Discover What It Takes to Prevent Bonus Abuse/Bonus Whoring
When new users sign up to a gaming website, they usually receive a bonus or marketing offer for joining. This can be vulnerable to abuse, though, via what’s known as bonus abuse (synonymous with casino whoring) – creating multiple accounts in order to gain bonuses that are usually only available to first time users. Promo abuse fraud can cause huge issues for gaming and casino companies, who end up losing money to fraudsters that would otherwise be used to entice new customers.
Criminals usually exploit using bonus abuse or casino whoring simply by withdrawing funds each time they sign up to a website – they can continue to do so until they are caught. Bonus abuse usually isn’t profitable to individual criminals, instead being more lucrative to criminal rings with the resources to keep creating accounts using stolen IDs and pre-paid credit card details to bypass Know Your Customer (KYC) checks. They might also use fake names and disposable emails in order to create multiple accounts. This becomes a problem for iGaming operators who are looking to stay compliant with anti-money laundering (AML) regulations – if your signup process is open to abuse and accepts criminals using stolen credentials, then it’s simply not an effective enough KYC process.
So why might you look at giving out bonuses in the first place? They’re usually part of an iGaming operator’s long-term strategy — usually provided to users during the signup process (and as part of a reward program for returning or loyal customers). This makes them a useful way of enticing customers to keep returning and to keep playing. Signup bonuses are usually given once a player puts down a deposit, but operators that offer a signup bonus that doesn’t require a deposit are the main target of fraudsters as this is easier to exploit.
Fraudsters looking to inflict casino bonus abuse have a few ways to exploit offers systems. Below are a few possible ways they might do this:
Bonus Hunting is the term used to describe fraudsters who look to profit from bonuses provided to new users on registration – they find a way of making a profit from the bonus and withdraw the money before moving on to the next site offering them a similar bonus (usually one that doesn’t require a deposit).
In order to stop most users from exploiting their system, casinos and iGaming operators only allow their customers to set up one account. Usually this is limited by the customer’s IP address. However, fraudsters can attempt to get around this by using a VPN or any other strategy that allows them to create accounts from several different IP addresses. This gives them the ability to create as many accounts as they like in order to claim signup bonuses and withdrawal them as quickly as possible.
Most online casinos have restrictions and rules for the way that their promotions can be used. They often have these in place as well to stop users from exploiting their rewards system and bonuses – for example, they might stop you from being able to play particular games with the money you receive from a signup bonus. Games with a low house edge like poker or blackjack usually can’t be played with site bonuses, because the gross profit a casino makes from these games is usually low. However, fraudsters can find sophisticated ways around technological restrictions placed on low house edge games – and bet their bonus money on them.
Regular customers usually only get to spend their casino bonus once, unless they’re offered another one further down the line as part of the casino’s reward system. The bonus they get on signup, for example, is only available once – when they register. This is usually tracked by the site, so fraudsters might try to bypass this tracker so they can keep redeeming that otherwise one-time bonus.
Some fraudsters work alone, but others collude with other players in order to exploit an operator. This can look like collaborating on the same game in order to influence an outcome in a particular way, or getting new users to register so that they can siphon signup bonuses to them. This type of abuse is particularly difficult for casinos and iGaming websites to monitor – criminals working as part of crime rings might collude with each other on the same game.
Finally, bonus stacking isn’t fraudulent, but can still cause casinos trouble as it involves combining multiple bonuses from several different offers. Usually casinos hope that their customers will spend their bonuses quickly rather than saving them in order to stack them.
Bonus abuse can be attractive to fraudsters as it poses a challenge while also offering the opportunity of a high financial reward for them. Unlike regular customers, fraudsters don’t rely on chance in order to make a profit – they use techniques based on mathematics in order to calculate their arbitrage odds. While bonus abuse is no longer the easy target that it once was (due to gambling sites changing their betting requirements and no longer offering large bonuses), fraudsters are always finding new ways of targeting these operators.
So, what are the signs and patterns for abusing sign-up bonuses? There are patterns that can indicate whether a user is potentially a fraudulent actor. For instance, they might withdraw funds from their account immediately after payout. The timespan itself between registration and withdrawal might be suspiciously short. They might also complete the registration process faster than the average user — it suggests that they may have completed this process before. Finally, fraudsters might prefer games which have a lower risk and lower odds – they are more likely to be able to make a profit this way.
Casinos and iGaming operators therefore need to be able to protect themselves against this type of attack, no matter how strict their terms and conditions of play are. This helps them to keep up with anti-money laundering regulations as well as protecting their own site from being exploited by criminals. Operators looking to increase their security might be considering increasing their KYC checks. While asking for an ID verification at the beginning of a signup can be a means to filter out fraudulent customers looking to make multiple accounts, it causes additional friction to regular customers just trying to make an account on the site – which could put them off the registration process entirely.
Other methods that don’t increase this risk of friction include pre-KYC IP monitoring and device fingerprinting. IP monitoring can be used to make sure that customers aren’t using the same IP address to register multiple accounts. However, since criminals might be using a VPN or other technology to hide the fact that they’re using one IP address, it’s important for operators to look into adopting device fingerprinting to spot criminals. It’s a lot harder to fake a device fingerprint (the unique configuration of a user’s device and software), which makes this a much more effective way of spotting whether a criminal is trying to register multiple accounts. What’s more, operators might find that fraudsters use the same password in order to create multiple accounts.
Operators can also put off fraudsters from attempting to exploit their bonus system by making it harder to immediately withdraw that bonus before playing – they might create requirements that mean that you’re only able to withdraw the bonus after the user has played it a few times.
Casinos and iGaming sites might want to go as far as to block risky countries from gaining signup bonuses – for example Russian and Eastern European users might be restricted from gaining these.