More than a month after GeoComply reported that there were thousands of fraudulent attempts to access Ontario‘s regulated iGaming market during the Super Bowl, the Vancouver-based third-party location service provider has released a new report that demonstrates just how vital fraud prevention is in the province.
In a report titled, “Ontario Anniversary Risk Report”, GeoComply revealed that there were 3.3 million location spoofing attempts into Ontario operators that occurred from all around the world in the past year. This includes over 54,000 users from within the United States that have attempted to log in 305,000 times to Ontario operators from south of the border. Over 219,000 devices were prevented from gambling for fraud reasons since April 4 of last year and GeoComply detected 1,045 fraud rings affecting multiple operators.
Private operators in Ontario must meet the requirements of the Alcohol and Gaming Commission’s Internet Gaming Compliance Guide. Section 2 of the guide is dedicated to technology compliance, where there are strict guidelines regarding player location validation. Many of these operators, such as BetMGM, DraftKings, and FanDuel, have enlisted the help of GeoComply to ensure they remain compliant and that their players are, in fact, located within the provincial borders of Ontario.
“Online fraud is not uniquely a sports betting or iGaming problem,” said GeoComply Director of Risk Services Danny DiRienzo in a press release. “Recent data shows that cybercrimes were up 50% in 2022 across all forms of e-commerce. However, our industry’s high standards of compliance put us in a strong position to combat it. Because every bettor must verify their location, we have the data to stop fraud before it gets a foothold.”
GeoComply says the fraud attempts are mostly identity theft and operator bonus abuse, with some account takeovers and credit card chargebacks.
“Ontario is such a large market and the opening of any market results in bonus offerings attracting fraudsters,” DiRienzo explained. “This, coupled with the traditional grey market operations in Canada, resulted in experienced fraudsters hunting bonuses from day one, as anyone with a set of stolen identities could collect bonuses from several operators.”
GeoComply says the number of fraudulent attempts in Ontario is comparable with similarly-sized American States that have legal iGaming and/or sports betting.
Prior to the launch of Ontario’s market, GeoComply’s Managing Director of Gaming Lindsay Slader told Sports Handle that Ontario is a complex region to geofence.
”Ontario is a particularly unique geographic place to be geofenced because it borders the American border, and it’s probably the second-most populous jurisdiction that GeoComply is going to support. So after New York, it has 14 or 15 million people, that’s bigger than Pennsylvania, bigger than Michigan, bigger than New Jersey. A large portion [of the population] is clustered right around the American border. Lots of bridges, tunnels, rivers, and also some land areas.
“Montreal is within very close reach [roughly 19 miles] of betting on an Ontario site. What kind of risk does that pose? When you’re thinking about how you pinpoint someone’s location, if you’re not looking at accurate location data like Wi-Fi or GPS, you’re just counting on an IP address. An IP address can easily cover 50 kilometres [31 miles] or more, it can easily stretch you from Montreal into Ontario, even if you may not even actually be in Ontario. There’s definitely risks to the different types, or calibres of different types, of geolocation you’ll be using.”
A curious case
The year-end report also included an interesting case study specific to the city of Toronto.
GeoComply says it investigated a fraud ring in a Toronto apartment that targeted 15 operators after it discovered 110 users transacting with one operator from the same apartment block. Many of the IDs were from addresses outside of the province and many of them belonged to seniors, which is an indicator of stolen identities and bonus abuse.
At the conclusion of the investigation, GeoComply found that 696 users transacted 13,922 times with 15 operators from the apartment block.
“When the users and devices were analyzed, they were linked to login attempts from a vastly disparate group of addresses, including Texas, Louisiana, New York and even the Dominican Republic. While some people travel a lot, the likelihood of so many converging on one location is slim,” DiRienzo said in the release.
A virtual barrier was set up around the address so that new users in the location are closely monitored, and operators were able to block the overwhelming majority of the spoofing attempts.