Currently Browsing

Posts Tagged ‘ risk management ’

Online Gaming – On the Question of Security

When it comes to security online, it makes people think…and with good reason too. With the spate of crimes like credit card fraud and identity theft for starters. It makes you wonder, how good these gaming sites really are. What kind of security do they have in place? How can they prevent my financial information from getting stolen and misused?

Devils Diary – A Risk Management Kaleidoscope IV

Day VIII – a new beginning

As a new day rolled on – it signaled the beginning of a new beginning for Renne and Dennise.

The team successfully ( we never run short of it ) controlled the Check Fraud and Achilles was mighty happy – guess it was time for the old man ( he is just 27 – the oldest in the team LOL ) to say “ Cheese ”.Fraud Detection

The fraud closed to a $47,000 and with constant monitoring (theme of the day ) it could not gain momentum – also along with the Payments & Transactions Team ( guys who deal with Transactions in / out of the account and Pay Outs ), the RM put a hold on all floating funds on the suspected accounts ( till authenticity was established ) and checked on PayOuts ( till the accounts were validated ). All players account were and are safe. Cybertech facilitates safe gaming on their associated platforms – apart from that they also restrict fraudulent activity to gain any foot hold. All accounts went through frequent audits to check for any suspicious activity – the 34 Systems check saved the day. A rough estimate showed that the team had successfully blocked outgoing funds and balances on suspected accounts and the risk as of now stands at $ 11,500, which may come back as returned / dishonored transactions ( charge backs ).

Little to cheer, but Renne and Dennise could not have asked for more – they were learning the game, but ended up winning ( that’s what they teach you in here )

Day IX – lets play

07:56 hrs – Renne lay on her bed, a lazy day – she had taken a day off ( along with Dennise ). Achilles was happy to give the girls a break, it was a long week ( usually employees are given 2 days off each week ). It was 7 days of OJT ( On the Job Training ) and 1 day of Induction that made it a back to back 8 days in a row for the new batch.

The girls were never short of excitement, and Cybertech sure made their day ( err life ) – the fact was more than evident through their animated conversation – while Renne  was glued to the blog posted on http://pokerhotchick.blogspot.com with the title tag “ card-counting-in-blackjack“, Dennise found the Casino Games offered by Cybertech unputdownable ( dunno if this word exist !! lol )

“I haven’t seen anything like this lately”, Dennise exclaimed.

“These guys are into everything and everything, they even have Badugi !! “

“Whats Bad”, Renne snapped – as it was a new term for her.

“Nothings BAD  LOL !! Its Badugi – The most beautiful, most strategic, most subtle. This game that stands above all others, the king of games. A game which teaches as much as it entertains, its enthusiasts have often compared it to life itself.” Dennise filled in.

Seeing that Renne was still puzzled yet curious, she added – In Badugi, players receive four down cards (hole cards), after which there is a round of betting. There will be a total of three drawing round in which there will be a round of betting after each one. Where player’s discard to improve their hands. The object is simple; make the smallest hand by having a hand with every different suite and no pairs. The best possible hand being A-2-3-4 having one club, diamond, heart and spade.

~ Risk Management Department

Devils Diary – A Risk Management Kaleidoscope III

Day VI – know your stakes

According to protocol, the team met every 9 hours for a brief conference, at which results were summarized and new directions planned. In order to save time the conferences were held in small rooms of the cafeteria; they could eat and talk at the same time…

fraudRenne was a little late to arrive, she took a chair next to Dennise. By now both were fast friends ! Achilles started the meeting with the Daily Updates being discussed and Process Changes, a routine followed across all shifts to ensure everyone is up to date with the SOP ( System Operating Procedures ) and Client roll outs. This was important as being a RMA ( Risk Management Analyst ), one is required to know the process thoroughly. It is more of a FYA than FYI…the internal jargons just keeps on piling up  LMAO…

The session continued with Jessie ( another agent ) explaining the new Check Fraud that was identified last night by the team working night shifts. The fraud pattern employed this time was of high risk and current estimates showed that the check returns could be worth $ 37,500 as of now… this is just a count of the accounts that were suspected and are under investigation… the count could be more … and counting….

