How to smooth sign-up and payments friction
Our expert panel says registration and payments is the number-one problem for regulated operators and a big factor behind an alarming rise in fraud
“It is easier to deposit with illegal sites than legal sites in the US.”
— Omer Sattar,
Sightline chief executive officer
Sightline chief executive officer Omer Sattar: Let me start by saying that it makes no sense that it is still easier to deposit to illegal sites than legal sites across the US. Payments is the major friction point that the US needs to resolve in order to beat the illegal market. More patrons still prefer to use their debit and credit cards than any other payment type, and it remains critical for banks to understand the low level of risk from the industry and the extremely high level of diligence.
GeoComply: So why is there so much friction in the regulated market?
Sattar: The payments space in the US is ridiculously complicated, with over 10,000 banks and a smorgasbord of different financial regulatory bodies to comply with. You have federal regulators, state regulators, sometimes the Federal Reserve, FDIC, CFBP, FinCEN, etc. That is before you even get to gaming regulators. In that sort of context, any initiative that has even the whiff of compliance risk, is going to be a hard sell.
Yet the reality is that financial risk is actually very low. Compared to normal ‘card not present’ transactions, gaming has a lower risk and yet is still considered a high-risk category. The cost of fraud in gaming is as low as 0.25 percent or 25 basis points while other digital sectors can be three times that. And for the VIP segment, which makes up a large portion of gaming dollars, the fraud is even lower to the point it sometimes approaches zero! There is little to no reason why regulated gaming should ever be designated as a high-risk category.
GeoComply: What will it take to change that?
Sattar: Ultimately, sad to say, change is likely to continue to be slow. The industry has been educating the networks (Visa/Mastercard/Discover/ AmEx) on gaming for the last three decades, since long before PASPA got repealed. Although things have gotten better, they still struggle to really understand gaming. While US consumers still prefer to use their
debit/credit cards, it is likely that APMs (Alternative Payment Methods) will fill the gap, as they have for several years now. While that may seem like a fair compromise, the reality is that some of these APMs are a lightning rod for fraud.
GeoComply: So is fraud increasing in the market now?
Sattar: Yes. Growth of the market has driven a growth in fraud. APM methods have been targeted for fraud heavily in the last few years. There are some solutions in the market today that have seen fraud rates that are 8x higher than normal. Operators may tolerate that in the short term but it does not bode well for the future if we don’t all work together to get on top of it soon.
“Industry-wide there is a 24 percent drop-off rate for players who register but don’t complete KYC fully. 50 percent of people who register for new sportsbook accounts never make a deposit. There has to be a better way…”
GeoComply: What do you make of Chris Groves’ stat (above) that 50 percent of new users never make a deposit?
Ken Allen: Well, it is not surprising to me. For example, 10 percent of all over-18s do not have a credit file. Therefore traditional data matching algorithms will not work for the younger demographic at all.
Second. Data-matching between the various sources is an imprecise science. No one or two solutions is ever going to get you there across all use cases/locations/demographics. Instead, you need a holistic strategy that is layered between different solutions to solve for a higher percentage of identities in the funnel.
Ultimately, the industry should be able to get to single digits fail rates using better tools working holistically.
GeoComply: What is your advice on how to get there?
Allen: Using good UX flow is where it starts. Gen Z, etc. expect their basic data should pre-populate via tools that are available these days. It HAS to be super convenient, fast, and easy.
The more data you ask for, the more abandonment occurs. That means that the information is easily filled out to be used accordingly (and not blocked at the merchant level). Then that data is validated (using a vendor like Loqate/USPS) to ensure it is cleansed. Vendors can potentially use some high-caliber fuzzy logic to smooth out any acceptable gaps from human error and data matching. Research shows that 2.5 percent of data entered by real people will be mistyped so you absolutely need those catch-all tools to protect against human error and fat fingers!
Using a vendor like IDComply, which can shortcut all the learnings and deliver best-of-breed flows/UX that is optimized and that is also on an evolutionary curve to iterate quickly, is a great way to start. The alternative is just building something like this from scratch and making all the mistakes yourself at the expense of your conversion funnel!
GeoComply: Many companies feel that the account registration pages are too sensitive to leave to a vendor, so won’t that be a nonstarter?
