Why iGaming fraud is moving past player verification

Suspicious transaction volumes in iGaming rose 4.5-fold in the year to Q1 2026, according to Sumsub’s 2026 iGaming Fraud Report, as fraud attempts were increasingly detected after players had passed verification.

The report said the average flagged value increased from $3,960 to $6,500, while global iGaming fraud reached 1.53% of verification attempts.

The figures add pressure on operators in regulated markets, including Malta, where licensing, payment oversight and anti-money laundering controls already face close scrutiny.

Identity checks remain central to onboarding, of course, but the report points to a broader exposure: fraud risk is moving into account behavior, transaction review and withdrawal monitoring after approval.

The numbers have moved past the sign-up page

The 4.5x jump is the eye-catcher, but the surrounding data gives it bite. Sumsub said its annual report drew on more than three million fraud attempts observed across iGaming verification processes between 2024 and 2026. In Q1 2026, the global iGaming fraud rate reached 1.53% of verification attempts, up 18% year-on-year and nearly 40% higher than 2024 levels.

That is still a small share of total player activity. Regulated gambling cannot treat every customer like a suspect without damaging the legal product. The friction has to land in the right place. The rise suggests fraud teams are dealing with a persistent layer of risk, not a temporary payment-route spike.

Faster verification has created a narrower window

One of the stranger findings is that genuine players are moving through checks faster while fraudsters are taking longer.

Sumsub reported that verification speeds for legitimate users doubled over the past year. Fraudulent actors, meanwhile, spent 4.6 times as long completing verification as genuine customers did.

A low-effort fake account tends to collapse quickly. A slower attempt can indicate that someone is testing documents, adjusting images, or returning with a cleaner-looking profile. KYC checks still matter, but they work best as the opening filter, not the whole defense.

Operators want smooth onboarding because delays cost customers. Compliance teams need enough friction to catch risk before money moves. Fraudsters live in that gap, learning where the system asks hard questions and where it quietly waves activity through.

AI has changed the cost of bad behavior

Artificial intelligence has made fraud cheaper at scale. Fake documents, synthetic faces and face-swapping tools are no longer fringe worries reserved for the largest platforms; they are part of the daily background noise for many verification teams. Account farms and liveness bypass attempts now sit in the same risk file.

The issue is volume as much as quality.

One clumsy fake document can be rejected in seconds. Thousands of plausible attempts can slow reviews, distort risk scoring, and leave manual checks trailing the attack.

That is where online gambling fraud begins to look less like a single security incident and more like an operational strain.

Slots, payments, and trust now sit in the same conversation

Slots are often discussed in terms of the visible aspects of the experience: game range, volatility, bonus terms, and withdrawal speed. A player comparing ranked lists of the best UK slots sites may focus first on those features, but the underlying trust question is becoming harder to separate from the product itself: what happens after an account looks clean?

The question is sharper for casino and slots platforms because the transaction rhythm can be tight. Deposits and withdrawal requests can arrive close together. When fraud appears after onboarding, transaction monitoring becomes part of platform credibility, not a back-office extra.

Linked accounts, unusual payment patterns, and sudden behavioral shifts can indicate a risk of financial crime. They can also expose the thin parts of a customer monitoring system.

Malta’s compliance lens is getting sharper

For Malta specifically, the report lands on familiar ground. The country’s gaming sector is tied to cross-border licensing, remote operations and regulatory reputation, so fraud signals don’t sit neatly inside one compliance department.

The Malta Gaming Authority’s interim report for January to June 2025 said 11 AML/CFT compliance examinations were initiated and 11 were concluded, alongside 87 thematic reviews.

The MGA has been tracking unauthorized online activity too. In the first half of 2025, it reviewed 75 URLs and found 34 that contained fraudulent references to the authority or its licencees. That is different from a forged document or suspicious withdrawal, but the reputational weakness is similar. Trust can be copied before a customer notices anything is wrong.

For operators connected to Malta’s ecosystem, identity verification is only one link in a longer chain of trust. Licensing, payments, affiliate visibility, and account monitoring have to support the same story.

The next test comes after approval

The industry has spent years making onboarding smoother. Faster checks for genuine users are useful, especially where legal operators compete with unlicensed sites that promise speed without much scrutiny.

The harder task is the quieter one: spotting risk after the welcome email has already been sent. Fraudsters are learning the shape of compliance systems and then probing gaps among verification, payment review, and ongoing monitoring.

That makes the rise in suspicious iGaming transactions more than a fraud department problem. It touches product design, staffing, payment partnerships, and public credibility.

The safer platforms may not be the ones with the loudest claims about verification, but could be the ones still paying attention after the account has already been approved.

Disclaimer: Play responsibly. Players must be over 18. For help visit https://www.rgf.org.mt/.