Beating bonus abuse fraud: prevention and detection

While bonuses can be a powerful tool to attract new players, they can also create opportunities for fraudsters. Most commonly seen in iGaming and gambling — bonus abuse revolves around circumventing know your customer (KYC) checks to create multiple new accounts to claim offers or bonuses that are only meant to be available once. In 2023, we saw fraud rates increase in gaming from 4.2% to 7.6% as fraudsters pursue quick access to cash rewards. Keep reading to learn more about how bonus abuse works, how to detect it, and how Onfido can help.

What is bonus abuse?

Bonus abuse is a type of fraud that enables a fraudster to claim limited offers and bonuses multiple times. Sometimes known as sign-up bonus abuse, this type of fraud most commonly affects iGaming and gambling, but is also commonly seen by cryptocurrency exchanges that offer free crypto to incentivize account opening, investment platforms that offer free stocks or shares, and even ecommerce sites who have free gifts or offers available for new shoppers. Fraudsters will bypass KYC checks at sign-up to create multiple accounts and exploit promotions at scale to reap financial rewards.

How does bonus abuse work?

Bonus abuse is most commonly seen in iGaming — here’s a typical example of how a fraudster would operate a bonus abuse scheme:

1. Identify bonuses

   First, fraudsters identify businesses with suitable offers to be exploited — typically those offering access to cash. For example, in iGaming, a new sportsbook player may be offered a £20 bonus for depositing £10, or 40 free spins on deposit in a casino-type game. Bonus abusers will search for the most lucrative of these bonuses — looking for those with minimal qualifying terms, ideally without the need to deposit or spend money. 

2. Account creation

   They will then create multiple accounts to access the bonus. to maximize their chances of winning, or if possible, immediately withdraw the free bonus. This may involve circumventing know your customer (KYC) checks. They could create multiple accounts using family member's personal details or identity documents, use details obtained fraudulently (for example, in a data breach), or create false identities themselves (such as synthetic identities). Sophisticated fraud rings will most likely look to create synthetic identities, since it allows them to easily create hundreds of convincing fake identities to abuse the offer as many times as possible before they are detected.

3. Bonus abuse gambling

   Depending on the offer, fraudsters may then play as normal using the bonus, or orchestrate more organized schemes to maximize their chances of winning and cashing out. For example:

   • Bonus abuse arbitrage is the practice of betting on all possible outcomes.
   • Chip dumping in online poker is where fraudsters intentionally lose chips to another player. Bonus abuse enables them to lose freely obtained chips to a secondary (legitimate seeming) account before cashing out.

Bonus abuse prevention: how to detect bonus abuse

Bonus abuse can be detected in a number of ways — both before accounts are created, and after the fact. Some common tactics are:

• Monitoring user behavior

  By analyzing patterns of sign-ups, deposits, and withdrawal activities, businesses can identify deviations from legitimate behavior to spot bonus abuse — this is only possible after the crime has already occurred, but it is still useful to spot ongoing activities by fraud rings, who will often continue to attack until stopped. 

• Identity verification

  Verifying user identities at sign-up businesses puts an important stumbling block in front of would-be exploiters. However, not all identity verification is created equally. Verifying user-provided data (like name, date of birth, and address) can help identify repeat offenders, but is easily circumvented using breached data. Higher assurance IDV such as document and biometric verification guides a user to capture and submit a photo of an ID and selfie. These are then certified and matched before allowing a user to sign-up or cash out. This method is highly effective at bonus abuse prevention since creating many fake IDs (and matching biometrics) is much more difficult for fraudsters to execute at the scale to make bonus abuse attractive. 

• Device fingerprinting and IP address tracking

  Both of these methods work on the same principle; tracking either a device or IP address used to sign up, and subsequently flagging if the same device or IP address is repeatedly used to create new accounts.

How can Onfido help stop bonus abuse?

Our Real Identity Platform is trusted by over 1,100 businesses to verify user identity, including DraftKings. Our end-to-end solution starts with Onfido Studio — our drag-and-drop workflow builder. Businesses can create identity verification journeys that combine the right mix of document, biometric, data, and device verification to minimize friction and maximize security. Workflows can be triggered at account creation, or triggered based on other risk factors. Seen a name and date of birth before? Trigger a document and biometric check to ensure the signup is legitimate. Device intelligence flagging a known bonus abuser? Automatically route the request appropriately.