Matched betting is a form of online gambling fraud that’s a headache for companies who don’t want to waste promotional budgets on unprofitable players. Yet it’s wildly popular, with countless posts on sites like Reddit trading tips on how to pretend to be gambling in a way that avoids risk but comes out ahead with free promo dollars.
Matched betting can be tough to detect, particularly when bettors use a type of multi-accounting called gnoming to hide their identity. Gnoming is a form of new account fraud in which a player opens a new account in the name of a friend or family member. It appears to the iGaming site that a completely new person has opened an account, but in reality it’s the same player as before.
This post talks about what matched betting is, how it works in the context of new account fraud, and how iGaming companies can quickly spot players who repeatedly open fake accounts.
What is matched betting?
Matched betting involves opening a new account to claim a welcome bonus and then placing mostly equal and opposite bets with your own money. For example, a player finds a football match with similar odds for and against, and then places bets to cover both outcomes. The gain and loss from those bets nearly cancel each other out, and the player gets to keep most of the welcome bonus as profit. Some sophisticated matched bettors even use software to maximize earnings.
What are gnoming & multi-accounting?
Many welcome incentives are worth small amounts of money, such as $5 or $10, so most players who engage in it open many accounts to make the strategy worthwhile. This process of creating new accounts under false pretenses is called multi-accounting. Matched bettors often create multiple accounts on many iGaming platforms to maximize the amount of bonus money they can collect.
Gnoming is a subset of multi-accounting. It involves a player asking a friend or relative to share their personal details, such as ID cards, address, utility bills, email, or banking information, so they can open new accounts using that person’s identity. Sometimes the player offers cash or a share of profits in exchange for those details. Since the other person is a willing participant, this isn’t identity theft.
Gnoming is useful for matched bettors whose previous accounts have been banned (or gubbed in industry parlance), or it can simply allow them to claim another bonus.
Why gnoming is so hard to detect
Gnoming can fly under the radar of fraud detection programs because the matched bettor is using details from a real person who has willingly provided genuine identity information.
For example, in 2023, a UK gambler was convicted of fraud for opening more than 1,000 new accounts on a gambling site using details from 150 people he recruited with the promise of a 10% share of the profits. This expansive matched betting scheme netted around $300,000, although the fraudster was prevented from withdrawing some of the funds from accounts frozen for suspicious betting patterns.
He is not alone. Websites have offered to pay people cash for identity documents such as passports or driver's licenses. Gambling syndicates use these details to open accounts at scale for matched betting or to get around previous bans.
Gnoming may not be strictly criminal depending on the jurisdiction, although it almost always violates the company’s terms and conditions for play. Multi-accounting that involves the use of stolen or synthetic identities is straightforwardly illegal.
Red flags that may indicate gnoming or multi-accounting
Even though the details of a new player’s identity may be real and verifiable, there are still signs gambling companies can use to spot gnoming:
- Multiple accounts are being created with the same device or IP address. While fraudsters may be using a genuine new identity when opening the account, they often use the same devices associated with previous accounts.
- Accounts are being created with VPNs or privacy-focused browsers designed to hide geolocation. Matched bettors want the new accounts to appear as though they are coming from people in different geographical locations.
- An account is opened with a spoofed browser. Syndicates that operate at scale may use additional tactics such as these, designed to obscure the origin of the new account.
- Quick withdrawal of funds after wagering requirements have been met: Matched bettors take money out of their accounts as soon as they’ve wagered enough to meet the terms set out for claiming the bonus. When multiple accounts associated with the same device engage in this behavior, it’s a likely sign of gnoming.
The most important piece of this puzzle is the ability to look past spoofing techniques to detect when a fraudster is opening multiple accounts on the same device. By knowing when many identities are associated with the same device, you can look harder at the behavior of those accounts for evidence of matched betting tactics.
How to prevent gnoming without adding friction
Legitimate new players give up easily when it’s hard to open a new iGaming account. There are already many Know Your Customer (KYC) and anti-money laundering procedures players must go through to establish identity. Adding further checks or even slowing the process down has the potential to frustrate the customers you want into giving up.
Device and browser fingerprinting, collectively called device intelligence, allow you to identify a return visitor to your site without slowing down load times. It works entirely in the background and in real time, so you as the site operator can see when a visitor is returning with different user credentials.
How to detect gnoming & multi-accounting with device intelligence
Device intelligence relies on durable browser, device, and network signals that are difficult to obscure or change. These allow you to distinguish one device from among billions of others, even when a user visits in incognito mode, clears their cookies, or uses a VPN. Each device gets assigned a unique visitor ID so you can see when a single device is opening multiple accounts.
Fingerprint makes it easy for you to get high-accuracy device intelligence that won’t impact customer experience, and it works better than device identifiers like IP address or cookies, which are both easy for fraudsters to circumvent. The visitor ID number Fingerprint generates can remain stable for months or even years, allowing you long-term visibility to help identify gnoming and other forms of fraud.
Fingerprint identified more than four billion unique devices in 2024, and we use more than a hundred signals for industry-leading accuracy rates. We also offer Smart Signals, which include features like bot, VPN, and rooted device detection for devices you don’t yet have an ID for, so it’s easier to spot sophisticated fraudsters trying to conduct fake sign-ups at scale.
