Episode Transcript
[00:00:01] Speaker A: Welcome to iGB podcast iGaming Checkup with Dr. Eyal. Brought to you by iGB in partnership with RubyPlay. I'm Dr. Eyal. I've been passionate about games and the people that makes them for many years. Humans have been playing games of chance even before we could write. So what is going on here?
Why gambling games are so central to experience as a species, and why something as simple as a slot machine is also the hardest game to make sure.
There are plenty of igaming podcasts out there covering industry trends and headlines, but this isn't just more of the same. We are here to challenge assumptions, invite sideways thinkers and industry outsiders, and explore the complexity of an ever evolving, fascinating and innovative space. If you are ready to think differently about igaming, you are in the right place. Let's go.
I'm joined today by Ozric Vondervelden, the CEO of Greco, to discuss monsters lurking in the igaming jungle. So different issues like player abuse, hacking and all kinds of those things. Shredding, mystery. So we thought it'd be a really cool conversation to discuss those kinds of elements.
But Ozric, before we start, I always have my hair tied up in a bun. Today I didn't because I see in all your videos, in all your interviews, you always have your hair out. So I thought I'm going to get this measuring tape today and I'm going to measure how long my hair is. How long is your hair? I think mine is longer than yours.
Yeah, look, I think. Let me just, let me just, just. I'm gonna. I think so. Yeah, I think, yeah, I got, I got like 75 centimeters.
[00:02:03] Speaker B: Nice.
[00:02:04] Speaker A: What, what do you reckon?
[00:02:05] Speaker B: It's, it's really just through laziness that my hair has got this long. I cut it maybe once a year.
[00:02:12] Speaker A: All right. And now two long haired guys going to be talking about monsters in the jungle like two, two nights to paladins going and storming.
So can you tell me a little bit about Greco, you know, your company and also when we talk about bonus abuse, what does it actually mean?
[00:02:33] Speaker B: So Greco, we look for risk in gameplay, which is something quite unique compared to other risk tools out there.
What I consider bonus abuse is when a player is taking value and optimizing that value consistently.
So it's a player that long term is destined to be negative value and that encapsulates many different behaviors. There's many.
Bonus use is a very broad term for a lot of individual behaviors, but all of them result in one thing and that's that the player takes value consistently.
So the most common form is like advantage play, where they play the opposite as they're intended, but they, everything they have in their control, they optimize. So the volatility, the RTP, the stake sizes they use, they optimize these things.
And it can be considered quite innocent. It's not, it's not illegal, it's not, it's not breaking any rules with the operator.
But the problem is that this is a positive value for the player. And so if they can repeat this process, they can print money. And that's the big risk that the industry has to tackle.
[00:04:00] Speaker A: So the thing is, you know, for example, for me, first time when I heard of the idea that you have a game.
So here we're talking about a reality where there's no bug in the game, there's no exploit, an actual exploit to take advantage of. The game operates as it should. The operator's bonus system operates as it should, but players manage to actually extract value that they were not supposed to.
The value is there to say, encourage new installs to, to encourage new deposits and that kind of thing. But then the players end up through a different kind of means. Get out, get out. Money. Printing money, like you said, from the operator. And it blew my mind. Like I thought, how is this possible? Is the, is the RTP of the game is too high?
And I even talked with a few operators that initially when they noticed it, they said everything seems to be fine, but we're losing money.
And to me that seems to be really strange. And at the time I was actually working designing one of our persistent state games called Immortal Waste. And what I realized is that in some persistent games, if you can actually see on the screen, the player can see that this spin has statistical advantage, has a chance of actually having RTP above 100.
Then they can manipulate the bonus system by using free play to put the game in a state that has an RTP above 100 and then use that free play on all the bet levels, going one bet level, second bet level, third bet level, so on, so on, so on. And then by that time they run out of the turnover they were supposed to do, get into the actual deposited money and then extract the value one after the, after the next on all the bet levels. And, and then they can actually really scale this up by actually having multiple accounts.
And for me, as a game designer, as a mathematician, I have a PhD in maths, it was this really interesting problem. Can we actually make something in the game itself to prevent this kind of Behavior to prevent the ability of a place to actually predict that the game is in an RTP above, above 100. And in immortal ways we I managed to solve this problem. It was really, really interesting problem to solve. And as far as I know like immortal ways as a persistent game doesn't have that, that issue. But some of other persistent games, even from RubyPlay definitely do have the issue where, where I would not recommend for operators to take those games and include them in the, in the bonus. In the bonus scheme because they are theoretically open to abuse.