Allen: The larger a company is, the less likely they are to let a vendor manage the data entry pages. However, there are compromise flows where you can more or less get what you need while the operator actually owns and controls the pages.
But in reality, unless that operator is willing and able to totally focus on constantly iterating on those pages (ie. understanding how to use troubleshooter messages, hints, error messages, fuzzy logic, etc.) then they will start to fall behind and into the 80th percentage range (and lower) for verification rates.
Someone like IDComply, for example, will iterate faster at this through learnings across clients and as such should have the ability to quickly tweak those pages as they can really put a company in a position to get into the highest range of rates (mid90s) while minimizing the friction for the end user.
GeoComply: So assuming the UX is really optimized (by the operator or a full-service vendor like IDComply) how do you order the waterfall of vendors to get the best results?
Allen: Once the data has been cleansed seamlessly in the background (as part of the UX), the data is ready to be sent out to one of the credit bureaus for that initial check. You can just use – one but some locations and demographics (age) may make it logical to have different ones and you use the kind of multi-vendor waterfall in ghost mode/concurrency mode to work out which credit bureau to call for which demographics in which regions (as some credit bureaus are just stronger in some states than others). That will allow you to optimize who is top of the funnel and keep the costs down and validation rates up.
Then, if you don’t get an immediate hit with the credit bureau you can fall over to secondary source(s) to fill in the gaps. That should get you into the 90s of verification rates. However to get to something like a 95 percent rate you may have to have 3-5 other secondary sources to waterfall between to get that hit as each source will be subtly different from others (depending again on the demographic and location of the individual and which source has the best data for that use case).
For any partial matches seen that are left to still resolve, this is where you can use document scanning to help you further decision. And this again is where UX and your access to different vendors is key. Someone like IDComply already has the right vendors and SDKs all set up – and increasingly can connect into state DMVs which will always have the best data and verification rates.
Easing the friction and tackling the fraudsters
The Eilers & Krejcik Electronic Money Movement team advises operators to start checks early
GeoComply: So let’s start with fraud. What is the situation on the ground?
E&K: We are definitely dealing with a growing problem. The market has outgrown the industry’s ability to build an adequate strategy for risk and fraud management. The tipping point came when Michigan launched sports betting. That’s when real orchestrated fraud became a much greater issue – particularly with targeting some of the alternative payment methods, which were particularly vulnerable. The speed the industry grew at meant that operators were not prepared for the change from small fraud to large fraud. They just did not have a cohesive fraud strategy.
GeoComply: So what can be done?
E&K: It is all about the data. You have to know what data to collect, how to collect it, and how to monitor it so that you can react quickly and before the problem gets out of control. Far too often payments and fraud teams are the last to be heard and the first to be blamed. For player friction to drop and fraud to be brought back under control there needs to be more of a focus on fraud at operators so that they can stop fighting fires Easing the friction and tackling the fraudsters The Eilers & Krejcik Electronic Money Movement team advises operators to start checks early and instead use the fraud teams to deliver profitable growth.
GeoComply: What does best practice look like in the market today?
E&K: It is all about being strategic and taking a weighted approach. The goal is to keep friction rates low so you can attract customers for all operators and also stop fraud, but not so much that it is counterproductive. Robust fraud engines, good dashboards and KPIs will really help get the golden ratio right. Using GeoComply tools will really help also. If you can integrate with GeoComply so that the checks are carried out at session initiation, deposit and withdrawal. That becomes very effective for account takeovers, which have been growing a lot over the last year and accelerating even more now. We have been able to identify account takeovers very effectively with GeoComply tools.
GeoComply: Are Visa’s new guidelines on how to submit a Compelling Evidence Report to win a chargeback a positive step in this battle against the fraudsters?
E&K: Yes and no. On the one hand it is great that Visa has come out with guidelines that set out how the GeoComply data (geolocation, device ID, etc.) helps form a Compelling Evidence Report, but what is being done to make the review of that report consistent by whoever goes on to receive it? GeoComply Chargeback Integrator (GCI) data is incredibly compelling to prove without a shadow of a doubt where friendly fraud has happened, but we are yet to see if the industry’s win rates will be better than other sectors – despite a GeoComply report showing the player within 10 feet of their front door.
“The speed at which the industry grew, meant that operators were not prepared for the change from small fraud to large fraud.”
