Blog, Events & News

What is match betting?

By Netacea / 10th Sep 2019

Several weeks ago, we explored the complex world of arbitrary betting (arb-betting) in gaming, using bots.

But arb-betting isn’t the only the automated bot threat in gaming, businesses need to think about match betting too.

In this blog, we’ll discuss what match betting is, why threat actors use this technique and what can be done to stop match betting in its tracks.

How does match betting work?

Many bookmakers offer monetary incentives to get new customers through the [digital] door. Match betters exploit this system for a profit; creating fake accounts, getting their hands on the cash or bonus credits and using arb-betting strategies to guarantee a profit. In this instance, they haven’t spent a penny and any winnings are 100% profit.

If done properly, you can earn £300+ in a month with just five hours of work a week. That’s £15 per hour. It’s a simple case of investing more time if you want a bigger wad of cash at the end of the month.

What role does automation play in match betting?

Match betting can be quite the lucrative operation, but with the above approach there’s a major limitation to this money-spinner; time. So, how can you leverage this low-risk income stream? Automation of course.

The basic principal is to create lots of unique fake accounts, to which the bookmaker will send offers, bonuses and credits. Then simply combine this free or heavily discounted funding with scraped odds from various sportsbooks to carry out an automated arbitrary betting strategy.

But surely, we hear you ask, it’s perfectly obvious that multiple accounts have been created from one source? And it is obvious, sort of, but threat actors will always make it tricky to identify and stop fake account creation bots before they’ve already done the deed.

Perpetrators won’t use a volumetric attack that a WAF will capture, but will apply methodology that Netacea sees across all industries, the ever dynamic and evolving nefarious bots that change their heuristics after only a few interactions.

Scary, but bots won't affect my gaming business...

Wrong. These nefarious bots are readily available, off the shelf products that adapt and hide within your normal traffic patterns.

This extremely agile automated bot traffic enables the threat actor to create accounts with 100% successful login attempts, to leverage bonuses and credits on their fake accounts and place a bet for a guaranteed profit.

How to stop match betting bots

There is an inherent risk in gaming and every business must set their own standard for what is an acceptable level of exposure.

To begin, you must have complete visibility of all website and mobile application traffic to understand what normal looks like vs. anomalous and potentially malicious traffic patterns.

If you’d like to learn more about the evolving bot threat, talk to our team of data scientists today or, read our three-part Attack Vectors blog series.