Summary:
Several poker players have been victims of an identity-theft and banking- fraud scheme targeting pro poker players. Dozens of fraudulent accounts were set up via BetMGM’s online funds services as part of the scheme, according to David Purdum. Some evidence suggests that the fraudster or fraudsters had knowledge of the poker world, though the total number of victims is not known.
An expanding group of victims in an identity-theft and banking-fraud scheme targeting pro poker players has begun to generate mainstream headlines, with the corporate entities linked to the core of the fraud acknowledging that investigations into a possible hack and data- theft, if not internal fraud, have begun.
Dozens of fraudulent accounts were set up via BetMGM’s online sportsbook services as part of the scheme, according to David Purdum. The poker pros who had publicly acknowledged being among the scheme’s victims were Joseph Cheong, Todd Witteles, Kyna England, Brock Wilson, David Bach, Sam Panzica, and Clayton Maguire. The total number of victims is unknown, though some evidence suggests that the fraudster or fraudsters may have had knowledge of the poker world and well-known players who were likely to have well-funded checking accounts linked to their online accounts.
Other well-known poker pros have stepped forward since the initial wave of acknowledgements that followed Cheong’s initial tweet on the topic.
Global Payments is not responsible for the security breach
While much of the evidence uncovered by Witteles over the past several weeks points to a prominent online payment process, Global Payments Gaming Solutions, as being the common denominator, Purdum’s piece instead indicates that the problem might be located within BetMGM’s online sportsbook services, where many BetMGM acknowledged to Purdum that they were aware of a potential incident and were investigating.
Purdum was able to reach Global Payments, which denied that their services had been compromised. Global Payments told Purdum that there has been no security breach or fraudulent accounts opened in connection with the investigation. The protection of our customers and their clients information and funds is our top priority and we are working with these third parties to ensure any impacted individuals are refunds.
Some of the evidence already known is ignored by the implied pointer to BetMGM’s sportsbook system as to where the data was stolen. Most, but not all, of the fraudulent accounts where the fraudster(s) deposited money stolen from victims’ bank accounts were actually at BetMGM, but that more likely indicates just that the fraudster(s) were familiar with BetMGM’s online system. Global Payments remains the more convincing source of the initial presumed data theft due to the fact that none of that equates to being the source of the stolen data itself.
According to Joseph Cheong, his banking information was stolen elsewhere and then used to create a fraudulent account at BetMGM, where he had never gambled before.
BetMGM is unlikely to be the root source of the identity and bank-account thefts due to the fact that other players have offered details. According to our initial report, Witteles believes his banking information was stolen from a deposit he made to WSOP.com last summer. There is no connection between WSOP.com and BetM GM. BetMGM is likely to be the preferred channel for accessing the previously stolen ID and banking information. The issue of whether BetMGM has subpar standards for allowing newly-created accounts to cash out deposits without play is unknown publicly at this time.
Global Payments doesn’t offer any direct options to remove bank accounts
Global Payments does not have a way to remove one’s bank accounts from its service, which is a problem for players and gamblers who are trying to protect themselves from ongoing fraud. More than 500 casinos across the U.S. use that service, but Global Payments makes it easy to add additional banking accounts, which can contribute to the fraud. Liebert discovered that the apparent fraudster had added a second banking account to her account, though that portion of the WSOP.com payments framework is in reality a white-label overlay also maintained by Global Payments.
The process of contacting Global Payments’ customer-service department and manually requesting that bank-account information be deleted is lengthy and difficult, because there is no interactive option available for deletion of an existing bank account.
Global Payments runs its own credit check when a new user opens an account with it, and then establishes a deposit limit that may be much higher than what a gambler desires. The risk to a customer in the case of a data breach is increased by this.
In these images of a bank account that has been provided to Poker.org, the account was only used once, for a $150 deposit. Global Payments hiked that account’s deposit limit to $1,000 per week without any customer notification other than within the deposit function.
The fraudster could have tried to withdraw $1,000 per week from this account, but the account was untouched and later limited. The large number of prominent poker players that have been victims shows that the fraudster likely preferred targeting known gamblers with larger deposit limits.
Haley Hintze was the featured image source.