Avoid Using Simple Passwords
Operators of online casinos are gradually being investigated for account takeover theft, partially due to consumers using some very crappy passwords.
A recent study by Ravelin (a company that provides sophisticated technology and dedicated support to help online businesses prevent advanced fraud threats and accept payments confidently) finds gambling second only to taxi firms in terms of the average total number of account take-over attacks. These attacks include fraudsters who acquire user credentials to gain possession of an online account and either use the account to spend sumptuously on products or services, or transfer the stolen data to malicious third parties.
Gambling companies have seen an total of 60 takeover attacks a year, trailing only taxi firms (65 attacks) but ahead of grocers (53). While gambling sites are clear targets because of the vast sums their accounts can hold, this year the grocers profile got a boost due to skittish consumers loading their carts online during the pandemic lockdown.
More than half (52%) of gambling operators registered a substantial spike in this year's serious account takeover attempts, again attributed to the growth in online gaming activity as land-based options declined as a result of COVID-19.
Gambling companies have taken the lead in mentioning 'private market info' as one of the most significant considerations when detecting patterns in fraud. More than half (56%) of gambling operators listed shared data as their top three variables, while 20% ranked shared data as their top three. Other industries were far more likely to mention the top consideration for customer demographics, order quality, location and system IDs.
Ravelin CIO&Founder Mairtin O'Riada said responsibility was generally similarly attributed to consumers, merchants and banks for the mayhem caused by account takeovers, but if it is uncertain, the merchant always takes the blow.
Interestingly, the 'digital goods market, into which gambling is lumped, was the most likely to provide two-factor authorization (2FA) but it allowed consumers to opt-in. In terms of applying 2FA on all consumers, the digital products providers were among the lowest sectors. Riada said 2FA was an efficient way to prevent attempts at takeovers, "but it can also be bypassed."
That's partially due to consumers using those very dumb passwords that can be quickly exposed to cracking those codes by machines. By using the same weak passwords across several digital accounts consumers will escalate the problem.
The most popular online password list released by patented NordPass password managers reveals '123456 was this year's most common password, falling to eighth place in 2019's champ '12345, while the super-literal 'password was fourth. It takes less than a second for someone with the right resources to solve all of this.
Protection experts firmly recommend the use of complicated passwords containing a combination of alpha (upper and lower case) and numeric characters, along with special characters, if it was not already apparent. Also, longer passwords are considered much better than shorter combinations, and even those can be regularly updated.