Pennsylvania Gaming Regulators Fine BetMGM $100K For Failure to Prevent Fraudulent Behavior

• The Pennsylvania Gaming Control Board issued a $100,000 fine to BetMGM
• The gaming board agreed that BetMGM failed to have sufficient procedures in place to prevent fraudulent behavior
• Four fraud rings used personal identifying information of other individuals to create accounts and funded the accounts through stolen payment devices

---

BetMGM LLC is facing a $100,000 fine from the Pennsylvania Gaming Control Board for failure to implement sufficient know-your-customer protocols to prevent fraudulent behavior on its BetMGM and Borgata online gaming platforms.

The Pennsylvania Gaming Control Board (PGCB) reported the company did not have sufficient know-your-customer (KYC) protocols in place and allowed for the creation, access, and use of multiple fraudulent accounts by individuals using personal identifying information of other individuals. Additionally, the accounts were funded through stolen or fraudulently obtained payment devices. The board approved a consent agreement during its Wednesday, March 25 board meeting, which included the $100,000 fine.

The PGCB reported four individual fraud rings illegally bet nearly $2 million through thousands of illegally created accounts in the state on the BetMGM and Borgata platforms for two years.

Some Illegal Accounts Created From Information of Deceased Individuals

A BetMGM spokesperson told Sports Betting Dime the company is unable to comment on the situation as it is part of ongoing litigation.

During yesterday’s board meeting, Joseph Caputi, senior legal counsel for BetMGM LLC., said the company takes compliance very seriously, but there is “no system that can fully eliminate the threat of fraud or anticipated fraud, or sophisticated bad actors.”

“BetMGM has committed significant investment into its fraud tools, policies, and fraud prevention to address and stay ahead of the sophisticated bad actors. BetMGM has, and will continue, to commit time, expenses, and resources to preventing fraud and upholding the integrity of gaming in the Commonwealth of Pennsylvania,” he said.

The PGCB’s Board of Investigations and Enforcement identified four separate fraud rings that operated on the online gaming platforms. The PGBC alleged BetMGM LLC. had insufficient know-your-customer protocols in place to deter this behavior.

According to the PGCB, the fraud rings used stolen personal information to create thousands of fraudulent accounts on either the BetMGM or Borgota online gaming platforms and then used stolen or fraudulently obtained funds/payment devices to make the bets.

The first ring was active on the BetMGM platform from Dec. 9, 2021, through Jan. 18, 2024. It created 1,567 accounts using the personal identifying information of other individuals.

Two accounts were created using the personal identifying information of deceased individuals, 304 created accounts used a shared phone number, and 896 accounts were accessed from the same IP address, according to the PGCB.

Of these accounts, 1,173 made deposits totaling $13,761 and were issued bonuses totaling $12,172 in free casino play and $194,101 in free sports betting play. The total amount wagered by the ring was $229,580, with $20,985.98 in iGaming bets and $208,594.38 in sports bets. The ring won $188,152.47, with $22,779.79 in iGaming winnings and $165,372.68 in sports betting winnings.

A total of 481 accounts completed withdrawals totaling $128,608.48.

“This fraud ring was identified through a series of hallmarks commonly associated with fraudulent accounts created using the personal identifying information of other individuals for the purposes of bonus abuse and/or utilizing stolen or fraudulent payment devices. A common theme of the fraud ring was that a majority of the linked accounts deposited $10, immediately followed by gaming activity (casino and/or sportsbook) and withdrew using the same financial instrument that was used for the deposit. These accounts were linked through shared registration details such as phone numbers, financial instruments used for depositing and withdrawing funds, shared devices, shared IP addresses, and common geolocation activity,” the PGCB wrote in the consent agreement.

Digitally Altered Selfie Used for Documentation

The second ring was found to be active on both the BetMGM and Borgata iGaming platforms from Jan. 17, 2021, through Nov. 16, 2024. The ring was perpetrated by seven suspects creating a total of 32 BetMGM accounts and two Borgata accounts.

According to the PGCB, only six accounts provided identifying documentation upon request, one of which was a clearly digitally altered “selfie” of the account creator holding a Pennsylvania identification card.

The total amount bet by all accounts was over $14,598. The total amount of winnings was $299.85. A total of 10 accounts completed a total of 16 withdrawals totaling $2,330.51.

“This fraud ring was identified through a series of hallmarks commonly associated with fraudulent accounts created using the personal identifying information of other individuals for the purposes of bonus abuse and/or utilizing stolen or fraudulent payment devices. These accounts were linked through shared registration details such as phone numbers, financial instruments used for depositing and withdrawing funds, shared devices, shared IP addresses, and common geolocation activity,” the PGCB wrote.

The third ring, perpetrated by two suspects, created a total of 119 accounts on the Borgata platform using the personal identifying information of others. The accounts made 59 deposits totaling $76,220.70, which led to $10,031.93 in bonuses issued to the accounts. Only seven accounts provided valid identifying documentation upon request.

The accounts wagered a total of $895,092, with a total of 15 account withdrawing $59,895.60.

“This fraud ring, which is also associated with the fraud ring identified in Count #8 (115293-E11019-24) as there are a total of 27 shared devices, one (1) shared geolocation and seven (7) shared financial instruments, was identified through a series of hallmarks commonly associated with fraudulent accounts created using the personal identifying information of other individuals for the purposes of bonus abuse and/or utilizing stolen or fraudulent payment devices. These accounts were linked through shared registration details such as phone numbers, financial instruments used for depositing and withdrawing funds, shared devices, and common geolocation activity,” the PGCB wrote.

Fraud Ring Active in Multiple States

Finally, the fourth ring, perpetrated by an unknown number of suspects, created 2,700 BetMGM and Borgata accounts through multiple states using personal identifying information of others and was active from May 12, 2022, through Dec. 12, 2023.

In total, 21 accounts had game play and bonus funds issued, 1,563 accounts deposited funds totaling more than $2.1 million, of which 6,321 financial instruments were used to complete the transactions.

The PGCB reported 1,249 accounts withdrew funds totaling $1,541,782.84.

Specifically regarding Pennsylvania, a total of 304 BetMGM and Borgata accounts were created. These accounts completed 192 deposits totaling $356,560.28 and made 161 withdrawals totaling $292,997.04. Of the accounts with withdrawals, $81,571.25 was withdrawn by 154 accounts that conducted no gaming activity. The total amount wagered by the Pennsylvania fraud accounts was $867,909.91, winning a total of $8,241.41.

According to the PGCB, a total of 41 devices were used to access more than one of the Pennsylvania fraud accounts. A total of 49 IP addresses were shared by 236 of the Pennsylvania fraud accounts. Additionally, 12 of the accounts shared the same phone number and two of the accounts were created used the personal identifying information of a deceased individual.

Failure to Prevent Fraud

The PGCB concluded that BetMGM failed to have sufficient procedures in place on their online platforms to prevent this level of fraud, specifically insufficient KYC protocols.

“Specifically, BetMGM’s insufficient protocols and systemic failure to implement and utilize available KYC and fraud prevention tools and tactics allowed for the creation, access and use of multiple accounts by individuals, the creation of accounts using the personal identifying information of other individuals, the funding of accounts using stolen or fraudulently obtained payment devices, and the withdrawing of funds into accounts controlled by individuals conducting fraudulent behavior,” the PGCB wrote.

In addition to the $100,000 fine, the PGCB will require BetMGM LLC to pay $2,500 for costs incurred and immediately institute policies and procedures to prevent similar incidents from occurring in the future.