Credit card companies evolve
Credit card company executive mounts off-the-record defense against charges of being out of touch
GeoComply: Do you think it is true that it is easier to deposit with Bovada than BetMGM today?
Expert: I would be shocked if that is the case! Offshore operators have and will get caught. That will go away. It is taken very seriously by the credit card companies. We have come a long way since PASPA was repealed. We had a lot of declines at the beginning, but now we have a 91-2 percent approval rate on debit card deposits, and we do not have a top-50 issuer who is not on board.
However, credit card approval rates sink to 60 percent. That is mainly because financial institutions are concerned that gamblers are more likely to run off and so represent a greater risk of default. Consumer choice is driving the growth of alternative payment methods. BetMGM has 15 different ways you can put money in your account. Most people still think it’s easier to pin in your 16-digit credit card code, but Trustly has online banking solutions and customers seem to like that.
GeoComply: What about the stories around increased fraud rates?
Expert: There are organized crime rings hitting New York, Michigan and other regulated jurisdictions. This is a concern for the whole industry. We need more fraud-fighting tools like, for example, GeoComply’s [smiles].
Each operator is in a bonus war for market dominance. But the challenge is you are opening up to fraud. Let the good players in, but use the tools! Keep your eyes open and do the basic checks!
“Let the good players in, but use the tools!”
The long arm of the law
Former DraftKings VP and regulatory chief Roy Pollitt, who was also the FBI special agent who led the Black Friday investigation, addresses the escalation of fraud to the authorities
GeoComply: Is there any truth to the claims that law enforcement is not willing to follow up with the organized fraud gangs who are using mules to defraud operators in the US regulated market?
Pollitt: Well, the key issue here is awareness. Right now, I don’t think it is on law enforcement’s radar. Certainly not as much as it can and should be.
I think consideration should be given to better collaboration between operators, payment processors and law enforcement. The increasing scale of fraud and money laundering attempts along with the increasing sophistication means that the first step has to be for law enforcement, operators and payment processors to communicate and collaborate more – perhaps in a similar way that law enforcement (314a) and banks (314b) share information under FinCEN’s rules to fight money laundering and its predicate acts. (314a and 314b).
That is the first step to deal with the low-hanging fruit of the fraudsters and to build a banned list of devices, users, IP addresses, and email addresses, which may be able to be shared between operators effectively. Operators and their payment processors need to think creatively in order to effectively collaborate without treading on privacy concerns. If there is a will there is a way.
The second step for the operators is to understand who they should be reaching out to. Is it the state police, the FBI, the secret service or the gaming regulator, or all of the above? The operators need to collectively reach out to the different entities in law enforcement to understand how and where and who to escalate to. Currently, certain fact patterns already must be escalated to the relevant state regulator or FinCEN; however, where should an operator or payment processor go with regard to law enforcement?
There are so many opportunities that can come from this collaboration to more effectively attack these fraudsters and money launderers, who are no doubt attacking other sectors too. Playing whack-a-mole is not going to put a dent in these fraud schemes.
GeoComply: That’s quite a smorgasbord of law enforcement agencies. Where do you start?
Pollitt: Much of this illicit behavior has a federal nexus through wire fraud (Title 18 U.S.C. 1343), among other charges. So you should start there…the operators and payment processors who have exposure to these fraud and money laundering rings must consider collaborating not only to protect themselves and their customers, but also the U.S. financial system at large. Getting an audience with the FBI or another federal law enforcement agency is a good place to start. Explain to them the scope
and scale of these fraud and money laundering rings. If the operators can work together to capture the fact patterns around these linked fraud schemes they can then wrap
the whole thing up with a red bow and present it to the prosecutor’s office (federal or state) – then the
chance of success is much higher. The more specific the information presented, the greater the chance of having these cases investigated and prosecuted federally.
If you are only talking about a handful of fraudsters, that is not going to entice them (federal law enforcement). Operators and payment processors need to show them how material it is and how it is most likely impacting the entire financial sector, not just
online gaming. Law enforcement has access to SARs and other
information that the industry does not. By sharing detailed fact patterns with law enforcement, operators and payment processors may be providing an important link in the investigative chain in order to detect and prevent this fraudulent behavior.
“Everyone can do better – and some operators and APMs may have to up their act.”
But it is necessary and everyone will benefit – apart from the bad actors who continue to hope that the industry doesn’t come together.