Red Flag Rules June 1 Deadline - Part II
Online gaming had been growing steadily over the past 10-15 years, but the COVID-19 pandemic threw rocket fuel on this corner of the internet, accelerating player onboarding and usage, and inevitably fraudster activity. The global online gaming market generated over $21 billion in revenue in 2020, translating to a record 21.9% growth Y/Y. Over a billion people globally now game virtually, increasing the odds for illicit activities galore, from insider cheating, poker bots, and bonus and phone top up abuses, to all manner of payment and identity-based fraud.
Just as financial institutions are required to have Know Your Customer (KYC) policies in place during new customer onboarding or in conducting existing customer transactions, so too should “live” and online Casinos enforce identity authentication and KYC processes to prevent gamer account takeover, identity fraud, and synthetic identity fraud. Beyond direct losses and potential non-compliance fines, however, a gaming operator must also keep the shine on perhaps its most valuable possession – its reputation.
It’s no exaggeration to say that every consumer research study conducted over the past few years has documented the growing identity fraud fears of customers across the entire financial spectrum, whether in general banking to specialized markets such as auto finance, home mortgages, and in gaming.
Both live and online gaming markets have experienced an influx of stolen consumer credentials, easily available on the Dark web, with fraudsters accessing and exploiting legitimate customer accounts. Allowing stolen credit card usage or fraudulent payment methods can and does result in major losses for both the customer and casino, and also opens up the risk for money laundering / muling operations. These security failures obviously erode the customer-business relationship, causes extensive reputational damage, and subjects the operator to extensive anti-money laundering (AML) fines and penalties.
Gambling executives worldwide are fully aware of the evolving fraud threat and are actively taking steps to mitigate its potential impacts on business growth, if not to ensure their continued existence. A recent study conducted by New Dimensions of Change Research revealed that their gambling executives respondents are hyper-focused on managing growth and risk within a high fraud landscape, and have undertaken security initiatives to foster consumer trust.
The study revealed that 59% of the surveyed gambling executives actually changed their transaction processes just since the outbreak of COVID-19 in early 2020, increasing their investments into various anti-fraud technology solutions. Further, gaming companies now tie “customer journey” factors to their overall business viability, with 83% of gambling executives asserting that smooth customer transactions are now essential to their survival, rather than just providing differentiation or a competitive edge in the market.
Identifying & Mitigating Risks
Whether conducting operations in-person or online, casinos and gaming organizations have robust legal responsibilities to prevent and mitigate the risks posed by fraud. These include but aren’t limited to ensuring that any unique gamer information (personally identifiable information (PII), bank accounts, etc) in your possession is kept secure. In a broader context, operators must also have in place safety protocols, programs, and systems to detect and prevent against breaches that could expose PII.
Machine driven processes that enable forensic-level identity document authentication is a key part of a casino’s onboarding and ongoing transaction procedures. Understanding and documenting exactly who the player is, and their respective legal age, are necessary processes that adhere to local and federal laws, as well as potentially international laws for best practices in terms of compliance.
Hand-in-hand with these procedures, live gaming operators could also employ cloud-based identity checks on-floor, using mobile devices to scan and verify the authenticity of identity documents, as well as conduct real-time database checks on whether gamers are a Politically Exposed Person (PEP), have a suspicious record, or even exist at all.
Evolving Rules & Regs & Solutions
Now, all this being said, it is significant to note the new “Federal Non-Documentary policy” that just went into effect October 2021. Per the Financial Crimes Enforcement Network (FINCEN) of the US Treasury Department, the use of non-documentary means in order to ID Casino visitors will now be permitted.
A bit of framing history: since 1985, the “Bank Secretary Act” had defined casinos as de facto financial institutions. As such, gaming facilities, as with banks, must file Currency Transaction Reports (CTRs) on all lone and/or aggregated currency transactions that exceed $10,000 per day. Additionally, if any indication of money laundering or any other related crimes are revealed, casinos are required to file a Suspicious Activity Report (SAR) when for example, they observe a small-time gambler exchanging significant amounts of cash for chips.
Prior to this new regulation, a casino’s staff was required to collect and inspect a gamer’s valid identity document -- such as a driver license or passport -- before opening customer accounts, extending credit, or accepting funds. In certain circumstances, those rigors are no longer required.
With the new policy, “most” casinos can now conduct “database checks” of a customer’s credit or fraud signal history via third-party consumer agencies, financial institutions, and public databases. Per FINCEN, casino staff can now employ Knowledge-based Authentication (KBA) to verify a gamer’s identity, eg. posing questions on “Monthly mortgage payment” or “Last employer” or “Last 2 home addresses”, comparing their answers with the data points shown on the report.
Why is this happening? Given the massive expansion of online gaming, FINCEN believes that third-party service providers and new technologies can offer more options on identity verification methods of an online casino player along with legacy documentary methods.
Key caveats to the implementation of this new policy include:
Ultimately, the goal of all live and online gaming establishments is to let their customers go about their business (or gambling pleasure) in the most secure yet expeditious way. Technologies and policies will continue to pivot to respond to known threats as well as scale to those (currently) unknown in the future.
Along with physical identity document authentication procedures, other technologies will come online to augment this fundamental methodology:
Work with a vendor with a decades long history of thwarting fraud in all forms, and one able to develop and access the tools your gaming organization needs to securely thrive.
Business leader with progressive experience in Technology Analysis & Consultative Sales. Industry SME in verticals: Personal Computing, Digital Displays, Cybersecurity, & Identity Authentication. Public speaker at vendor conferences and executive boards. Deep experience aligning company technology solutions with client requirements, enabling market growth for their respective products and services. Extensive research and understanding of market / competitor dynamics informs development of downstream go-to-market strategies for Sales & Engineering teams. Currently Sales and Solutions Director for UVeritech FraudFighter, driving R&D and GTM for PALIDIN Identity Authentication Anti-Fraud solutions.
According to FBI statistics Identity Theft is the nation's fastest growing crime. Identity theft...