The European Gaming and Betting Association (EGBA) has established a new expert group to help support and coordinate the efforts of its members to counter the latest cyber security threats against gambling websites. The group will enable EGBA members to share information with each other about the latest cyber threats and attacks, cooperate to track and resolve incidents, identify and solve security vulnerabilities, and implement the latest best practices in cyber security.

Gambling websites are an increasingly lucrative target for organised and professional cyber criminals who deploy a range of sophisticated methods to try to access player accounts, and steal funds and customer data stored within these. According to cyber security firm Imperva, automated cyber threats[1] accounted for 28% of all global traffic to gambling websites in 2020. Cyber threats are a particular problem during major sporting events and increased 96% year-on-year during the European football championships in 2021, with UK and German gambling websites particularly targeted. In 2019, EGBA members prevented at least 550 major cyber-attacks against their European websites.

The group will facilitate cooperation between EGBA members to support their active, early detection and responses to cyber threats, strengthen individual and common security practices, and prevent malicious activities against their customer bases, including protecting against theft of funds and data breaches. The group comprises cyber security experts from EGBA members and the scope and type of data to be shared in the group has been established through a Memorandum of Understanding.

Participation to the group is open to gambling operators which are not members of EGBA, provided they comply with a number of principles to ensure the highest standards in cyber security and data protection are maintained.

“We have launched this expert group to encourage and establish a much-needed platform for cross-industry cooperation on cybersecurity issues. Cyber criminals are increasingly determined and sophisticated in their efforts to try to hack into gambling websites to steal customer data and money. Cyber threats tend to be cross-border in nature, affect operators in the same ways, and are a common threat to the industry. That’s why it is crucially important that operators work closer together to strengthen cyber security protocols and procedures, find common solutions to the latest threats and security vulnerabilities, and implement the highest security standards.” – Maarten Haijer, Secretary General, European Gaming and Betting Association (EGBA).

Examples of cyber threats to online gambling websites

• Distributed Denial-of-Service (DDos) Attack: DDos attacks make a website or app slow down or become unresponsive by flooding it with artificial website traffic and are problematic for gambling websites because website speed and performance are crucial to the real-time nature of sports betting.[2] Website latency or outage can result in loss of revenue, poor customer experience, brand damage, and loss of customers to competitors.


• Account takeover (ATO): Bad bots mimic legitimate login activity to gain access – through credential stuffing and cracking – to player accounts. This type of attack can be lucrative because funds and financial information, such as bank card details, are stored in player accounts. Like with many other sectors, ATO is the biggest cyber threat to the gambling sector and can lead to the theft of a player’s money and private data.


• Odds / price scraping: This is a specific issue for gambling websites. By using bad bots to scrape betting odds from multiple gambling websites, cyber criminals can obtain valuable insights which help them to predict betting results more accurately and to decide on which websites they should place their bets, to maximise profits. Operators may also use price scraping against their competitors and use the insight to advance their own market position.


• Promotion abuse: This happens when bad bots are deployed by cyber criminals to perform large-scale account creations in order to abuse a special promotion, e.g. a free bet promotion for new customers on the World Cup 2022 tournament, and then capitalize unfairly on the promotion.


• Credit Card Fraud: Cyber criminals also try to access player accounts to test credit cards numbers to identify missing data (exp. date, CVV, etc). This damages the fraud score of the gambling operator and increases customer service costs to process fraudulent chargebacks.