Recently, the New Jersey of Gaming Enforcement (DGE) made public, via prosecution settlement documents, that five years ago a poker player from California was caught red-handed in an attempt to defraud New Jersey-based casinos.
In some ways this story is as old as the gaming industry itself, from “Bringing Down the House” to Phil Ivey’s attempts to target flawed playing cards at the Baccarat tables. What is new about this situation is that the casinos in question were virtual and shielded by multiple layers of security thanks to the digitization of the gaming experience. This means that every player leaves a digital trace and a treasure trove of clues are left behind to be ordered and rearranged constantly in search of any pattern that could indicate suspicious behavior.
A “complex web of verification sources”
Instead of relying on the sharp eyes of a pit boss or the casino’s security personnel and cameras, regulated internet gaming establishes a complex web of verification data sources that are used to build a digital profile for each and every online player. This profile includes not just their name and address, but also their SSN, their credit history, their bank details, police histories, and social media profiles.
In addition, to within a few dozen yards, their location during the gaming session is checked and verified by geolocation technology. The geolocation system meticulously harvests all location data available to ensure that the user is only within the approved territory of that gaming jurisdiction.
Despite the clear and obvious notification that these checks would be in place before any play could happen, the Californian player was perhaps counting on his significant technical skills to deliver what he may have believed to be the “perfect crime.” By hacking the location data around him, he used methods and resources more likely to be a feature of a DefCon black hat challenge than your standard geolocation fraud attempt.
However, what the gambler did not count on, is the dedicated team working 24/7 to put human eyes on every transaction using “Big Data” and analytical algorithms to hunt for the slightest flaw in the hacker’s plan. Through this ongoing process of data analysis, the team was able to dive into the transaction and relentlessly track down the real truth of what happened, and indeed where it happened. With that team, and some of the best and most powerful database engines available in the world today working against him, his plan became fatally unhitched as the digital fingerprint behind his efforts set the alarm bells ringing.
For obvious reasons, the digital “bread crumbs” that were left behind cannot be disclosed. However, once the red flag was raised, the proper process, as mandated by the DGE, began to roll until it reached its inevitable conclusion last week. The GeoComply team who provide the location security for New Jersey’s iGaming operators focused on the investigation and analyzed the data until there was a coherent and conclusive story about the attempted fraud. From that point on, the accounts were suspended and all of the $90,000 in balances frozen.
But the regulated online gambling industry’s work does not end there. GeoComply, in cooperation with operators and regulators, is constantly refining and updating their systems to stay ahead of would-be hackers.
There is really only one conclusion for this particular California player, or anyone else seeking to gain riches by circumventing New Jersey’s rules and regulatory systems. There is an immutable lesson to be learned — crime does not pay.
About the author
John Pappas is the founder and CEO of Corridor Consulting, a public affairs firm that represents clients in the gaming industry, including GeoComply.