stop identities or their identity from being exploited?

DR NICOLA HARDING: Just be really, really wary about I mean, they were, they were social engineering approaches to get people’s data.

Yeah. And I think we don’t understand culturally how valuable our data is. And we’re so primed to giving our data away for free almost all day, you know, because for this discount or that discount or sign up for here or sign up for there. There’s our data, so there’s that level of your name, your date of birth, your, your whatever, but so that we can be marketed to.

It’s become a product in itself. Yeah, it’s currency, isn’t it? It’s our data. But in terms of things like your passport, your driving license, those things that can be used to open accounts. I bet you most people have got those sitting in a sent email or somewhere on their device because they’ve had to, you know, send it to rent a flat or to buy a car or whatever it might be.

That is exactly what criminals would want to get hold of because they can then use that in the, the KYC onboarding kind of practices, right? That’s, that’s what they need. So in this instance, the point I was making about that test is that that wasn’t like a rare thing. This is that we’ve become so desensitized and don’t understand as a public how valuable our data are and how it could be used.

We all have a responsibility, right? So the companies that we talk about kind of safer gambling and more responsible gambling is we’re putting our regulation on gambling companies that they’ve got to be more responsible in how they advertise. They have a duty and a safeguarding responsibility to people who have, you know, identified themselves as, um, addicted gamblers.

We’ve got responsibilities to ensure that there’s not money laundering going through. Also as individuals, we have a responsibility to safeguard our own data. And I think that’s one of the things that we’ve got to get across because the only people that don’t have a responsibility in all this because they have their own aims and they are operating outside of the system are criminals.

They will do whatever suits them to get from A to B, and they don’t care who it hurts, they don’t care what ramifications that has for the victim, they don’t care the ramifications it has for the, the company that they’re targeting to get their money through. All they care about is themselves and what their aim is trying to do.

THOMAS TARANIUK: Hello, everyone. Welcome back to What the Fraud. I’m Thomas Taraniuk, and I’m joined here today by Nicola Harding from We Fight Fraud.

DR NICOLA HARDING: Hi, great to be here. Thank you.

THOMAS TARANIUK: From your point of view as well, Nicola, how can KYC and also the biometric liveness checks, etc. be effective as a use case here in stemming that fraud or mitigating it rather?

DR NICOLA HARDING: The first thing I would say is that not all KYC is equal. So we all talk about KYC and KYC started in financial services essentially as like a bunch of questions. I think like I remember years and years ago going for a loan or something and saying, what do you want the loan for? I remember thinking, why, why does it matter?

I just want the money. And it was all that. It was just, it just seemed like such a strange question. And then when you work in financial services, you realize that this is all about getting to know your customer and just, and one, being able to know them better as in. What’s their profile? What’s their spending like?

You know, all these types of things that we, when they’re new to you, you’re trying to get an insight into because one, so you know for marketing, but two now for compliance. So that was the kind of start of this kind of know your customer. In 2011, there was a research study that showed that fraud was stalled a little bit.

Suggested read: B KYC for Gambling: What It Is and Why It’s Crucial

The amount of fraud, it was kind of for a couple of years, it hadn’t really grown that much. And

THOMAS TARANIUK: I feel like that’s a sort of double edged sword. Had it not grown or had they gotten better at hiding it as well?

DR NICOLA HARDING: Well, what this study found, and I think Especially now that we can look back on it, you know, like 13 years later and see what’s happened since is that they indicated that there was a bottleneck and it was the lack of ability to get the money out.

So this was at a time where digital onboarding is not as prominent as it is now, but it was that move to having, you know, identity checks, we’d got better at compliance in financial services. Which meant it was more difficult for criminals to get their money out. They were being detected more. So that little bottleneck happened.

What happened was a fraud explosion. As we know, in the UK, fraud now accounts for 40 percent of all crime. That’s just the bit we know about. So we fully accept that there’s a dark figure of crime when it comes to fraud. Because a lot of people only report to their bank and then don’t go back. on to bother to report to the police because either the bank has refunded them or they think it’s probably not worth it because it was a low level of money or what have you.

Or they don’t necessarily understand the reporting processes. But equally, a lot of people don’t realize they’ve been defrauded, right? So when a fraudster is successful, that can go on for years or it can go undetected. So we know that there’s been an explosion of fraud and a lot of people say it was because of COVID because people were working from home.

Really, the bottleneck ended when criminals pivoted to money mules. This is why the stuff that I was saying earlier around the challenge that the gambling industry has around having addicted gamblers operating in their system and predatory fraudsters, criminals, who are looking for vulnerable people to act as money mules, to help them launder.

It’s why, you know, This kind of area is one, the most regulated because it’s regulated for anti money laundering and for terrorist financing and it’s regulated for safer gambling and to make sure that there’s affordability checks and things like that. So because of those two separate things going on, you know, there’s a lot of regulation over the gambling industry, but it’s also most vulnerable because of these two things.

