Wednesday, 7 March 2012

Interview - Darren Hodder on online fraud and cybercrime

Darren Hodder
LONDON - Ahead of the Global Payments Intensive, this May in London, Michiel Willems speaks to Darren Hodder, Director at Fraud Consulting Ltd, about the management of payments fraud and innovations in the gambling and gaming sector, one of the biggest targets of financial fraud and cybercrime in the world.

There was a statement a few years back 'announcing' that internet gambling was at the top of the card fraud 'league' - is this still the case?
With so many issues out there relating to fraud, identity, and information security, I would find it hard to judge whether internet gambling tops the league but it is certainly high on this list. It is always the case that organised fraud will shift to whatever route is perceived to be the 'easiest' target. Financial services have been relatively proactive in boosting fraud defences in recent years and so, where this was once the prime target for fraud (card or otherwise), there has been a clear shift to other businesses. I am sure everyone will have been aware of recent data breaches at Sony and, of course, the recent controversy at Betfair. Hotels are a common target at the moment, simply because they hold payment data and often run loyalty schemes.

Hodder continues: Gaming sites face the same challenges as any other online retailer but, in addition to this, they have a slew of additional risks which are specific to gaming such as bonus abuse, gaming bots and plain old-fashioned cheating. This coupled with the complexities of regional regulations on gambling and it is not surprising that many organisations steer well clear of this sector. There are of also some who consider gambling sites to be primary perpetrators of fraud, the recent charges against PokerStars, Full Tilt Poker and Absolute Poker being a prime example (aka the 'Black Friday' of poker), demonstrating how careful legitimate gaming sites need to be with regards to payments from jurisdictions where gambling is outlawed. 

"Gaming sites face the same challenges as any other retailer."

What notable payment innovations have been implemented in recent years to manage the risk of fraud in the internet gaming industry? Why are we moving away from credit card use?
Convergence of traditional financial services products (credit, debit, prepay cards) and telecommunications has been happening gradually over a number of years and, with the recent launch of Google Wallet, it looks set to continue. Although primarily designed for NFC (near field communication) payments, if you combine this with existing checkout solutions (Google Checkout, PayPal, Checkout by Amazon, to name a few), then it removes the need for consumers to carry multiple physical cards whether they are making transactions in person over the internet. It is also worth noting that the percentage of web traffic over mobile devices in the UK has moved from almost 0% just two years ago to well over 10% now.

Hodder pauses, and continues: I am not sure that we are really moving away from credit cards - rather, it would seem that credit cards are evolving and adapting to our changing use of technology. There does seem to be a proliferation of virtual currencies, many are tied to social gaming and these have also seen their fair share of fraud issues and scams. Some of these virtual currencies could be open to abuse and are possibly used to circumvent restrictions on gambling payments that are enforced upon more mainstream payment methods.

Verification and authentication of identities online is an interesting area which is now developing rapidly. In one of your publications, I referred earlier to an initiative by the US Government for exploring better ways of proving your identity. One year on, we have the likes of miiCard who have just launched a beta program. You can think of miiCard as being a 'digital passport' allowing users to prove they are who they say they are when making transactions online. There are clear benefits for such solutions to the gambling industry not only in meeting KYC and AML requirements but also for bringing about a greater level of trust within the gambling community and investigating possible fraudulent activity committed by registered and verified users. 

"Blocking payments is a bit of a blunt instrument: those who really want to will find a way around."

Do you think blocking internet gaming-related payments - a method used by countries such as Norway, Israel, the US etc - is the right way forward to prevent the risk of fraud in this industry? 
In my opinion, the blocking of gaming payments is a bit of a blunt instrument: those who really want to gamble will find a way around blocks that are implemented by payment processors and financial institutions. Some virtual wallet services allow for gaming payments, others do not. A pretty simple Google search is all it takes to identify workarounds or find sites that are less likely to be legitimate.

In your opinion, what would be the best way to regulate online gambling payments? 
The fundamental problem is the fact that the internet allows us to cross-geographical and political boundaries and so I can understand the rationale for putting blocks at the payment processing end. Is there a better solution? Perhaps verified digital identities should be a part of the solution along with geo-location technology. Gaming companies who use such solutions should be able to demonstrate that they have taken reasonable steps to ensure that players are who they say they are and they are using the sites in a geography where gaming is legal.

What do you think of companies that provide online cash payment services, such as Ukash? What do you believe their impact on fraud is?
To play the devil's advocate here and in defence of Ukash, they are regulated by the UK Financial Services Authority as an Electronic Money Institution (ELMI) and they do participate in fraud awareness and prevention schemes, making use of device fingerprinting technology such as iovation and raising alerts via Action Fraud. There are certainly valid reasons for wanting to use alternative payment schemes (sending gifts online for example) and so they are fulfilling a need in the market. While such schemes have legitimate uses they are clearly open to abuse and some providers may not be so trustworthy. I would like to think that honest and reputable businesses are not out there to make money from fraud.

How do you think illegal betting platforms are developing? Do you believe that the ban of the most common methods of payment for internet gaming in some countries encourages the growth of 'underground' platforms?
Perhaps we could draw some parallels here with the war on drugs, alcohol, obesity or even prostitution. When a ban is made then there will be an inclination in some people to just try harder. I have no doubt that underground platforms exist and there is clear evidence for organisations that operate on the fringes of the law such as sweepstakes cafés in the USA. It is very easy to find gambling sites that have a dubious reputation, an internet search for 'gambling sites' brings up lots of results and by using tools such as Web of Trust (WOT) one can quickly and easily identify those which have a poor reputation. WOT ratings are made entirely by the internet community and while this may itself have issues similar to the likes of TripAdvisor for false or fraudulent reviews it can highlight where a site is known to host malware. As an example, at the time of writing the scorecard for shows multiple comments indicating the presence of malware and contains not even one positive comment, compare this to the scorecard for and even with the recent negative press coverage their rating remains positive.

Michiel Willems © EFPLP - 2011-2012 CP Publishing Ltd. London, UK. Picture: