The iGaming industry has become a prime target for cybercriminals, with attacks on the rise. Experts from leading anti-fraud organisations shared their insights with SiGMA News, shedding light on the battlefront, where innovation and vigilance are paramount.
The perfect target
According to Mateusz Chrobok, Head of Fraud Intelligence at MangoPay, fraud in iGaming is an inevitable byproduct of its lucrative nature. “Fraudsters are always looking for weak links,” he said, stressing that these attackers are incentivized by the promise of high returns. “They’re smart, organised, and determined. Their aim is simple: to earn money on top of you.” The rapid growth of the industry makes it an attractive target.
Gauri Davies, Head of Gaming EMEA at Cloudflare, agreed, pointing out that sectors like sports betting and online casinos are particularly vulnerable because of the immense financial flows they handle daily. “The bigger the prize, the harder they’ll try to crack it,” she said, stressing that the profitability of fraud in iGaming ensures its persistence.
Mateusz Chrobok also described the iGaming sector as particularly vulnerable due to its sometimes lower Know Your Customer (KYC) thresholds and rapid onboarding processes. These features, designed to attract players with convenience, also lower barriers for fraudsters. “In iGaming, scaling fraud is easier because there’s less verification. If fraud starts happening, you need to react quickly,” he explained.
Fraudulent activities in iGaming aren’t limited by borders, either. According to Davies, “There is no border on the internet. Huge bot networks could attack your website from anywhere—be it the US, Russia, or elsewhere.”
From automation to behavioural mimicry
The tools and methods employed by fraudsters are becoming increasingly sophisticated. According to Chrobok, fraudsters leverage automation to amplify their attacks. “The first attackers are testers. Once they find a vulnerability, automation takes over, scaling attacks to thousands of devices,” he said. Techniques include creating virtual devices, mimicking human behaviour, and using multiple IP addresses to evade detection.
Cloudflare’s Davies added that DDoS attacks, account takeovers, and bot-driven activities are common in both casino and sportsbook platforms. These attacks can overwhelm a company’s infrastructure, compromise user accounts, or outright steal sensitive data.
The industry faces a diverse range of sophisticated attacks. Gauri Davies explained that sports betting platforms are especially susceptible to “bot attacks and content scraping,” where fraudsters steal odds to outcompete legitimate operators. “Account takeovers and DDoS attacks are common across the entire industry,” she added, emphasising the global nature of these threats. She also described how fraudsters use “remote access tools, spoofing, and even generative AI to bypass KYC systems,” enabling them to exploit vulnerabilities at scale. She concluded the list by noting the danger of ransomwares.
Making fraud costly: the key to deterrence
According to Chrobok, the most effective approach is to raise the cost of carrying out an attack. A system doesn’t need to be flawless—perfection is unattainable—but it does need to make attacks unprofitable and cost-inefficient. The goal is to increase the effort and expense required for an attack to such an extent that fraudsters are deterred. As Chrobok explained, “If it’s too expensive to defraud you, they’ll move on to your competition.” Fraudsters are often resourceful and intelligent, but their primary motivation is profit, and targeting less fortified systems becomes their next move.
Fighting back
Despite the challenges, companies like MangoPay and Cloudflare are arming the iGaming sector with cutting-edge tools. MangoPay focuses on behavior-based analysis through its Layer 7 approach, which examines how users interact with services. “We use behavioural biometrics to detect whether an interaction is real or automated,” Chrobok explained.
Cloudflare, on the other hand, deploys its expansive global network to absorb and filter out malicious traffic. “We clean your traffic so that even during a huge attack, legitimate users can still access your site,” said Davies. Cloudflare’s bot management systems also protect against odds scraping, safeguarding sportsbooks from losing their competitive edge.
Collaboration and proactive measures
Collaboration across the industry plays a pivotal role in combating fraud. Chrobok stressed the advantages of pooling knowledge and resources: “We’re improving detection methods based on what we see across thousands of companies. That network effect benefits everyone.” He likened it to forming a partnership, explaining, “We bring our expertise and solutions to you, and when you share feedback—like where you’ve been targeted—we can quickly identify the method, implement protections, and not only safeguard you but also the entire network.”
Both experts emphasised the importance of proactive strategies. Chrobok described his work as an ongoing “war” where vigilance and quick reaction are critical. “Fraudsters are smart and organised, often operating at scale. If you don’t adapt quickly, you become the weak link,” he warned.
For Davies, staying ahead means not just reacting to fraud but anticipating it. “The rapid pace of change in technology and player behaviour requires constant adaptation,” she noted. Tools that streamline compliance and improve security can help operators focus on delivering high-quality gaming experiences without distractions.
The cost of inaction
Fraud isn’t just a technical challenge—it’s a financial and reputational risk. Chrobok pointed out the direct costs of fraud, which can escalate rapidly in the absence of timely intervention. “If fraud goes into thousands, you can lose thousands or even millions. Reaction time is crucial,” he said.
Meanwhile, Davies emphasised the indirect costs, such as losing player trust or failing to meet regulatory requirements. “When clients come to us, they often have a technical problem caused by an attack. But solving it is only half the battle—prevention and compliance are just as important,” she said.
Human error
While technology drives many attacks, human error remains a significant weak point. Chrobok emphasised that some operators still rely on manual processes for fraud detection, leaving them woefully unprepared. “I met operators who didn’t have a system—they were literally tracking fraud by hand,” he said incredulously. Davies highlighted another facet: the mismanagement of tools and resources. “Even with the best technology, poor implementation or lack of training can open doors for attackers,” she said. Both experts stressed that education and vigilance are essential, with Chrobok likening fraud prevention to a race: “You have to run faster than the bear—or in this case, the fraudster.”
Winning the war
The battle against fraud in iGaming is a high-stakes game requiring constant vigilance, innovation, and collaboration. Chrobok highlighted the use of generative AI to fake KYC processes as an emerging trend. “Don’t trust that your systems will forever be secure,” he advised. “Fraudsters are always innovating. Monitor your systems continuously.”
Companies like MangoPay and Cloudflare are leading the charge, providing operators with the tools to detect, prevent, and mitigate attacks. However, as fraudsters become more sophisticated, the industry must remain proactive and adaptable.
As Chrobok aptly summarised, “Fraud is a war. Being attacked is not a shame—it happens to everyone. What truly matters is how you respond and how quickly you adapt. Together, we can make fraud too costly for criminals to pursue. If everyone starts responding effectively, they will be driven out of business—and that’s exactly what we aim to achieve.”
Subscribe to SiGMA’s Top 10 News countdown and SiGMA’s Weekly Newsletter to stay up to date with all the latest iGaming News, and benefit from Subscriber-Only Offers.
