The “person in the street” might think of fraud attempts against online gambling companies as involving “deepfake” photo images so the fraudster – whether under legal age for gambling or wanting to steal play credit – can impersonate someone else.
But the rise of generative artificial intelligence (AI) has already taken the defence processes needed for the online gambling industry well beyond that point. That is according to Ofer Friedman (pictured), chief business development officer at AU10TIX – pronounced “authentics” –, an identity-verification and risk management company based in Amsterdam, The Netherlands.
Mr Friedman observed that where once a human was needed with skills to be able to ‘insert’ a fake identity into an online gambling provider’s system, now generative AI can be used not only to automate insertion, but also to anticipate how a gaming company might guard against that.
While that might be a challenge, it is not a cause for despair, he said in an interview with GGRAsia. An answer, he noted, is for security specialists to lay a digital “minefield”.
Mr Friedman stated: “People thought that identification meant you stand at the gate, and you say, ‘Show me who you are. Okay, you are good, go in’.”
He added: “But since that’s becoming so challenging, what you need to do – and what we are doing – is basically putting more and more hurdles, more and more ‘mines’” in fraudsters’ paths, and making that a machine-based defence, not merely one of human gatekeepers.
The approach required, said Mr Friedman, “reminds me of movies when the person has to go through all those laser beams,” to get to a target such as a precious jewel.
Quarter-century experience in anti-fraud
The people behind AU10TIX are said to have 25 years of experience in anti-fraud work. “We were invented in order to introduce” into financial-transaction work “what is today’s airport security and border control standard for identifying and screening people,” Mr Friedman told GGRAsia.
Beyond the consumer-facing element of online gambling as entertainment, it is essentially a financial industry, requiring financial technology (fintech) to run it and to protect it, he noted.
Protecting your regulatory licence to run such as business – by ensuring fraud prevention – is as important as protecting revenues, stated the expert.
Regulators “are setting the minimum, not the maximum” standards for fraud prevention, he said.
For all businesses, “stopping identity fraud is basically an expenditure,” observed Mr Friedman.
It is also – in terms of business processes such as bringing new players on board in the case of an online gaming operator – “creating friction because people need to do things they don’t actually want to do, and it’s costing you money”.
All business operators, “will by definition,” suggested Mr Friedman, “be tending or be tempted to do the minimum possible in order to… meet” security requirements.
But “gaming is more exposed,” he added. “You need to show that you actually have done the utmost, and now there is an interesting situation whereby you can actually do more than regulations demand,” by using enhanced security technology to beat the enhanced threat.
A survey of the online gaming sector published in June, called ‘State of Identity Verification in the iGaming Industry 2025’, was issued by Sumsub. The company, a provider of identity-verification services for digital commerce businesses, suggested an increase in the prevalence of AI-generated fake documents had been reported by 78 percent of iGaming operators.
According to Sumsub’s report, the deposit stage is the most targeted point in the “user journey”, with 41.9 percent of operators citing it as the primary “fraud flashpoint”. The process of “onboarding” or registration (23.8 percent), withdrawals (22.9 percent), and in-game activity (11.4 percent) also remain points of vulnerability.
As per Sumsub, most fraudulent activity occurs between 4am and 8am, relative to wherever the fraudster is based, while “legitimate” players typically register around 6pm in their time zone.
AI is creating top fraud ‘professionals’
From the perspective of AU10TIX, such early-hours efforts might speak to the labours of what it terms “amateurs” rather than “professionals”.
“We’ve already seen that the share of amateur of attacks versus professional attacks is changing,” said Mr Friedman. “It’s changing because previously, even if you had the best AI deepfake tool, you still needed skill and experience” in order to use it for fraud.
He added: “You don’t need that skill anymore. There are already available tools that enable you to launch the complete attack … up to even launching a targeted attack against a specific company, using a tool that knows how this company defends itself.”
In the case of a faked image of a face, “the detection now has to expand from the picture itself, which is obviously becoming more and more difficult to detect … into a broader risk scan that looks also at what exactly sent that image,” explained the AU10TIX executive.
On that basis, said Mr Friedman, “you’re looking at device factors, you’re looking at network factors”.
He added: “They [the fraudsters] have created such a level of ease in launching sophisticated attacks, that the whole concept or the whole strategy of how to stop them is actually rewritten.”
He also observed that “more and more, companies like us are looking at ongoing” customers of gaming firms, “not just the onboarding” process, “because many people are already in and they can be committing that fraud later on”.
Mr Friedman suggested AU10TIX is one of the very few companies working in this field, where the founders have an “airport security and border control background”.
Having “even one wrong person on a plane” is one too many, so coming from what he termed a “paranoid” mindset, is a useful starting point for tackling online fraud in the era of generative AI.
“We are actually working with the mentality, with the expectation” of needing “deeper checks, especially for fraud, which may not be [immediately] visible,” he noted.
Mr Friedman added that the dawning era of the Internet of Things, where devices ‘recognise’ their user, will make protection against identity fraud even more important in everyday life.
“Every device that you have, will know it’s you and will have information about you, and therefore better be open to you only,” he added. From a security perspective, that world is “going to be fun”.
