With online sportsbooks coming off a record Super Bowl in February and more states legalizing the practice at what seems like a monthly cadence, concerns are rising about the security of betting pay-ins and payouts on these apps and platforms.
Market research firm Insider Intelligence said on Thursday (March 30) that the total amount of money wagered “via retail sportsbook, online sportsbook, or lottery parlay card will grow 45.0% this year to $136.63 billion, surpassing $100 billion for the first time. Double-digit growth will continue, and in just two years, the total will exceed $200 billion.”
Given the expected meteoric rise of online sportsbooks, market watchers worry it’s opening a new vector for cyberfraud on a potentially colossal scale, and those in the ecosystem could be getting out over their skis by going live without adequate security protecting billions in transit, either as pay-in wagers or payout winnings.
It’s not a hypothetical: Sports business site the Action Network reported last November that some users said their DraftKings accounts were hacked, leading to fraudulent withdrawals from bank accounts linked to their DraftKings accounts. DraftKings’ co-founder Paul Liberman told the Action Network that approximately $300,000 “in customer funds were affected.”
Some FinTechs got onto this aspect of the new phenom early. Conceding the potential for fraud, Drew Edwards, CEO of Ingo Money, told PYMNTS’ Karen Webster “The biggest point of friction we hear is while [sportsbooks] have instant payout options, they don’t always release the funds instantly because there’s a risk management process in the middle, so it’s instant from the time the operator releases funds.”
Caesars Sportsbook partnered with Ingo Money on push-to-card instant payouts inside of the Caesars Sportsbook app late last year, and the partners have taken a security-first mindset to their operation, based in no small part on Caesars’ decades of experience in gambling.
Caesars Digital VP of Payments and Fraud Trent Striplin told PYMNTS that near-real-time payouts Ingo created for its sportsbook go through an “array of regulatory, financial and accounting controls and fraud reviews,” in about an hour, but such controls are not universal.
And while retail casinos are one thing, online is something else entirely. Some are taking a more conventional approach to payouts, leveraging powerful bank-grade fraud protection.
On this topic, Alex Gonthier, CEO of Trustly, an open banking provider of account-to-account transfers, told PYMNTS, “The banks have strong multifactor authentication mechanism, and that limits fraud.” Trustly is providing players real-time payouts in the U.S. for online gaming operator PointsBet.
Account-to-account circumvents some security issues around wagers and winnings, but most of the action is in apps. Online sports betting is now legal in 33 states and the District of Columbia, and while operators like DraftKings and FanDuel are seen as exemplars of how to conduct online wagers (pay-ins) and winning (payouts) safely, fraudsters have equally good tech to crack the vault.
Andy McGonnell, director of payments at BetMGM, told PYMNTS that “unfortunately, fraudsters are kind of creative individuals. We’re always trying to improve risk profiles and fraud tools. We are always investing in that, and 2023 will see focus around making sure we offer the most secure platform possible and preventing fraud.”