So I found that, I found it amazing. I found it amazing that players can actually, like you said, do everything right, play by the rules and then end up extracting value. And then it made me wonder, you know, are there any areas when something like this happen and how do you go about kind of like monitoring that?
[00:07:06] Speaker B: Yeah, so this, so the first example I go around advantage play, I'd say that's not breaking any rules. When it comes to what you described like abuse of persistent slots or abuse of bonuses using persistent slots, quite often this is defined in the terms and prohibited, but operators really struggle to identify it.
I mean there's over 2,000 of these games and many of them make up some of the top games.
And so by blocking all of these games it's a, it's a real problem for operators because they're kind of ruining the experience for all of their players just because of the actions of a few players, you know, and it's, it's not great for the studios either because I'm sure you have this problem. But games being blocked during bonus flow.
And the thing about these games is they, they are interesting and they're good games. This added layer of suspense within the game which players really like and it's the reason they're quite often so popular.
We built a solution for this. The way that we do that I don't mind explaining is we test every single slot release. So we actually have a team of developers.
Every new release.
We go in, we play, we run some simulations. We understand if it's a persistence game. If it is, then we identify what strategy a player would need to adopt to optimize the amount of value they can store in the game. That might be say 9 spins and stop or some games are not simple, strict non spins, but maybe there's a margin of deviation, you know, like a bell curve and it's going to be between 20 and 50.
So we map all of this, every game and then what we do is we take a real time Feed of the operator's gameplay data and we're looking at every player to understand if their gameplay matches the behavior.
We would expect to see if someone's exploiting their head. That allows us to separate someone playing it genuinely and someone that's not playing it genuinely. And it means that rather than penalizing all players, you can just identify the small segment of players that are actually exploiting it.
[00:09:40] Speaker A: So you create exploit signatures for the different games and then look in the data for those exploit signatures and then you can actually monitor this way and, and tell operators that hey, I'm identifying those signatures and then I believe that you have some abuse on your system.
[00:09:57] Speaker B: Exactly that, yeah.
[00:09:58] Speaker A: So who would you say like most of your target customers are operators or do you actually work with suppliers as well?
[00:10:05] Speaker B: It's just operators we work with, although several suppliers.
This benefits a lot of studios as well because it means they're going to get to stay live on the, on the site doing boneless flow. And so we, we have some studios sharing data with us to make sure that we stay ahead of testing the games.
But our clients are our operators.
[00:10:32] Speaker A: But to me it sounds like you have an interesting side business going there. You know, like is there like a Graco Gray Greco that comes in and actually construct those systems and say, hey look, we maybe can make more money exploiting those, those signatures that we found because do you really think that this is something that can be a big business?
[00:10:56] Speaker B: I don't know if you know much about my background, but this used to be my background. This is how I started for partially cheating casinos. And actually the database of the persistent slots we have today started before working in the industry. It started when we were doing it recreationally. So it is, there is big money on it. It's not something I'm personally interested in or interested in enabling, but there's definitely money and we see that with our clients as well because we flag these players.
We did a case study a few years ago where we identified millions in losses for a single operator in like a two week window.
Wow. It can be huge. And the problem is there's all these forums and communities or multi family groups, whether even thousands of accounts.
Once I have the confidence it works, we scale it very quickly and this is the challenge.
[00:11:59] Speaker A: But a recent interview I've seen you conducting with someone who are anonymous and he was talking about, about he's running a little operation, he's making about a million euros a year or something like that by actually identifying those exploits.
And another point that he made Which I found quite interesting, actually. Quite important is that he always goes after really large operations, he doesn't go after small operations and he always stay under really small statistical threshold, which I think it's. I think it's actually quite interesting because, you know, in the imagination, you know, when you think about abuse, you know in the movies, when you see Casino Abuse, a James Bond movie or some, you imagine someone walks in and literally walks out with a casino with a big sack with all the money on their back. But in reality it doesn't work this way. It's a lot more refined, it's very grindy, it's very silent, it's very long term, it's not very sexy in a way.
But yeah, it's really. It's a numbers game and you just want to stay under some kind of a radar, which makes it very, very hard for igaming operators and in general to identify those behaviors because if they're done correctly, you would barely notice them.
[00:13:26] Speaker B: Yeah, there's really the interview with stalker that you're referring to.
So I would say he's sort of, he's quite big in the game.
