Efficient Payment Fraud management in the iGaming space
The most important component of any iGaming business is to have fast and safe payment transactions. Since all those games in the industry (poker, casino, bingo, sports betting etc) involve a monetary payoff, it is important to avoid any friction in the payment process. If one were to observe the largest iGaming markets, such as the UK, Italy and Sweden, one would see how highly competitive the industry is. With a structural change taking place in the United States, analysts at Goldman Sachs predict domestic iGaming market size growth from $1.5B today to $14B in 2033 (27% CAGR vs 18% E-Commerce benchmark). The Financial Times reported that the US States started to legalize sports betting, with New York being the largest state that has recently done so, and Michigan, New Jersey and Pennsylvania becoming one of the largest markets in the world on their own. However, these substantial market growth rates have also attracted the attention of cybercriminals.
Other reasons why iGaming platforms have become increasingly lucrative targets for fraudsters is that they keep multiple payment credentials on file, permit relative anonymity, and some may lack relevant regulatory requirements. Moreover, with the lockdown giving more people time to play, the release of new games and a rush of first-time players there has been a significant increase in the volume of signups. This has caused iGaming companies to speed up their onboarding process with relaxation on onboarding and payment security controls. All of these factors provide the perfect conditions for fraudsters to thrive. Top iGaming companies must therefore find the exact balance between security and efficiency through payment solutions that are provided at a reasonable cost. In this blog, we shall discuss the various iGaming payment solutions these top iGaming companies should look for when they try to minimize online fraud.
– Success rate maximization with 3DS routing
When we talk about fraud management, an important regulation one has to consider is the recent PSD2’s SCA implementation. The noteworthy amount of attention it has received can be attributed to the arising issue of added friction with 3DS2 which essentially requires iGaming companies to build additional authentication into their payment flow, using two out of the following three authentication elements:
- Knowledge (something only the user knows) like a password or PIN.
- Possession (something only the user possesses) like a phone or wearable device.
- Inherence (something the user is) like fingerprints or facial recognition.
It goes without saying, these companies must search for a payment gateway that can implement 3DS2. However, just implementation is not enough, one also needs to combat the added friction. One way in which payment gateways can do this is through the solution of 3DS routing. 3DS routing allows iGaming companies to decide and implement their 3DS2 strategy thus, in turn, maximising their success rates. Namely, they can choose which transactions they want to pass on to 3DS2, 3DS1, or no 3DS. This feature routes transactions to the most efficient authentication protocol, taking into account exemptions and other valuable information. To illustrate, for regular players with a small likelihood of chargebacks, one can route the transactions to no 3DS, ultimately decreasing checkout frictions and potentially preserving customer loyalty.
– Real-time data analytics
The inherent challenge iGaming companies’ face is in differentiating between good and bad traffic. However, this challenge is not without a solution when partnered with a payment gateway that provides data and insight into each player’s transactions and behaviour. When a transaction is deemed unsuccessful, the merchant will be notified of the reason for the transaction failure. If the reason stated is that the user is using a reportedly stolen card, the merchant can then proactively block the card and its user. By gaining such insight, one can stop blocking legitimate traffic, improve acceptance rates and increase revenues. Learn more about the uses of data analytics in our blog Using Payment analytics and insights to grow your business.
Moreover, data lakes can support identity authentication with passive biometrics, protecting their users from fraud. When running such a data lake, payment gateways activate a variety of machine learning tools alongside optimised payment fraud detection algorithms.
– Fraud engine
Moreover, the iGaming payment gateway must also offer a real-time fraud prevention solution. When running data lakes (as previously mentioned), payment gateways activate a variety of machine learning tools alongside optimised payment fraud detection algorithms. Such fraud engines are quick to analyze and detect new fraud patterns. The algorithms essentially identify and prevent highly probable fraudulent transactions from being approved, while reducing the scope of false positives. This also enables iGaming companies to understand customer behaviour better and detect abnormalities. Not only are these machine learning-based fraud engines significantly more accurate, but they have proven to be more efficient and cheaper when compared to manual reviews performed by fraud analysts. Fraud solutions also incorporate bot and proxy detection and offer unique device fingerprinting which, when combined with other fraud prevention tools, can be especially effective.
Lastly, one must not forget the effectiveness of tokenization, which basically replaces sensitive account and card information with something that cannot be decrypted (token), thus securing the transmission of sensitive data. This precludes data breaches and prevents fraudsters from obtaining user data. Tokenization has benefits beyond just protecting data- it can be used for one-click payments, which give returning customers a significantly faster and safer checkout experience.
Taking it a step further, some payment gateways also use HSM (hardware security module) based KEK encryption. Now KEK stands for key-encryption-key and essentially means you can encrypt one key with another key. Since there is no way for even the payment gateway to access the second key, hacking is out of the question. Even if someone were to hack their servers, they still would not get this data, ensuring an incredibly high standard of security is maintained.
Any attempted fraud can result in more chargebacks (that are already a common occurrence in this landscape) and an overall higher banking fee. While many payment companies offer some kind of fraud solution, the majority do not deploy the latest and most advanced technology that high-risk businesses like iGaming companies need. The ability to fight fraud in such an industry not only affects the company’s profitability, but also their customer loyalty and credibility, hence must be given the utmost importance.