Introduction
iGaming is on a growth run. New regulated markets are opening, acquisition budgets are climbing, operators are racing to onboard players faster than ever. The metrics look good with registrations up, bonuses claimed, engagement ticking.
The problem is that a growing share of that activity isn’t real.
Fraud in iGaming has quietly industrialized. Today’s attacks don’t look like breaches. They look like players, “well-behaved,” statistically unremarkable, seemingly legitimate until the revenue evaporates.
The operators most at risk in 2026 aren’t the ones with obvious fraud problems. They’re the ones whose dashboards are full of green, which in itself is a red flag.
Two decades of fighting iGaming fraud from the inside
Sarah Psaila has spent over twenty years on the practitioner side of iGaming fraud across operators, markets, and fraud typologies most teams encounter once, if ever. She’s tracked every major evolution of the problem, from isolated abuse to coordinated fraud rings to AI-generated synthetic players. As Head of Gaming at Group-IB, she directs operators where their fraud models are wrong, why their metrics lie, and what it takes to build defenses that don’t cap growth.
Let’s understand the working dynamics closely with her:
Q) You’ve been in iGaming for twenty years. What’s the one shift that changed everything?
Without question, the shift from opportunistic to organized crime.
Early in my career, the risks were mostly individual. A bonus abuse here, a chargeback dispute there – messy, but contained. What changed is that fraud industrialized. It became networked, data-driven, and in many cases a proper operation with its own tooling, infrastructure, and business logic.
Working across both mature and emerging markets showed how different each environment is – collusion networks in less regulated regions, intricate AML and KYC evasion where compliance frameworks are strict. Each market created its own attack surface.
Operators that built for growth without building for intelligence ended up facing threats their models were never designed to handle.
The core lesson after twenty years is this: Modern fraud doesn’t just follow the money. It follows the gaps.
Q) Many operators believe their fraud rates are acceptable. Where are they getting it wrong?
I hear this constantly, “fraud under control” has quietly become shorthand for stable chargebacks and a flat KPI. In reality, that’s only the surface layer.
Modern iGaming fraud is structural. Operators are losing money in ways that don’t show up as direct fraud losses at all.
- Fake users inflate acquisition and loyalty metrics.
- Bonus abusers distort campaign ROI.
- Genuine players churn because overly strict controls create friction and distrust.
Studies show that bonus abuse alone now accounts for over 60% of iGaming fraud, quietly eating away up to 15% of an operator’s annual revenue not through theft, but through bad data, fake retention, and wasted marketing spend.
The operators most at risk aren’t the ones getting hit by fraud they can see. They’re the ones funding fraud they think is success. I’ve seen operators mistake growth spikes for strong quarters, only to discover months later that a large share of “new users” were fraud rings farming bonuses or manipulating VIP schemes. That façade of success leads to real strategic mistakes, overspending on acquisition, misallocating promo budgets, tightening controls to the point of user friction.
You can’t manage what you can’t measure. And too many operators are still measuring the symptom, not the disease.
Q) What are the biggest gaps in how most operators run fraud prevention today?
The biggest issue is how fraud prevention is framed. Most operators still treat it as a one-time verification event, not a continuous, intelligence-driven process.
Current setups rely on static checks. KYC at registration, device fingerprinting at onboarding, API-based validations at specific triggers. Those controls work for what they’re designed to do. But once a user is cleared, they quickly become outdated. Attackers test thresholds, automate account creation, and evolve patterns within hours. Operators recheck risk weekly, if at all.
What’s missing is continuous behavioral monitoring where you track sessions, transaction habits, and gameplay anomalies in real time. Combined with behavioral intelligence and machine learning, this allows operators to detect fraud as it develops, not after it lands. The core gap isn’t technology, I believe. It’s the mindset.
Every adjacent domain, payments, adtech, cybersecurity, has already moved from static control to dynamic intelligence.
iGaming is still grappling.
Q) Manual review keeps coming up as a bottleneck. Why can’t operators scale their way out of it?
