An Honest Question

24 January 2008

As an I-gaming operator, you should ask: Is my company doing enough to protect itself from fraud?

You've probably heard this pitch before. But according to Scott Olson, VP of marketing for fraud management firm iovation, companies are always under attack, whether they know it or not.

I-gaming companies are the biggest targets for fraud attacks because they are packaged as a casino and a bank, making them very attractive, he said, addressing attendees at the Combating Cybercrimes in Betting and Gaming Conference.

Olson told IGN the number-one threat to online gaming operators is credit card fraud. Credit card fraudsters either steal a person's credit card number or steal someone's personal information for the purpose of creating a credit card.

Either way, that type of fraud is the most expensive and damaging to an online gambling company, Olson said, and can result in twice the chargebacks.

First, the company must pay back the credit card company for the false charge; then it has to pay each legitimate customer that may have won some of the pot at a poker table, for instance, at which the fraudster was playing.

"Fraudsters haven't gotten smarter, just more organized," Olson said.

Other costs to companies under attack include an increase in investigations and inefficiencies, damage to the site's reputation, and most of all, higher payment processing costs, he added.

Perhaps the most frightening part is how fraudsters acquire personal information. Olson said there are the traditional means, such as phishing scams and BOTs. But surreptitious chat rooms and databases exist where people can buy, sell and trade credit card numbers and the personal information of strangers from all over the world.

These "carding databases" are available on the Internet, and the information is used for spamming, hosting porn sites and stealing information for creating credit cards.

Money laundering, a potentially thorny compliance issue for the I-gaming operator, was recently on Brussels' radar as it implemented the latest incarnation of its Money Laundering Directive.

In December, all members of the European Union signed off on the European Commission's 3rd Money Laundering Directive (3rd MLD), which is a directive for the prevention of money laundering and terrorist financing throughout Europe.

Leon Thomas, head of regulatory compliance and MRLO at PartyGaming, said I-gaming is not an ideal venue for money laundering, but it is an industry that still needs to comply with the 3rd MLD, as well as other financial legislation.

He said that while I-gaming was not directly mentioned in the directive, licensed casinos were, and e-casinos fall under that category in the EC's view.

One of the benchmarks for compliance is when everyone in the company knows the anti-money laundering systems -- even the CEO, he said.

He added that while it is key for companies to appoint a trained money laundering reporting officer, senior management must take responsibility as well. Furthermore, customer-facing departments must be trained in anti-money laundering detection, internal risk-based AML systems must be implemented as well as procedures for reporting suspicious activity and ID verification products have to be implemented.

"The cost is high, but comply or die," Thomas said.

Emily Swoboda is the senior staff writer at IGamingNews. She lives in St. Louis, Mo.