The pattern was simple yet baffling to the normal eye…the bank deposit options is one of the simplest and preferred ( did I miss out J – its one of the deposit options out of 60 payments alternatives )methods of deposits offered to players playing on poker and casino sites hosted by Cybertech’s gaming platform. The modus operandi was that a new account would be opened by masking the IP and a deposit made through the Bank Deposit option using bank details obtained fraudulently or through databases which were compromised or stolen. Once the deposit is made, the amount is automatically credited to the account ( although the same is yet to be realized from the bank, as it takes 4 working days to remit the amount to the poker site ) as an advance credit – as per procedure while registering the bank Account with the website it is an requirement to scan / fax and send a copy of a CANCELLED Check to the BO for Bank Account validation… the scans / fax that was received on the suspected ( I am using the term suspected as of now because we haven’t yet received check returns on these accounts ) were products of Photoshop and Microsoft Paint applications ( easy to create )… the unique and special fonts used on the MICR on checks were also copied to perfection to give it an “ original ” feel and to make it look authentic to the core… there were no reasons to suspect initially. The issue came to notice when one agent got two calls with Check Returns issues and from the customers and account holders of the same BANK and the 34 Systems check started throwing up multiple linkages ( similarities and associated accounts )!! that is when she smelt a rat and started investigating… by morning ( today ) the amount totaled to approx $ 57,000. The flaw on the checks ( scanned and faxed copies ) were noticed at a very later stage and that was … all the checks had the same check number ( which was highly impossible ) and from the same bank, and all the accounts had the maximum deposit of $500 ( Daily deposit limit for bank account deposits )… sounds simple  -  but it wasn’t as simple as it sounds

Dennise and Renne were glued to the conversation, so was the rest of the team. It was one of a kind, even Achilles agreed he hasn’t seen anything like this recently. The surprising element to the entire pattern was that it fooled the Phone verification System and the Soft Verification System ( a procedure where every account is validated by calling the phone number registered on file and the details checked with the Account owners). The same numbers now cease to exist !! L The account once it was credited with the money either lost everything on the table or just made IAT ( Inter Account Transfers ) and CO ( Cashed Out ).

It was baffling to say the least and the sand just poured on… everyone was fighting against time…

Day VII – its time to fold – It all seemed to repeat.

05:49 HRS …Dennise awoke quickly, rolling out of bed and starting to dress. She was excited: she had an idea. A fascinating thing, wild, crazy – but fascinating as hell.

05:55 HRS …Renne was tired, but knew she was not ready for sleep. She paced up and down the corridors of her villa; thinking about the day to come…things went over her mind, again and again.

But she was missing something, and that something was bothering her.

07:45 hrs – Achilles stepped into the small room where the Daily huddle was to be held for his shift. – he stood before the team, which had already assembled and were waiting for the daily briefing. He knew exactly what he was going to do – but he was not very sure why he was doing it.

Yesterday’s case catapulted to a $43,000 – and it was evident that the matter needs an immediate reconciliation.

Achilles briefed the team on the latest developments on the Check Fraud, there was a hush.

Renne was the first one to speak up, all eyes were on her – she took a deep breath –

“We ( Dennise )  have a plan, I think it will work.” She said, indicating Dennise.

She suggested that the team prepare a CFM ( Counter Fraud Mechanism ) and work towards bringing about a resolution to the present situation.DMAIC Model

The action plan was drafted on the DMAIC model:

  1. Understand the exact nature of the issue at hand ( Define )
  2. Record all accounts where the fraud is suspected. ( Measure ) – this would include details of IP, UCID, Player’s Bio, System Activity, Transaction Details, location, Affiliates info ( if any ), hand history, table info, win and loss history, iOVATION details, other linked info. ( Measure )
  3. After collating all the information – investigate and establish a pattern or methodology ( Analyze )
  4. Start looking out for possible counter fraud solution. ( Improve )
  5. Check the frequency of fraud. ( Control )

Dennise added:

  1. Initiate a 10 step verification plan to check deposits made through the Bank Account option.
    1. iOvation Check        ( already being followed – but failed – )
    2. 34 Fraud Scrub rule   ( was the only system which held its ground )
    3. Phone Verification     ( already being followed, but failed  – or should I say FOOLED !)
    4. Lower the first Deposit Limit and the Daily Limit to $100. ( New Action )
    5. Run a Fraud Check by creating a follow up on all new accounts ( suspected ) to check the flow of funds ( lost / transferred while one the table )
    6. Check Account activity of all suspected accounts and to initiate re – verification procedures to check for failed phone verification ( as that was one of the issues identified )
    7. Put a temporary block on all new accounts with first deposit status such as attempted / failed / credited / pending valued at $ 500 – until the authenticity of the deposit is validated with the player.
    8. Constant monitoring of payouts on suspected accounts.
    9. Need to trace the recipient accounts which won / received or were party to the Money transfer / loss on the table by the suspected accounts.
    10. Trace all possible linkages established with the suspected accounts for suspicious activity.

“Well, a good attempt” Achilles said.

“But by this we also risk blocking the accounts which may be good, also we are running against time, we don’t have the time and the resources for documenting data, what about that?”

Renne was on the loose and she explained that, more than being reactive – the approach needs to be more ” proactive ” !! We also need to ensure that we maintain adequate records of any activity concerning fraud and risk management where in we may not have had the opportunity to act ” proactive ” in the first case. – majority of the time Risk Management is reduced to just a ” reactive ” process and agents keep maintaining data bases as such called the ” post mortem ” by me -  What good is it – if the money has already moved into the system and there is / are no way we can control the activity after the same is taken to the table and is lost / exposed to fraudulent activity – the idea is to check / manage risk first and YES !! to prevent further activities  – the records ( post mortem ) would certainly do us good as ” learning ” and references – however does not help otherwise as we have already hit a loss by then -

All said and done we at the risk management still need to find out the SCOPE of the operation – when I say this it means we need to know what are the LIMITS to which we need / can / must / should reach or cross !! – Unless we familiarize ourselves with this prospect – it would be nothing less to impossible for us to keep the steam – thus failing on the very objective of Risk Management !! – It’s a Dynamic process and we ought to understand nothing stays the way it is every second – prompting us to evolve every moment from where we have left ( but not forgetting what we have been doing or continue to do )

As we say – ” Change is inevitable ” !!

A gentle murmur soon gained volume – everyone seemed to pour in ( a good sign though ) – atleast there was food for thought here !!

Talking about food  mmmm it was lunchtime already.

~ Risk Management Department

Devils Diary – A Risk Management Kaleidoscope II

Day III – almost a bad beat…Risk Management

Time was passing swiftly. Dennise could not understand it. Everything was so fast, and she was so slow. She was chosen to be a part of the Fraud Detection Team setup within the Risk Management Dept. She along with Renne and three others were assisting in the investigation of the MoneyBookers fraud detected by one of the agents the day before. The 5 member team had a blind spot, which Achilles later expressed this way: “We were problem oriented. Everything we did and thought was directed towards finding a solution, a process to close the fraud loops. Find the key ( solution ) its lies deep within the problem”

The team failed to understand the fraud pattern though they had an edge, as the pattern was detected in its nascent stages. Despite the individual brilliance of the team members, the group grossly misjudged their information at several points during their investigation.

Sir Winston Churchill once said that “true genius resides in the capacity for evaluation of uncertain, hazardous and conflicting information.”

Renne was welcomed with a pleasant surprise today, when Achilles announced that she and Dennise would be a part of a special team along with three other existing and experienced agents to handle the investigations for the new fraud chain identified a day back.

But her flight of fantasy seemed to have mid air glitches…

What they did not anticipate was the magnitude, the staggering dimensions of their errors. Being new to the team, Dennise and Renne did not expect that their ultimate error would be a compound of a dozen small clues that were missed, a handful of crucial facts that were dismissed. The number of fraud players’ account was now 1319 and there were 17 ( on an average ) new account being created every minute with fraudulent deposits through MoneyBookers. By far, “it was the most puzzling pattern he had come across in the last few years”, Achilles said.

