Gaming industry faces increased digital fraud, cybersecurity threats

Gaming industry faces increased digital fraud, cybersecurity threats

  • Rege Behe, CDC Gaming Reports
July 23, 2022 6:45 PM
  • Rege Behe, CDC Gaming Reports
  • United States
  • Commercial Casinos

As casino companies continue to ride the crest of 2021’s record $53 billion in revenue, people are taking notice.

Not all of them are investors, financial analysts, or industry CEOs.

According to an analysis conducted by Chicago-based global information and insights company TransUnion, attempts to breach the gaming industry through digital fraud increased by 50.1% in the first quarter of 2022. TransUnion Head of U.S. Gambling Declan Raines says these attacks are symptomatic of industries that handle lots of money. And because the gaming industry has witnessed unprecedented growth over the last year with more states coming online, “It’s naturally going to attract fraud and fraud attempts.

“Looking at it from a gaming perspective, these results coincide with a broader trend you’re seeing in the gaming industry at a high level,” Raines says. “The market trend at the moment is player acquisition, acquiring as many players as possible.

“And that ties into the commercial environment we see right now, where that is such a priority in U.S. gaming. When you have attractive deposit bonuses [most attempts to defraud the gaming industry target promotions], when you have so many more opportunities, there are forces trying to conduct bonus abuse or account takeover. It’s going to naturally align with those broad industry forces that are focused on acquisition and acquiring players.”

Lawrence S. Shen, principal for the Las Vegas-based casino and gaming consulting firm C3 Gaming, cites two reasons why gaming operators are susceptible to fraud attacks. First, the gaming industry is “somewhat vulnerable,” Shen says.

“So many platforms and products are getting online every day and all of them are rushing to grab market share. The focus and resources spent on acquiring customers put some companies’ due diligence on cybersecurity to the back seat. Some products and platforms started operating without a bulletproof cybersecurity detection-protection system.”

Second, younger bettors are vulnerable, because they lack the awareness of older more experienced gamblers. “Attackers could follow this logic and target this segment of the gaming industry,” Shen says.

TransUnion arrived at its conclusions based on intelligence gathered from “billions of transactions” and more than 40,000 websites and apps contained in TruValidate, its identity-proofing risk-based authentication and fraud-analytics suite. According to the analysis, global attempts at digital fraud across all industries decreased by 22.1% compared to the first quarter of 2021.

But certain industries were increasingly targeted.   In addition to gaming, insurance (134.5%) and logistics (42.7%)   were subjected to more cyberattacks. Those industries would not seem to have much in common, save one important factor: All three have experienced recent growth, which creates volume, which begets more attempts at fraud.

“I wouldn’t say growth creates weakness,” Raines says. “Growth creates volume, along with the volume of   attempts. It’s important to note that fraud attempts don’t mean fraud (occurred).”

Raines would not speculate if casino companies were victimized by successful fraud attacks. But Andrew Cardno, chief technical officer and co-founder of Quick Custom Intelligence, a San Diego-based company that develops real-time operational tools for gaming operators, thinks “the industry is in the middle of large-scale cyberattacks.”

“I’ve heard numbers like a dozen or more properties that have been closed down,” Cardno says. “One I know was closed for several months.”

A November 2021 article in Security magazine stated that some operators have suffered losses from the cyberattacks. “From MGM in Las Vegas to Lucky Star in Oklahoma, casino systems are being breached and data is being exfiltrated and locked down with ransomware, leaving organizations unable to operate until significant efforts in system restoration have taken place.”

To prevent attacks, Cardno thinks casinos should build “isolation mechanisms to allow their properties to operate with core gaming systems disconnected from the internet. The key to remaining vigilant is to realize that the cyber attackers are extremely sophisticated and operators need to be realistic about their own defense mechanism.”

A July 2022 article in Yahoo Finance stated that the cost of global cybercrime is estimated to be near $1 trillion annually and is expected to reach $10.5 trillion per year by 2025. Each data breach in the “global cyber security services market is now around $92 million, and it’s estimated that each incident causes an average of 9 hours of downtime,” according to Skyquest, a global market-intelligence, innovation-management, and commercialization organization.

Raines says sports betting and igaming operators are vigilant about cyberattacks and threats to their databases. All reputable operators must adhere to strict security requirements mandated by the jurisdictions where they do business.

“(Gaming operators) have these robust elements in place,” Raines says. “But that’s not always going to deter fraud, and fraud is an ever-evolving element.”

According to Shen of C3 Gaming, bettors should be aware of the possibility of digital fraud, but not overly concerned, as long as they gamble with legitimate operators.

“There is danger lurking,” Shen says, “but I’d say the likelihood of cybersecurity issues and fraud happening with state-licensed operators remains very low. Any non-real-money platforms, offshore casinos and sportsbooks, and sports-tip websites that require personal-information registration are much more likely to pose threats to customers’ data.”

Rege Behe is lead contributor to CDC Gaming Reports. He can be reached at Please follow @RegeBehe_exPTR on Twitter.