Winning the war against fraud, advice from experts

The iGaming industry has become a prime target for cybercriminals, with attacks on the rise. Experts from leading anti-fraud organisations shared their insights with SiGMA News, shedding light on the battlefront, where innovation and vigilance are paramount.?

The perfect target

According to Mateusz Chrobok , Head of Fraud Intelligence at Mangopay , fraud in iGaming is an inevitable byproduct of its lucrative nature. “Fraudsters are always looking for weak links,” he said, stressing that these attackers are incentivized by the promise of high returns. “They’re smart, organised, and determined. Their aim is simple: to earn money on top of you.” The rapid growth of the industry makes it an attractive target.??

Gauri Davies , Head of Gaming EMEA at Cloudflare , agreed, pointing out that sectors like sports betting and online casinos are particularly vulnerable because of the immense financial flows they handle daily. “The bigger the prize, the harder they’ll try to crack it,” she said, stressing that the profitability of fraud in iGaming ensures its persistence.

Mateusz Chrobok also described the iGaming sector as particularly vulnerable due to its sometimes lower Know Your Customer (KYC) thresholds and rapid onboarding processes. These features, designed to attract players with convenience, also lower barriers for fraudsters. “In iGaming, scaling fraud is easier because there’s less verification. If fraud starts happening, you need to react quickly,” he explained.?

Fraudulent activities in iGaming aren’t limited by borders, either. According to Davies, “There is no border on the internet. Huge bot networks could attack your website from anywhere—be it the US, Russia, or elsewhere.”

From automation to behavioural mimicry

The tools and methods employed by fraudsters are becoming increasingly sophisticated. According to Chrobok, fraudsters leverage automation to amplify their attacks. “The first attackers are testers. Once they find a vulnerability, automation takes over, scaling attacks to thousands of devices,” he said. Techniques include creating virtual devices, mimicking human behaviour, and using multiple IP addresses to evade detection.?

Cloudflare’s Davies added that DDoS attacks, account takeovers, and bot-driven activities are common in both casino and sportsbook platforms. These attacks can overwhelm a company’s infrastructure, compromise user accounts, or outright steal sensitive data.?

The industry faces a diverse range of sophisticated attacks. Gauri Davies explained that sports betting platforms are especially susceptible to “bot attacks and content scraping,” where fraudsters steal odds to outcompete legitimate operators. “Account takeovers and DDoS attacks are common across the entire industry,” she added, emphasising the global nature of these threats. She also described how fraudsters use “remote access tools, spoofing, and even generative AI to bypass KYC systems,” enabling them to exploit vulnerabilities at scale. She concluded the list by noting the danger of ransomwares.?

Making fraud costly: the key to deterrence

According to Chrobok, the most effective approach is to raise the cost of carrying out an attack. A system doesn’t need to be flawless—perfection is unattainable—but it does need to make attacks unprofitable and cost-inefficient. The goal is to increase the effort and expense required for an attack to such an extent that fraudsters are deterred. As Chrobok explained, “If it’s too expensive to defraud you, they’ll move on to your competition.” Fraudsters are often resourceful and intelligent, but their primary motivation is profit, and targeting less fortified systems becomes their next move.

Fighting back

Despite the challenges, companies like MangoPay and Cloudflare are arming the iGaming sector with cutting-edge tools. MangoPay focuses on behaviour-based analysis through its Layer 7 approach, which examines how users interact with services. “We use behavioural biometrics to detect whether an interaction is real or automated,” Chrobok explained.?

Cloudflare, on the other hand, deploys its expansive global network to absorb and filter out malicious traffic. “We clean your traffic so that even during a huge attack, legitimate users can still access your site,” said Davies. Cloudflare’s bot management systems also protect against odds scraping, safeguarding sportsbooks from losing their competitive edge...[Read more ]