What are bots costing gaming and betting companies?
By Alex McConnell / 24th Aug 2021
As the pandemic pushed more businesses to an online-first model, cybercriminals seized opportunities to profit from fraudulent activity. But the financial impact of these attacks on businesses has been hard to quantify.
Netacea recently surveyed 440 businesses from across the USA and UK to understand how much financial impact bot attacks are having across different industries. Read the full results in our report: What Are Bots Costing Your Business?
Analyzing the responses, it’s clear that those in the gaming and betting industry are keenly aware of the financial harm betting bots can do. The survey revealed that 65% of gaming and betting websites, and 78% of gaming and betting mobile apps, were attacked by automated betting bots in the past year.
What are the top bot threats to gaming and betting businesses?
Web scraping and arbitrage betting
Web scraper bots are one of the most commonly reported threats to gaming and betting sites, with 36% of the businesses we surveyed listing them as an issue.
Arb betting is a controversial tactic that takes advantage of unbalanced odds across bookmakers and betting exchanges, guaranteeing profit on specific bets no matter the outcome. As arb bettors take advantage of loopholes to always make a profit, it is estimated that arb betting costs the industry at least £12million annually – however the number could be as high as £100million according to some experts.
Arbitrage betting bot software can automate the whole process. Because arbitrage betting tools require a constant, up-to-the-minute stream of information to identify suitable bets before the odds change, arb betting causes massive web scraping activity on gaming and betting sites. The cost of serving the requests made by scraper bots is significant, accounting for the bulk of all traffic on bookmaker sites at peak times.
Aggressive scraping is also linked to infrastructure bottlenecks, slowdowns and crashes at peak times. These can lead to lost revenue, damaged brand reputation and high support overheads.
Account takeover attacks
As user accounts on gaming and betting sites and online casinos often contain financial details and balances, they are a prime target for account takeover attacks. In fact, 46% of the businesses we surveyed within the industry had seen account takeover attacks launched on their website.
User accounts are often stolen via phishing attacks, data dumps or bought from sites like the Genesis Market. Even if an account for another website or service entirely is compromised, bot operators take advantage of the fact the same passwords are routinely reused across accounts. Criminals use credential stuffing bots to verify the validity of login details, or to launch “brute force” attacks if login details are incomplete.
Repatriating accounts and returning lost assets is costly for gaming and betting businesses, despite often being out of their control. It is usually in part the fault of the customers themselves for poor password hygiene, or another business that had their users’ account details leaked.
Fake account creation and bonus abuse
Many gaming and betting sites offer signup bonuses or credits to new customers to encourage them to use their site over that over a competitor. While this is a great way to attract new customers, many threat actors use bots to take advantage of this system by creating multiple fake accounts, or hacking into the accounts of new customers, to maximize the signup bonuses available.
It has been found that approximately 20% of new registrations to gaming and betting sites were created by previously active users. While it is difficult to estimate the cost of bonus abuse without visibility of bot traffic, some estimates suggest it is about 15% of total revenue.
A significant impact on gaming and betting websites
While these attacks are very costly to bookmakers, the first step in minimizing their impact is to recognize they are happening and put a plan in place to stop them.
Unfortunately, most businesses surveyed reported that, in most cases, it took two to three months to realize there had been an attack. In this case, a real-time detection and mitigation solution is needed.
Netacea’s next generation bot management solution
At Netacea, we don’t just ask, “Is this a bot?” Instead, we ask, “What is this user’s intent?” By monitoring web log data on the server side, we gain a full picture of website, mobile and API traffic and use advanced AI and machine learning to analyze this in real time.
This allows us to mark out malicious bots and block their access, dramatically cutting down infrastructure costs and the risk of attacks being carried out by bad actors.