The Best Defense is a Good Offense: Looking Back on Fraud During the 2023 Super Bowl, and What We Can Expect This Year

As the San Francisco 49ers and the Kansas City Chiefs square off in Las Vegas this year for Super Bowl LVIII, betting on the big game will be red hot. In fact, the American Gaming Association projects betting participation to be 35% higher than 2023.

This will be especially true for online sports betting platforms. In May 2018, the Supreme Court struck down the Professional and Amateur Sports Protection Act of 1992 — which had prohibited bookmaking in most states — unlocking the world of online sports betting. Today, in 2024, legal sports betting is available in 38 states and Washington, D.C. 

Unfortunately, scale in online betting has been followed with a surge in related fraud — from abusing loyalty programs or game day incentives to committing first-party fraud or using stolen identities to create accounts.

You wouldn’t be wrong to guess that the Super Bowl is…well …the super bowl of fraud spikes.

As we gear up for the big game, let’s take a look back at the 2023 fraud patterns to strengthen defenses for this year.

The Super Bowl – A Fraud Penetration Test

For fraudsters, the Super Bowl can be viewed as a penetration test — a day when controls may be looser to acquire the most new users. It’s a time to test what they can get away with when fraud teams may be overly busy.

Total Transaction Volume for Gaming Operators

In 2023, we saw the total transaction volume for gaming operators steadily increasing during the NFL season, leading up to the playoffs and finally the Super Bowl. This could be due to fewer games to bet on, and higher stakes. 

Identity Theft at the Root of Super Bowl Fraud Patterns

Most fraud signals on the day of the Super Bowl were related to suspicious email addresses. Signals for new email accounts (under 180 days old) increased, which could be indicative of identity theft — where fraudsters are using stolen personally identifiable information (PII) to commit fraud far from the account’s stated location, showing they don’t reside near the registered address. 

Inactive email usage is another possible sign of synthetic identity fraud, where fraudsters have stitched together a new identity from existing PII.

Where Did We See Fraud?

When analyzing fraud patterns, location provides clues into where fraudsters strike. Many attempts originated from states where sports betting has been newly legalized, such as Florida, albeit with a few gray areas. Densely populated states with large fan bases — California and Texas — also saw higher volumes of fraud. It’s important to note that these fraud counts are based on the user’s driver’s license. Depending on restrictions, you could be a resident of California, Georgia, or Texas — where online betting is currently illegal — and still place a bet if the gaming operator sees that your device is physically present in New York or Florida. 

Who Was Committing Fraud, and Who Was Being Targeted?

The majority of fraud volumes we saw in 2023 were coming from the 21-25 age bracket — a key sports betting demographic — which accounted for 52% of the total fraud population we saw. 

This is followed by the 60+ bracket, which represented 18% of total fraud.

Watchlist

Global watchlists serve as constantly refreshed databases that include individuals, entities, or countries that have been flagged for potential nefarious activities, such as fraud, money laundering, or terrorism. People on exclusion lists may expect fraud controls to be relaxed on big betting days to allow for more traffic and conversions. As a gaming operator, conducting business with individuals on a watchlist would present an increased risk of financial crime. 

On Super Bowl Sunday 2023, we saw an escalation of gamers who were on these lists. Specifically, Socure’s Global Watchlist solution monitors lit up for a few specific lists in the U.S., with the Georgia Bureau of Investigation representing 60% of the list hits. 

Timing 

To commit fraud, timing is everything. Fraud spiked right before the big game at 3 p.m. PT / 6 p.m. ET when bets were locking in. Savvy fraudsters knew this closing window provided a prime opportunity to sneak through last-minute scams. 

A Balancing Act: Minimize Gaming Fraud Without Losing Good Customers

Gaming platforms are in a complicated balancing act on days like Super Bowl Sunday — one that poses the biggest challenge for stopping fraud. These corporations not only see an increase in users, but they seek out new customers and complicating the onboarding process of using their platform is a quick death for conversions. Then comes the balancing act of eliminating friction while stopping the influx of fraudsters that target their platform when they know volumes could lead to a lowering of defenses. Now more than ever, nuanced fraud controls are needed for gaming businesses to thrive. 

To avoid online gaming fraud pitfalls, companies must invest in accurate identity verification powered by machine learning on persistently updated identity data. Socure’s identity verification platform — Socure ID+ — accurately validates identities with a minimal amount of player data to verify the identity quickly and collect that data for use in compliance efforts. This allows for automated onboarding for every good customer through a system rooted in our identity graph and machine learning capabilities. 

Stale data solutions mistakenly flag legitimate users who may be hard to verify, such as Gen Z — a key demographic for gaming operators. Instead of relying on static data, our models persistently process, analyze, and correlate every facet of a digital identity, using redundant data sources, and a network of over 2,200 customers to deliver the highest-assurance assessments of new users in the market.

Who will be the real winner in Super Bowl LVIII? We’re placing our bets on legitimate gaming consumers — and Taylor Swift. 

Stay tuned next week for Super Bowl Sunday 2024 fraud trends!