Because. Not only is it a great place to try and launder money, but it’s a great place to hide or to insert vulnerable money mules and to do it for you because of the dynamic that’s already going on there.

THOMAS TARANIUK: There’s been a bit of a shift from the use of fiat currency in the online space in iGaming to cryptocurrency. How does the increased adoption of crypto impact The prevalence of fraudulent behavior in gambling.

DR NICOLA HARDING: You’ve put a parade, a red flag parade on for the criminals really to say, come on, head on over.

If you think about what cryptocurrency was all about in the beginning, it was about a currency that was not. Decentralized, right? Exactly. Yeah. And with that. There’s definitely ways in which criminals have exploited cryptocurrency in itself. I know from various kind of testing that the testing team at We Fight Fraud have done, that there’s ways of, you know, completely circumventing KYC particularly in a global nature, there’s definitely areas of the world where you can go and put money in and take money out of crypto without any checks. So I guess the vulnerability of that is that you, if you think of a Great British Pound, for example, you’ve got, You know, you know that they’re going to be kind of bank accounts generally or, um, money wallets or whatever that they’re going to go into.

THOMAS TARANIUK: And there’s some institutional trust there, right, for those banks.

DR NICOLA HARDING: There’s a certain level of regulation that’s going on around that and also there’s a certain level of tracking. So that, for example, if you have one of the things that MLRO should be doing, or people within compliance is that when they see suspicious activity, they’ve got to do a suspicious activity report, right?

So when that’s happening in like the financial system and within gambling, there’s certain levels of kind of tracking that can be done. Crypto is by its very nature going outside of that system. So I would say the introduction of. Bringing crypto and gambling together means that you have to up your regulation game.

You can’t do like the bare minimum of compliance. And the technology as well, right? Exactly. Yeah. You like, if you want the benefits of attracting customers because you’ve also trading crypto, you have to take The compliance seriousness with it, really, so, you know, I’m not saying that if you’re not doing crypto, you should have like a lower level because everyone should strive for the highest level of compliance that they can, you know, that’s appropriate for the, for the environment they’re in, but when you bring together gambling, iGaming and crypto, you need to up your game.

Suggested read: Know Your Enemy: An Interactive Guide to Online Gaming Fraud

THOMAS TARANIUK: What do you believe are the top three tips that you could give to the audience to stop frauds in the iGaming sector?

DR NICOLA HARDING: For me, it’s more than adequate and preferably exceptional KYC. You know, you’ve got to know your customer and that’s the first kind of layer that’s going to keep those criminals out. So don’t just do what’s required, do what’s necessary and that means you know, a more than adequate level of KYC. Two is awareness. So there’s your customer’s awareness of ensuring that they understand that fraud does happen in these spaces and that you’re trying to keep them safe. And this is how, and this is what they can learn from it. There’s also keeping your staff within gaming.

up to speed with not only what the regulators say, the different ways in which criminals may attack, what they may see in the data if they’re a data analyst, what they may see as an MLRO, or what they may see, you know, on the tables, of what they can spot. But also, testing your own processes, understanding your own products and how criminals may attack.

So that all kind of comes under the awareness branch, but different types of awareness for different people. And I guess it plays nicely into kind of third really is knowledge is power and it’s armor in this case is the more you know. Whether that be KYC, Know Your Customer, transaction monitoring, whatever it is that is building your knowledge, the more you know, the more that you can stay safe.

And that goes for the company in terms of knowing their customer and knowing what’s happening within their company, but also for your clients, them being more fraud aware and you being able to help them with that and understanding those processes, but also understanding. How to protect your product from criminal attack.

So, yeah, KYC, awareness and knowledge is your armor.

THOMAS TARANIUK: Truly knowledge is power. I think you’ve well equipped everyone here, Nicola, in terms of the audience listening with what they should be doing next to protect themselves and make sure that if they are gaming or if they are running a company in the iGaming sector, friction isn’t always bad and education is key.

Thank you so much for joining us on the podcast, Nicola. It was great to speak with you.

DR NICOLA HARDING: Thank you very much for having me.

THOMAS TARANIUK: Thank you for joining us on this episode of What The Fraud. On the next episode we’ll be looking at the hot topic of fraud in financial technology. This is a major issue worldwide with criminals causing an estimated 485 billion US dollars in global fraud losses and fueling over 3. 1 trillion US dollars in money laundering and terrorist financing worldwide. We’ll be investigating the kinds of tactics these fraudsters use. The organisations and sectors that are most at risk and what they can do to combat this criminality.

Once again, thank you so much for listening to What The Fraud. Recording these podcasts has been a really eye opening experience for me too, and it’s been so interesting hearing the expertise and experiences of my peers in the industry. And if you’ve been loving this as much as I have, drop a review.

This will help enormously in other people finding this show. So they can access must know advice that could stop them from being scammed. So please follow, comment, review, you know the drill.