A lot of abuses, individual people even just using their own identity and own accounts. But to scale in the way that he has and many others like him, there's really two parts to it. The first part is finding a strategy of converting a large amount of value from a promotion. And then the second part is finding a way to scale it. And usually that requires sort of reverse engineering the thresholds that the operators have. So if they have a withdrawal in it, they stay below the withdrawal limit. Right.
In terms of account creation, if they've only got a hundred new players a day, creating a thousand in a day is going to cause a problem. Right. So that's a big part of scaling for bonus abusers is sort of studying the operator and understanding how to stay under the radar.
[00:14:30] Speaker A: You know, it's like with Bletchley park in the Second World War when they cracked the Enigma.
There was a second team that was doing even more important work was how to actually show that the Allies armies being lucky, guessing what the Germans are doing are just at the level of being lucky and not at the level of cheating.
So the math actually on not the side of the abuse, but the side of how to manage abuse can be a lot more complex.
The statistics of it can be a lot more complex. And it's very fascinating as well, I think.
But I was wondering, you see, you've got all kinds of different types. To me, bonus abuse Feel like more neutral. I'm just taking advantage of, of a system you created. But do we have singles? You could say a bit more like, you know, things like money laundering elements, criminal elements, hacking elements. This kind of behaviors are these, are these, are these things that are rife in, in igaming?
[00:15:29] Speaker B: Yeah, to varying degrees. So with money laundering there's, there's only a few ways you can really money launder.
Now I'll start by saying that there's a big incentive to money launder through the gambling industry and that's because it's outside of fintech. It's one of the only industries where it's sort of cash in and cash out and there's no tax in many, many jurisdictions.
So it's, it's the perfect foundation for money laundering. If you can get money in through one person and out for another person, then, then you can feed money in a very cheap way.
But the way that's done is through multiplayer skill games like poker.
Then there's match fixing if you need to move money one way and then there's depositing with one payment and withdrawing to another payment method.
I would say all of these things can be managed pretty well.
And where, and where these problems do exist usually are failures of the operator.
So the simplest thing to fix is if player deposits with one payment method, they should withdraw to the same method, right? They should be able to withdraw to another payment method or another card or so on. But I'll give an example about with the persistent slots, right? You can actually hide that money in persistent slots, make the balance 0, then add a new payment method, release those funds, withdraw onto the other payment method. So it's like an example of how content can be used to essentially facilitate money in it.
There's other ways of doing this with various sort of content and bonus engine and to motion and incompatibility between different functions is where these kind of problems.
But with hacking we've had an increase in the number of operators that have come to us saying they suspect there's an issue with a particular slot.
And I'm not a hacker myself, but I have toyed about a little bit and so I've used ChatGPT to sort of explore if it can just identify the request fields from the sort of developer tool within that in that API and push different messages to see if I can mess about.
I've had to do this just with demo again. So I, because I'm very conscious of not actually doing something wrong, but I think AI is causing an issue and where that kind of thing is accessible to everyone right now. And there's definitely a pattern between the different kind of games operators reporting issues with and it's where they have complex request fields. We've also had an increase in reports from operators of sort of local hacks as well or their wallets being compromised and so on. But also with just bonus abuse with the persistent slots with the advantage play with the array of behaviors this relies on to really have an impact on operators. It relies on players scaling this so they're using this across many identities. So this is where it crosses into something a bit more serious where players are using stolen IDs or scraped databases, this kind of thing in order to actually scale the process of abuse in order for them to print money.
[00:19:19] Speaker A: But you see like if you like put igaming aside and just think in general like generally speaking do we see this kind of behavior in under industries that have like real money element and do we see this kind of behavior in general in any kind of a gaming context?
[00:19:37] Speaker B: I. There's. There's some things that overlap with other industry so you know, verification tools and device fingerprinting tools. These are you know, cross industry solutions which go some way in managing multi accounting. But when it comes to actually the. The gameplay element it's. It's very. It's unique to this industry.
And this is the issue. There isn't broad industry solutions that will just plug in and, and solve these problems. They have to be built within the industry.
Which is, which is partly the reason for what we're doing because there was a sort of over dependence on multi industry solutions that just didn't cater to tool for gameplay or understanding what is the player doing, what is the margin on this bet, what is the behavioral pattern of their play.
There isn't really anything out there besides what we're doing and besides operates in sort of in house built solutions.
