Back to Blog

As more than 123 million people had their eyes on Super Bowl LVIII in Las Vegas, all predictions pointed toward unprecedented sports betting — and with it unprecedented fraud attempts. 

According to the first figures for Nevada’s sportsbook, more than $185 million was bet on Super Bowl LVIII, eclipsing the previous high in 2022 by almost $6 million. 

The rate of risky transactions likely linked to fraud on gaming platforms jumped more than 206% on Super Bowl Sunday, compared to risky transaction volumes seen during the playoff games in January. These transactions are linked to a correlation of compromised identity elements — for example combinations of name, email, address, IP, or device – producing a greater probability that the application is in the top 3% of risk.

Volume Spikes Across the Socure Gaming Ecosystem

Patterns of Risk: An Email Tells A Thousand Tales

Because many gaming platforms require an email but not necessarily all of the elements of PII — fake emails were the hottest indicator among the mountain of risky Super Bowl transactions.

Socure’s data showed a wide mix of immature, invalid, out-of-use and “tumbled” emails that are often linked to fraud. These emails were highly correlated with identities that had names which could not be resolved to their address, DOB and phones, for example. 

We also saw big spikes in risky emails at the beginning of the game and right before halftime when incentives are offered and gamblers — both valid and risky — are fumbling to seize the moment.

When these emails are correlated with other risk signals, a very clear picture of risk emerges.

Email risk signals

Bad Actors Traverse Multiple Gaming Platforms

Across multiple sports book platforms, we saw the same identities – indicated by the same combined name, SSN, DOB – linked to risky emails – opening accounts and placing bets. 

While creating an account across multiple platforms may not be abnormal, we saw users attempting this over and over with the same PII — possibly in an attempt to abuse a promotion code or referral bonus. The graph below shows the correlation between duplicate attempts and a higher email risk score.

Email Risk Signal Distribution by Duplicated Attempts

 

Low fraud scores for these users could signify good consumers who are maximizing their bets across platforms. However, high fraud scores for these users could mean that a stolen identity is being exploited on not just one gaming platform, but across several.

The data shows that consumers who attempt to use the same PII multiple times are generally much riskier users than those who place one bet, or create one account, at a time.

Compliance Risk Exposure: A Storm of Bad Social Security Numbers and DOBs

Because gaming platforms run Know Your Customer (KYC) compliance checks, we saw a clear spike in the number of transactions in which the Social Security number (SSN) or date of birth (DOB) could not be verified against the user’s name. When there is an increase in DOB, SSN, address, or name that cannot be resolved to the identity, that represents an increase in compliance risk.

Targeting Gen Z Identities

The graph below shows the age of identities that were used to open accounts or conduct risky transactions. It’s important to note that while this data shows the 21-25 age group attempts the most risky transactions, it may simply indicate their identities are most commonly stolen due to their limited digital footprint and used fraudulently. Gen Z consumers may be an easier target — according to Bank of America research, only 15% of this population are “worried about falling victim to stolen money or assets through deceptive tactics.”

Risky Transactions By Age

Monitoring for Users on Global Watchlists

Global watchlists act as regularly updated databases containing individuals, organizations, or nations that have been identified as potential threats for illegal activities like fraud, money laundering, or terrorism. During major betting events when fraud controls may be relaxed to allow for more business, those named on exclusion lists could see opportunities to slip through the cracks. If a gaming operator knowingly engages with listed parties, they take on inflated financial crime risks.

As we saw on Super Bowl Sunday 2023, there was an escalation of gamers who were on these lists. Specifically, Socure’s Global Watchlist solution monitors showed a few specific lists in the U.S., with the Georgia Bureau of Investigation representing about 50% of the hits in 2024.

Proportion of Watchlist Hits by Source

Where and When Did We See Fraud?

Sports Betting Plummeted After Halftime

As far as betting timing, we saw huge spikes in fraudulent attempts around three hours before kickoff and at the start of the game. The most common reason for reviewing a transaction for fraudulent behavior was when a user’s email was not actively in use. Other common fraud risk signals were IP addresses being over 100 miles from the input address, and using newly created email addresses.

Fraud risk signals

 

Timing is everything — but so is where users place their sports bets. To date, 38 states and Washington, D.C. allow online sports betting, with each state coming with its own restrictions.

A consumer could be a resident of California, Georgia, or Texas — where online betting is currently illegal — and still place a bet if a gaming operator sees through location tracking that their device is physically present in a state where online betting is legal, such as Indiana, New York, or Florida.

The Top 5 Riskiest States

In 2024, the top 5 states for risky transactions according to users’ driver’s licenses included California, Florida, Indiana, New York, and Texas. While Georgia was on the top 5 list in 2023, it was replaced by Indiana this year.

MISC 5991040251 Super Bowl 2023 Graph 4

Minimizing Friction, Maximizing Conversion

Just like football (and TayTrav) — the world of online sports betting is full of nuances. Between verifying identity, such as age and location, and preventing fraud, gaming operators have their hands full.

By analyzing when and where fraud spikes occur, gaming operators can strike a balance of preventing fraud, while minimizing friction to convert new users.

 

Louis Yansaud

Louis has been a Data Scientist on the Client Analysis team at Socure for the past two years. He focuses on the application of statistical, computational, quantitative, and management tools to address business needs, and has past experience in the finance and technology sectors. Louis is based in San Francisco.