Nevertheless, they had a safe landing…the matter was instantly checked and the day ended with a song -  WE are the CHAMPIONS -

At Cybertech, a scrupulous and effective procedure is followed to ensure players safety online. At the end of the day, IT’S A GAME!! A careful thought goes behind ensuring the safety of players’ money that is transacted online on Cybertech’s Skins and websites. No matter what, players just need to enjoy their game…and let the rest be handled by people, who are always keeping a vigil as the clock ticks.

Day IV – fun and learning… contd.Identity Fraud

Dennise was amazed at the tools that were used and the procedures followed to keep a track and vigil on players transactions, games and other associated features offered by Cybertech. She came face to face with new terms like CD… a ellipsis for Chip Dumping, money dumping, collusion etc. She could not stop laughing while she read through chat transcripts of players… a serious yet amusing task every agent loves to spend time on… Chat Transcript audits are undertaken to ensure decorum being maintained in the card rooms. It helps to identify abusive players and block Chip and money dumpers if proven guilty ( and yes spams LOL ).

Renne on the other hand found the 34 ( an acronym for the 34 point Fraud Scrub System ) interesting. It had a mechanism to check through players IP Address ( internet protocol ), UCID Number ( Unique Computer Identification ), Country, State, ISPs ( Internet Service Providers ), information related financial details registered with the website, Chargeback history or linkages with other accounts on the network, Address, age, contact information etc.

As an Accounts Manager her first case was of a player who had Multiple Accounts ( Check Terms & Conditions ) with EnterAtlantis.com … with her previous experience with an online gaming site ( a famous one ), it was not hard for her to figure it out, but what amused her most was when the player tried to explain that it was two different accounts which belonged to him and his brother with similar last names…

Account A: Greg Kubin

Account B: Marc Kubin

The player was informed that both accounts had same DOB ( date of birth ) and other information like the email addresses, phone numbers and passwords to both the accounts were same. And that the CC ( Credit Card ) used to fund both the accounts belonged to one person – apart from the fact that both accounts show the same IP s and logged from the same computer. The player held his ground… `

Renne played her cards carefully  -  she assured the player that she believes him and requested the player ( on the phone ) to provide an identity proof for his account ( standard procedures ) and educated the player on the risks of sharing passwords while using the same system and to avoid sharing of email addresses ,Credit Card details (  or any other financial details ) with other users. Also informed that the same procedure is applicable to the other account, to validate its identity on the system -

The player gave in this time… he dint have a chance, as the odds were against him and he had balance ( funds ) on both the accounts … he knew that if he held on to his claim he would lose out on the balance on the other account, which will be blocked ( temporary block is placed to validate the accounts ) till the identity of the account holder is validated.

“It’s not a big deal.” he said.

“Both accounts belong to me, my name is Gregory Marc Kubin… and I dint like the screen name on the other account so I created a new one…” he said.

Renne knew exactly what was to be done, she assured the player that it was absolutely OK J and she understands ( never make the player feel guilty in such cases ) -  after all he is here to have FUN !!! She informs the player that once an ID is received which reflects the players complete name she would go ahead and Close one of the account ( as per players choice ) and transfer the balance funds on that account to the active account.

With this remarkable turn of event…It was a straight win, the player folds…and the Renne takes it all, closing it with a “ thank you ”

On the other hand, Dennise had her share of learning…

Day V – tricks of the trade

09: 49 hrs…Achilles called for a Team Meet at 10:00 hrs sharp in Meeting Room N0. 3,one of the larger rooms with OHP ( over head projectors ).

The word went round that there were some important process changes to be discussed…

10:00 hrs…There was an eerie silence in Meeting Room N0.3… Achilles walked in … and a new face followed him inside.

“Good Morning” he said

“Let me introduce you to our new Risk Management Specialist, Mr. Helmut Goldfinger.” He continued.