[00:20:38] Speaker A: But I think like generally speaking again like even the math of many of those games, of those systems, it's very, very complex. Like you can even. There's something called the St. Petersburg paradox where you can actually build a lottery system where the theoretical parity is infinite but the game is not worth much. Like it's not worth much for you to play it. Even though the RTP is infinity.
That doesn't. Makes no sense.
You know, when in the past when I was designing games for free to play, free to play social casinos, I had to recreate the whole player runes formula because the house has infinite coins, right? So there's no gambler ruins element applied on the house because each player is in its own little universe and therefore the whole math changes. So you find that understanding at a really deep level those different gaming system and then understanding those how to actually get edge. And what's the impact on the math? It's, it's a, it's a wonderfully complex and interesting project on its own, which I think that you're probably going to be in this constant cat and mouse chase where you'll have more robust systems of identifying those fingerprints, as you said, of the different play behaviors.
And then as you do that, there will be ways, still ways of actually trying to find out how to extract value that not intended in a way that is not, you know, not, not particularly aggressive, not about hacking or social hacking, but literally just playing the game as is from, you know, off the shelf and still finding ways of, of playing, playing it on edge.
[00:22:42] Speaker B: The principle is always the same.
The challenge for us is the content always changes, as does operators. Boom. Extensions. So want to come up with a new creative way of managing promotions? There'd be a new kind of content that means that we have to kind of dive in and do some new research to understand what risks are associated with it. A recent one was, you know, the games where multiple players bet behind a single slot game and players can buy in and out of these games at any point.
There was a big issue between that and persistent slots because players could buy in just on the, on the winning spin. And so it's new things like this every time something new is created. We have to, yeah, we have to go and research this and understand what kind of problems it could cause.
[00:23:35] Speaker A: You know, I think there's another element to this that has to do with games in general, which I think is worth thinking about, that different players have different motivation when they play games, any kind of games. There was a study done in the 80s and 90s on MMOs about the different motivations of players that created something called the Battles. Taxonomy was created by a guy named Battles. And he looked at the different types of players and the players. Essentially there's the game world, right? And you either act within the game worlds or interact within the game worlds. And then there's the players.
So it's either acting, interacting players or world. And he found that some players, their motivation is to interact with the world.
And for some players, their motivation is interacting with other players. You know, so some, some players is, is acting within the world. So, so, so you get these, these achievers, you get the socializers you get the killers you get and then you've got the hackers or the explorers. And those are the ones, as I said, like interacting with the world.
And it seems that those players were always the ones that you won't be able to monetize because they are the one that, you know, they play their game against you, the game maker against you, the casino against you are the game, not the game that they play.
And what we find consistently in games over the last 30 years is that actually when you create the right environment, it's those players that are playing their game against you are the best monetized, the most retained, the most engaged players. And it kind of makes sense because they're continuously in this chase of teasing and testing you and interacting with your product to try to find a simit. But they might even enjoy interacting with the product and they do it a lot more than others.
And they are often also the best players if you actually manage them correctly. So I found that quite fascinating.
[00:25:38] Speaker B: I guess the comparison for bonus abuse is you keep giving retention offers to these bonus abusers. They will be your best players, they will play forever.
And they're also the loudest when, when it comes to any kind of opinion, any kind of feedback. What I notice a lot is on trustpilot, all the reviews are essentially bonus abusers.
I think they can be the most invested for sure.
[00:26:12] Speaker A: Okay. I'm just conscious of time here, so I think it's quite an interesting conversation. We covered a lot of things.
Do you think that we will reach at the point where you'll have no monster in the igaming jungle?
[00:26:29] Speaker B: I don't know.
I think everything's changing with AI at the moment.
It's hard to see where everything will be in even three, four years. Right.
What I do know is that it's AI is really democratized.
It's much easier to find ways of exploiting operators now and it's also much easier to produce solutions.
So I don't think there's an end in near sight, that's for sure. I think it's going to be an unreal battle.
[00:27:06] Speaker A: Might not be like a jungle, but more of like a Star wars kind of futuristic, you know.
[00:27:14] Speaker B: Exactly.
[00:27:15] Speaker A: Okay, so thanks Ozric.
Thanks for spending this time with me and yeah, hopefully see you again soon.
[00:27:22] Speaker B: Thanks. Thanks.
[00:27:24] Speaker A: Thanks for tuning in to this episode of iGB podcast igaming Checkup with Dr. Eyal. There's plenty more to come, so stay with us for more eye opening, thought provoking and stigma challenging conversations that dig deeper into the world of igaming.
