All reputable online poker companies employ
security staff, both to protect the company’s interests by preventing fraud,
and to protect the players’ interests by preventing collusion, multi-accounting
and bot use in the games. Good security can save you money, boost player
satisfaction and trust, and safeguard your reputation.
However, there is a major problem with the
current status quo. Say your security team has a major breakthrough, and
catches a ring of colluders. It’s a huge case that has taken hundreds, maybe
even thousands of man hours to reach a conclusion. As a company, you’ve spent a
fortune on developing tools to catch collusion rings like this one and training
expert staff to use them. So you confiscate the colluders’ money, and return it
to the players. Perhaps you chip in some of your own money to meet any
shortfall in the compensation.
That’s great. Unfortunately, the colluders don’t
go to court to be sentenced. Instead, they simply learn from their mistakes,
and move on to one of the many other sites, equipped with a more advanced
strategy for avoiding detection. They continue to cause harm to players and to
the industry – the only difference is that they are doing it somewhere else.
When you go to a shop to buy a DVD, you
don’t buy two copies of the same movie. When you go to get your hair cut, you
don’t get it done twice by two different hairdressers. When you pay an
affiliate commission for sending you a new player, you don’t do it twice. It’s
one of the most obvious rules in business – you don’t pay for the same thing
more than once. And yet this is what happens in the online poker industry every
single day, because you are paying to catch cheats and fraudsters that have
already been caught and barred by other operators.
In the brick and mortar casino industry,
information on cheats and other undesirables is shared amongst operators,
either through lists of unwelcome players supplied by the local regulator, or
through a commercial service such as that provided by Griffin Investigations (Las
Vegas’ famous ‘black book’). It may be that a particular cheat or fraudster has
never set foot in your casino before, but using this shared information, you
can identify and catch them before they are able to cause any harm.
In policing, information on known criminals
is shared between different police forces, through organisations such as
Interpol. If a criminal commits fraud in the United Kingdom, they can’t simply
run to Brazil or Mexico and start over with a clean slate. They’re arrested by
the Brazilian or Mexican police as they enter the country and are made to face
the music. Over the years, 188 countries have come to realise that they are
better off working together in this way.
I strongly believe that, like the world’s
police forces, we are stronger together, and that we should put aside our
differences on security issues. If we share information about known cheats and
fraudsters – such as user IDs, IP and MAC addresses, hardware identifiers, suspicious
VPNs and colocation servers, geographical trends, as well as the actual
cheating techniques used – then we, like casinos in Las Vegas, can catch
undesirables before they cause any harm.
I am not suggesting that we should build
another bureaucracy, but I do feel that an independent security alliance,
comprising of expert members from each of the operators that wishes to
participate, is the best way to accomplish this goal. The authority can disperse
information on new detection techniques, best practice, and information about
trends in fraud and other security issues between its members, and can run as a
not-for-profit organisation. An independent authority can also provide an
escalation point for high profile cases where players feel that they have been treated
unfairly, and provide a greater scope for peer review of complex fraud, collusion
or bot use scenarios.
It’s easy to fall into the trap of seeing
security as a competitive advantage. After all, if your security is stronger
than your competitor’s, then they will tend to lose a greater proportion of
their revenue to fraudsters and cheats, which has knock-on effects in how much
money they can devote to competing in other areas such as new acquisitions and
player retention. Also, a site with poor security doesn’t do its reputation any
favours and may lose some more discerning customers as a result.
You might also think that because there are
so many operators, each with very different numbers of players, that the bigger
sites would contribute a disproportionately large amount of information to the
security alliance compared to smaller operators. That may be true, however, the
amount of quality, useful information is what really counts. Site A may have
ten times as many players as Site B, but it would certainly not have ten times
as many fraudsters because fraudsters are much more likely to play on multiple
sites compared to a typical player. So the information contributed by Site A
would not be ten times as useful to the security alliance. Further to this,
whatever fraudsters were caught by Site B would be very likely to also target
Site A, or have targeted it in the past, simply due to its size. So a healthy
compromise is reached, with a single piece of Site A’s information of a lower
quality than Site B’s, but Site A providing more information than Site B to
redress the balance.
I think it’s important to recognise that we
are all interconnected and that our actions have a ripple effect throughout the
industry. Every poker operator depends on others for a certain amount of its
success. When one operator breaks into a brand new market in a previously
untapped area of the world, every other operator benefits (though perhaps not
as much) from the new surge of interest in that region. Conversely, when there is a huge scandal in
the industry, every operator is damaged, regardless of their involvement. I
think we can agree that all poker operators were harmed significantly when the
‘superuser’ scandals affecting the UltimateBet and Absolute Poker brands were
publicised.
Improving our trustworthiness and each
player’s feeling of security is of paramount importance to attracting new
players and retaining existing ones. By launching a security alliance, we would
send a strong message to cheats and fraudsters that their time was up, and
companies that took part would enjoy a significant boost both in PR and in
player trust.
This wouldn’t be the first time that we’ve
worked together as an industry. We’ve worked together on Responsible Gaming
issues, through organisations such as GamCare. We’ve worked together on the US
legal situation, and on defining regulatory frameworks in emerging markets such
as Italy, France and Estonia. So why not work together on security also? We are
an industry that deals with colossal amounts of cash, so you never know when it
might save you a million dollars or two.
This article was published in InsidePokerBusiness, November-December 2010
This article was published in InsidePokerBusiness, November-December 2010
No comments:
Post a Comment