What followed was a remarkable session conducted by Mr. Goldfinger ( the name reminds me of the 007 series ), who brought decades of experience in Risk Management domain with him and it was great to have him share all that with the team at Cybertech. It has always been an endeavor undertaken by Cybertech from time to time to allow its employees to learn the tricks of the trade and be up to date with the present trends in the industry.

In fraud detection and risk management … Cybertech believes in being PROACTIVE than being REACTIVE…the dynamics are different when you have fraud hitting the system on every flop dealt… every turn… being reactive or to be able to respond to fraud would imply that we have already been HIT !! Why wait and indulge in cleaning the mess when we can restrict and avoid the mess in the very first place…that’s where being proactive plays an important role.

Like they say… no good crying over spilt milk…. LMAO !!

Risk Management and Fraud detection is a highly dynamic process which involves round the clock monitoring and tracking mechanism being handled by enthusiasts who have a rational approach and the response ability ( apart from responsibility LOL ). To be able to think on their feet and to reason out facts and figures provided to them make the team of Risk Management Analysts at Cybertech a level above others in the industry and in the same domain.

Devils Diary – A Risk Management Kaleidoscope

Day I – a day to remember…

05:45 HRS – Dennise awoke quickly, rolling out of bed and starting to dress. She was excited: she had an idea. A fascinating thing, wild, crazy, but fascinating as hell.

05:45 HRS – Renne was tired, but knew she was not ready for sleep. She paced up and down the corridors of her villa; thinking about the day to come…things went over her mind, again and again – But she was missing something, and that something was bothering her.

It was a big day, a BIG day for both; they were selected to join the Risk Management Team at Cybertech.

Cybertech beat the heat – YES ! it was recession time, and Cybertech was hiring – it was all about knowing the game, and playing it right from the start -

The room was huge, the size of a half football field. It was furnished, with cubicles, laptops, desktops, cabins and work desks and comfortable chairs – Inside the room, voices echoed as the technicians and executives paced up and down, called to each other, handling customer queries.

Achilles, tired, bleary-eyed, clutching his coffee cup, stood in a corner and watched. To him, there was something surrealistic about the scene: a strong one less than a 89 member team in a long, colorful well decorated room in Hong Kong, managing risk.

One of the agents came up to him, holding her laptop for him to see, she dished the content under Achilles’s nose.

“Just got it”, she said

“What is it?”

“You’ll never guess.” The girl’s eyes gleamed with excitement.

“All right, Achilles thought quizzically, I’ll never guess. “What is it?”

“A Chinese MoneyBookers Fraud Pattern detected from the fraud chain of an existing Nguyen Family Check and Charge Back Fraud pattern,” the agent said, smacking her lips with satisfaction…

The night shift ended as the new shift rolled over …Dennise and Renne were amazed at the turn of events on their very first day. The subject was known to them but the experience was new. They were enjoying every bit of it – it was 0745 hrs now – new jobs – new beginnings…

Day II – fun and learning… Risk Management

Fraud detection was fun and exciting for both of them. Dennise and Renne got to work on iOVATION, Cybertech’s premium fraud and risk management tool. The BO ( Back Office ) was like an organization within an organization. It had a complete setup along with Transactions Management, Payments and Processing, Affiliates Management. At the Risk Management function of the BO, the agents investigate and ensure fair play, on Cybertech’s gaming websites, clients and skins.

With the help of fraud detection and tracking tools like iOVATION and customized fraud trackers like the state of the art 34 point Fraud Scrub system ( designed and managed by Cybertech ), it was next to impossible to break in. The players at any of Cybertech’s skins and websites are assured and reassured of one thing all the time: FUN UNLIMITED!! Let us handle the risk for YOU.

Renne was ecstatic at the turn of events…it was like a dream ride… she always aspired to be a cop, but she was dismissed as being too polite. At Cybertech she found her match, she had an outstanding ability to see through things, to be able to identify a violation ( fraud or similar activities ) and unusual patterns in the system where others failed to notice. And the ability to be polite even while interacting with the players identified as fraud was her forte.

It all played off pretty well for her, soon she was in for a surprise, a surprise she would be excited about and a little disappointed too… it was a bad beat…

~ Risk Management  Department