By Dmitry Starostenkov, CEO at Evenbet Gaming
We know five main use cases of AI in gambling to date. The most commonly used ones are those that directly affect the company’s profit or app monetization. Another use case of anti-fraud service is already included in the minimum requirements for modern gaming software to counter fraud, fake accounts, and money laundering.
A gaining popularity trend is AI usage for app interface customization to match user-specific interests. A player sees a personalized set of games based on his interaction history and similar gamers’ profiles. By personalizing advertising campaigns and providing special offers, an operator can increase profit. For instance, personalization is one of the pillars of Netflix. Personalization of special offers is mainly happening through the integration of specialized marketing solutions so far.
Then, there are AI-based game bots that implement the simplest logic for testing applications. More sophisticated bots intended to be actually used in the game can be indistinguishable from humans and are prone to make mistakes. Most players have mixed feelings about this practice, especially when it comes to games with lots of interaction. Though sometimes bots are used for criminal activities.
The use of AI to assess or even prevent gambling addiction and risk behavior is the least common so far. There is only one operator, Kindred, which showed the first results, in this regard.
Why are traditional fraud prevention methods no longer enough?
There are two main cyber crimes’ types – money laundering through gambling and fraud. In case of fraud, first of all, users suffer, the operators are also indirectly damaged as the consequences are enormous for the brand reputation, and companies provide compensations to cover users’ financial loss and have to interact with law enforcement agencies. The most dangerous thing for gambling operators is to lose the public’s trust. Since the competition is high, the players will not trust companies suffering from data leaks, where their accounts and finances are vulnerable. In the most saturated and financially attractive markets (Europe, USA), frequent fraud cases can be critical for the operator’s business.
According to the Federal Trade Commission (FTC), complaints due to fraud reported $117 million in losses only during the first half of 2020, while overall losses in 2019 accounted for $134 million for the entire year. In Europe and the United States, it is associated with theft or leakage of user data or account hacking (card transactions, player self-exclusion fraud), but the use of bots for fraud is widespread in Africa.
If money laundering happens through gaming platforms and the operators do not counter it, the consequences can be huge, starting from the casino’s closure to criminal prosecution. The new EU and US AML directives are stringent, so tracking and identifying suspicious in-game transactions is crucial.
Traditional fraud prevention methods are “manual,” for instance, work with users who encountered an in-game scam. No one applies this method to date in developed markets since it does not reduce the risks of damage to brand reputation, decertification, and criminal prosecution. To avoid online fraud, gaming operators adopted automated monitoring of suspicious activities provided by all software developers (they integrate third-party solutions if there is no anti-fraud of their own).
One of the main challenges is the AI ethics to assess human behavior and to initiate actions on users, like limiting the functionality available or blocking, and bots’ integration in games with real people, even if bots do not win money.
Using AI in the fight against cyber fraud
Today’s key technology challenge is to define fraud detection goals and metrics and the need for constant updates. Although money laundering and fraud schemes practically do not change, new technology constantly appears (to create a fake account, for illegal hacking of the accounts).
Protection from multiple accounts
The most obvious thing is to track an account creation from one IP address (from one location) and logins from one IP. Location tracking also helps prevent cooperative play, where several people play in the same room online and coordinate their actions.
There are the effective technical solutions:
- banning multiple logins from one ip in principle
- prohibition of playing several accounts from one IP at a table or in a tournament, in a certain game
- automatic monitoring of registrations and in-game patterns, which detects potentially suspicious multi-accounts (ip, matching or similar user data, then in the game – patterns of behavior, for example, certain patterns of bets, playing at certain intervals, etc. – this is for protection from bots).
Control of transfers and withdrawals
1. Fund transfer between players and abuse prevention
- Transfer limits (frequency, maximum amount of transfer)
- Confirmation of transfers
- Restrictions on transfers for new players etc.
- Automatic recognition of the “chips dumping” in the game: it is simply a transfer of funds from one account to another in the guise of a game.
2. Control of funds withdrawal:
- Setting custom limits for withdrawal or mandatory confirmation for withdrawing of specific limits.
- Deposit and money withdraw only for players who went through the verification process (manual or automated verification of some documents).
- Cash-out limitation helps prevent money laundering.
- Restrictions on the money withdrawal in case of suspicious account activity.
Account protection from hacking
1. Account protection from hackers and illegal money withdrawal:
- Server security solutions: 2FA installation, brute force protection, and from other common ways to crack passwords (by now, almost everyone has it).
- Protection against withdrawal through the control options (see the previous item).
2. Automated player security support, accounts protection from hacking, and control of data leakage.
Online casinos often suffer from hackers: brute force is used to hack the most popular passwords, and phishing is used for the most popular casinos or sports betting brands. A lot depends on the users’ caution. Still, an operator can also secure the system by 2FA implementation, account confirmation when entering from an unusual location (for example, the player always plays from Poland, and the login was created in Peru), secure channel for data exchange between a client and a server, a payment system and a client, a payment system, and a server.