Are Sportsbooks At Risk?: How To Proactively Defend Sportsbooks from Cyber Threats
February 2024 by Chad Kinlay Chief Marketing Officer, TrafficGuard
Sportsbooks have readied themselves for a lucrative year, with massive sporting events such as the recently passed Superbowl, and the upcoming summer Olympics promising great returns. Threat actors, however, are evolving their tactics to drain the profits sportsbooks make from events.
As sportsbooks rapidly transition to a digital landscape, they’ve opened themselves up to harmful attacks. Statista found that from January 2022 to February 2023, casino and sports betting apps were among the most targeted categories by fraud with the value almost reaching $1.2 billion. This makes it imperative to bolster defences against threat actors draining profits.
In light of recent prominent cyber-attacks resulting in significant financial losses and temporary operational disruptions, the presence of vulnerabilities within sportsbooks’ systems has become unmistakable. To seize opportunities presented by major sporting events in the future, sportsbooks must adopt proactive measures and give precedence to defence by implementing a thorough fraud prevention strategy. This strategy should entail strengthening the IT platform infrastructure, improving in-platform security checks, and reinforcing safeguards throughout marketing campaigns. It’s worth noting that marketing teams and management often overlook losses incurred through digital media.
Fraud Infiltrating Sportsbooks Campaigns
The revenue generated by major sporting events serves as an irresistibly lucrative target for threat actors. One prevalent tactic they employ to exploit these profits is through invalid traffic (IVT) within digital media campaigns. IVT encompasses any activity originating from sources lacking genuine user interest, including ad fraud perpetrated by malicious actors seeking to exploit the digital media landscape for personal gain. If left unchecked, IVT poses a significant risk of inflicting substantial losses on sportsbooks. According to Statista, the global cost of digital advertising fraud was projected to skyrocket from $35 billion to $100 billion between 2018 and 2023.
Some of the main threats facing sportsbooks are:
Bots and bonus abuse – Bots pose significant challenges for sportsbooks utilizing free bonuses to attract new customers. While these incentives are effective, they also attract threat actors who utilize automated bots to exploit promotions by creating fake accounts. Despite many operators implementing platform safeguards, the impact persists, silently depleting marketing budgets without contributing to customer acquisition. On average, approximately 5-7% of sports betting campaigns are affected by this form of media loss. With the rapid advancement of artificial intelligence (AI) and other technologies, threat actors can operate more stealthily than ever before. Mass production of bots enables them to launch attacks with heightened frequency, evading detection. Without a proactive strategy to identify these AI bots, sportsbooks risk significant profit loss without intervention.
Non-genuine engagement – This usually takes the form of traffic from suspicious sources, unusual click patterns, or high bounce rates where threat actors flood sportsbooks websites with non-genuine engagement to drain budgets. As sportsbooks are typically running Google PPC ads, they face the risk of harming customer acquisition costs (CACs) as budgets are wasted on users who aren’t genuinely interested. This typically slips past systems undetected and adversely affects profits whilst failing to produce any results.
Returning Users – Many sportsbooks are unaware of the inadvertent contribution of their loyal customers to cost escalation. Brand Search PPC, a highly effective tool for user acquisition, presents a challenge because sportsbooks are prohibited from creating audience lists of current customers, making them vulnerable to inclusion. As a result, the Brand Search keyword becomes an entry point for returning users, leading to significant losses. This type of invalid traffic (IVT) poses the most significant issue for sportsbooks due to repeated logins. For example, I’ve seen a case where 98% of a company’s brand campaign clicks were linked to existing customers, covertly increasing customer acquisition costs (CACs) and distorting performance metrics, consequently misallocating budgets.
Ensuring Transparency With a Proactive Strategy
To drive growth and protect their interests in an expanding threat landscape, sportsbooks must create an effective strategy to counter IVT and ad fraud. The most important parts of a robust strategy are transparency and visibility, as IVT typically damages businesses unnoticed.
Having full insight into the traffic passing through systems is key. Exercising regular monitoring is a proactive way for sportsbooks to gain useful insight into where exactly their data is coming from. This way, they can detect any discrepancies that could indicate fraudulent activity from a threat actor and mitigate it before any harm comes to profits.
Another integral step sportsbooks can take to protect their data and profits is to develop a method of accurately identifying fraudulent or non-genuine activity. By installing a verification platform, sportsbooks can pinpoint and invalidate any threat activity from bots. These platforms can find the origin of a user to determine their validity and block them from entering the system in real-time to actively protect budgets.
Sportsbooks can also leverage custom rules to prevent spamming from bots and other non-genuine users. With the right platform, sportsbooks can limit the number of times a user can interact with their paid advertising campaigns. Once this threshold is reached, the user is prevented from seeing that campaign for a set period of time. This gives sportsbooks greater control over their traffic and inhibits these users from driving up cost-per-click (CPC) rates, giving optimised pathways to drive more first-time depositors.
Securing Sportsbooks’ Future
As sportsbooks look towards events like the Grand National, Summer Olympics and Rugby season they need every possible advantage to protect themselves from invalid traffic to reap greater profits. Threat tactics are evolving to become increasingly complex to both detect and prevent. Sportsbooks must be proactive in their defence or risk falling behind in the market as a result of considerable damage from IVT.
By taking steps to gain full transparency into their systems and data, sportsbooks stand a much greater chance of preventing losses from invalid traffic. Monitoring and verifying traffic can ensure the profits from big sporting events stay where they belong - with sportsbooks, not threat actors.