Because the model doesn’t scale. Manual review worked when volumes were manageable, thousands of transactions, not millions. Analysts could catch patterns and make nuanced decisions. That model collapses at scale. Today, operators process millions of events across markets, currencies, and payment methods. Every case that enters a queue introduces friction — onboarding delays, withdrawal holds, support overhead. And as the business grows, the backlog grows with it. Manual review doesn’t just slow fraud teams. It slows the business. Operators trying to expand into new regions or launch faster payment experiences quickly discover that manual review becomes a hard ceiling on growth. The goal isn’t to remove human judgment. It’s to apply it where it matters. Everything else should be handled in real time.
Q) Bonus abuse and multi-accounting are well-known problems. Why do they persist?
This keeps coming up, and rightfully so because it speaks to the scale of the challenge: most systems are still looking at individuals.
Fraud operates in networks. Fraud today isn’t one player trying their luck. It’s coordinated, data-driven, and collaborative. Fraud rings share devices, identities, and behavioral patterns to create networks of accounts designed to pass as legitimate users. The connections are there but invisible to point-based detection. Most controls still validate in isolation: IDs. Devices. Payment methods. They miss the relationship layer where patterns that only emerge when you look across accounts, not at them individually.
Solving this requires a shift from point-based detection to relationship intelligence, connecting user, device, and behavioral data to uncover hidden links in real time. When operators can see those relationships, coordinated fraud stops being invisible.
Q) How is fraud evolving in 2026 and what does the AI-assisted threat look like?
The biggest shift is that fraud no longer needs to break systems. It blends into them.
We’re dealing with coordinated networks using automation, shared data, and behavioral simulation to operate at scale. AI-generated identities clear verification, then behave like legitimate users for extended periods before fraud becomes visible. These aren’t smash-and-grab accounts. They’re built for longevity. Static rules can’t catch that. Fraudsters study detection logic. They mimic normal behavior just enough to stay under thresholds. They adapt when patterns are flagged. Fraudsters don’t need to break your system anymore. They just need to behave like your best users.
Success isn’t about building stronger walls. It’s about understanding what normal actually looks like.
Q) Affiliate and acquisition fraud are rising. What should operators watch for?
This is one of the most dangerous forms of fraud, because it looks like growth.
Bot clicks, fake sign-ups, and low-intent users pass through acquisition funnels appearing legitimate. They inflate numbers, trigger affiliate payouts, and distort performance metrics.
The problem becomes strategic. Distorted KPIs lead operators to double down on the wrong channels, misallocate budget, and overlook high-value players. Fraudsters know this, and they design activities to look just real enough. The most dangerous fraud looks exactly like growth. The solution is behavioral analytics from the start of the funnel — understanding how real players behave, and identifying where patterns break.
Q) What does intelligence-driven fraud detection actually look like?
It’s not one system. It’s multiple signals working together with each covering a gap the others can’t.
- Device fingerprinting builds identity.
- Cross-channel correlation connects activity.
- Persistent IDs track users across sessions.
- Behavioral biometrics detect anomalies.
- Threat intelligence surfaces campaigns before they hit the platform.
Together, they form a continuous learning system. An essential intelligence layer.
Q) So what does fraud prevention that enables growth look like in 2026?
It looks like infrastructure. Not rules configured and forgotten but systems that learn continuously and adapt in real time.
Risk scoring evolves with every action across device, payment, and behavioral signals. Fraud prevention becomes an intelligent filter, removing bad actors while allowing legitimate players to move freely.
The commercial model matters too. Group-IB’s “No Play, No Bill” approach aligns protection spend with real player activity. Operators aren’t paying to detect fraud in traffic that never converts.
Fraud prevention done right doesn’t slow growth but it enables it.
The bottom line…
The fraud costing iGaming operators most isn’t the kind that triggers alerts.
It’s the kind that quietly inflates acquisition reports, drains budgets, and distorts the metrics teams rely on. Closing that gap requires systems that think in networks, learn in real time, and protect revenue without adding friction. Anything less is just measuring the problem, not solving it. That’s the shift Sarah Psaila works with operators to make – connecting fraud decisions directly to growth, acquisition cost, marketing ROI, player experience, and regulatory exposure, all at once. For operators that need to get this right, Sarah and her team are where that conversation should start.
For more information, reach out to Sarah on her Linkedin, or through Group-IB website.
