Promoted feature: Maintaining safety for all
Max Portelli from Soft2Bet explains how the company protects itself and its clients against fraud and the processes that are used to identify suspicious behaviour
EGR Intel (EGR): What tools do you use to identify clients online? How do they work?
Max Portelli (MP): At Soft2Bet, we use a range of in-house and third-party functionalities to confirm the identity of our clients, while identifying any potentially suspicious behaviour.
Our main anti-fraud tool is iOvation, which provides a robust fingerprint solution and cross-company data exchanges, used to verify registrations and logins. Furthermore, where applicable, users are identified with BankID, which allows us to cross-reference and verify customer details within a safe and convenient banking database.
EGR: Can you run us through the step-by-step process to ascertain if a client is real and the payment is safe?
MP: When a customer registers, our tool instantaneously analyses his device, browser and IP address, and alerts are triggered in the event of fraud.
Following this, a customer’s profile is built step by step. We ascertain which Payment Service Provider (PSP) the customer is using, and a risk score based on a range of factors is calculated. If this score exceeds a certain threshold, the account is frozen until it can be verified.
Multiple steps are taken by ourselves and by the PSPs to ensure security and compliance. From our end, we use Know Your Customer (KYC) and risk and fraud teams whose job it is to verify the identity of our customers.
The security over payment transactions is handled by the payment provider, via the use of tools such as 3DS verification, online banking confirmation and other payment verification solutions.
EGR: How do you identify potentially fraudulent payments or activities? What do you do if one is identified?
MP: Fraudulent payments and activities are identified and monitored by our KYC, and risk and fraud departments. Such activity is triggered by several factors – geographic region, payment method, volume of transactions, the presence of payment confirmation (such as 3DS), betting patterns and data mismatches.
When suspicious activity is detected, we assess both internal and external risks, such as illicit collusion between players and money laundering. Depending on the case at hand, the reporting and resolution is handled either by closing the account or, in more serious cases, by the relevant authorities.
EGR: How does KYC work when it comes to igaming? What is the basic difference from KYC identification in banking?
MP: KYC is generally similar both in the world of igaming and the world of finance – the ultimate goal remains to confirm a customer’s legal age and identity. The main challenge in igaming is that it can’t be done face-to-face, meaning additional measures and procedures are required.
The use of eKYC solutions that allow for instant identity checks facilitate the process on both sides, and is currently the igaming industry’s most commonly used solution.
EGR: Is there any difference in ensuring secure transactions in various countries? If so, how do they do it, say, in Sweden versus Hungary?
MP: Transaction security standards are generally the same everywhere. For credit card transactions, there’s the 3D Secure protocol, which requires an additional confirmation code from the cardholder before the transaction is made.
For bank transfers, there is confirmation via the user’s online banking credentials, whereas for eWallets a One Time Pin (OTP) code can be set up in an authenticator’s app. For Soft2Bet to enter a market, the relevant risks’ thresholds must be met.
The majority of the jurisdictions are particularly strict on the security surrounding a financial transaction. Every market is different when it comes to PSPs – frequency of deposits and lifetime value of accounts. These factors vary depending on, for example, the per-head wealth of the country in question.
EGR: What tools or means do you use to ensure the security of online payments? Does phishing still happen? What are other most commonly used methods of online payment fraud?
MP: The security of digital payments is generally ensured by the payment provider, which processes the transaction. For those who wish to work with Soft2Bet, matching our security protocols and the international guidelines set out by the Payment Card Industry Data Security Standard is a mandatory pre-requisite.
In the world of igaming, hazards can include websites that aren’t secured, unlicensed payment providers, and, yes, phishing: typically, a third party fraudulently requesting documentation or credit card information on behalf of a company in order to process a transaction.
We’ve also seen payment fraud with stolen credit cards, as well as ‘friendly fraud’, when a customer makes a purchase online before contacting the credit card issuer to dispute the charge.
EGR: What would you advise online payers to check before making a transaction? What signs should raise alarm?
MP: First of all, always ensure that you use secure and trusted websites when you are making any online transactions. If the website or payment provider is PCI and GDPR compliant, then you’re usually in safe hands. Finally, never forget to check page links before clicking, and always use verified sources that you know and trust.
Soft2Bet CFO Max Portelli has years of experience in accounting and auditing, starting his career with KPMG Malta before becoming the financial reporting accountant for the airline of the Maltese islands. Prior to joining Soft2Bet, he undertook a successful five-year tenure as chief financial officer for the payment services provider Entercash. Portelli brings extensive skills in management, accounting and payroll, along with a deep understanding of external audits and International Financial Reporting Standards (IFRS).