Barrier to fraud
Image - Shutterstock - API GUide

Mário Cardoso, Fraud & Risk Manager, Solverde.pt, spoke to iGaming Expert about the evolution of fraud and the importance of a genuine risk-based approach to KYC and onboarding.

Cardoso will be speaking during the Beyond ID Checks: The New Role of Identity in Gaming panel at the SBC Summit in Lisbon. The panel looks set to debate the panel looks set to analyse the evolution of biometrics and their in the KYC process, as well as how AI has forced a new approach to fraud.

Mario Cardoso

iGaming Expert: How can operators balance increasingly rigorous KYC requirements with the need to deliver a fast, low-friction player onboarding experience?

Mário Cardoso: I don’t believe compliance and customer experience are opposing objectives anymore. The best operators have demonstrated that both can coexist when KYC is built around a genuine risk-based approach.

The mistake is treating every customer as presenting the same level of risk. Most players are legitimate and should be able to complete registration in seconds using automated document verification, biometric liveness checks and trusted data sources.

The additional controls should only be introduced when the risk justifies them. For example, inconsistencies between identity data, high-risk jurisdictions, unusual payment behaviour or device anomalies should trigger enhanced due diligence rather than applying the same level of friction to everyone.

Ultimately, success isn’t measured by how many documents we collect. It’s measured by how accurately we identify risk while allowing legitimate customers to enjoy a seamless onboarding experience.

iGX: With the upcoming EU AML package and the creation of AMLA, what are the biggest compliance challenges EU-based operators should prepare for today?

MC: Many operators currently manage different KYC standards, reporting obligations and due diligence requirements across multiple jurisdictions. Greater harmonisation should simplify this in the long term, but during the transition it will require significant investment in technology, governance and operational processes.

I think operators should also prepare for greater emphasis on:

  • continuous customer monitoring rather than one-off verification; 
  • stronger sanctions and PEP screening; 
  • better documentation of risk-based decisions; 
  • improved auditability of automated systems; 
  • higher expectations around data quality and record keeping. 

Compliance will increasingly be assessed not only by whether controls exist, but by whether operators can demonstrate that those controls are effective and proportionate.

iGX: What role will biometric technologies, particularly liveness detection and facial recognition, play in combating fraud and account takeovers in gaming?

MC: I think biometrics are rapidly becoming one of the strongest trust signals available to operators. 

Traditional document verification confirms that a document appears genuine.

Biometric liveness confirms that the person presenting that document is physically present and not using a photograph, video replay or increasingly sophisticated AI-generated deepfake.

That has enormous value, particularly in preventing:

  • synthetic identity fraud; 
  • account opening using stolen documents; 
  • account takeover; 
  • identity sharing between individuals. 

That said, biometrics should never be viewed as a silver bullet.

Its real value comes when combined with device intelligence, behavioural analytics, transaction monitoring and continuous risk assessment.

Fraud prevention today is based on multiple independent signals rather than relying on a single technology.

iGX: How has AI changed identity verification, and what specific challenges does the technology present during the KYC process?

MC: AI has fundamentally changed both sides of the equation.

For operators, AI improves document analysis, fraud detection, behavioural modelling and automated decision-making at a scale that simply wasn’t possible a few years ago.

However, fraudsters are using the same technology.

We now see AI-generated identity documents, increasingly realistic deepfakes, automated account creation and synthetic identities becoming far more sophisticated.

This creates a constant technological arms race.

The challenge for operators isn’t simply deploying AI.

It’s ensuring that AI remains explainable, properly governed, continuously monitored and supported by human oversight, particularly in highly regulated environments where decisions must be auditable.

iGX: How can automated risk scoring and ongoing customer monitoring help operators identify suspicious behaviour without generating excessive false positives?

MC: False positives are one of the biggest operational costs in fraud prevention.

If we investigate too many legitimate customers, we increase operational costs and damage customer experience.

If we investigate too few, fraud losses increase.

Automated risk scoring allows operators to combine hundreds of signals simultaneously—identity verification, payment behaviour, device reputation, gameplay, geolocation, transaction history and previous investigations.

Rather than relying on fixed rules, modern systems produce dynamic risk scores that evolve throughout the customer lifecycle.

The objective isn’t to identify every anomaly. It’s to identify the combinations of signals that genuinely indicate elevated risk.

That significantly reduces unnecessary manual reviews while improving fraud detection.

iGX: How crucial is a rapid and smooth onboarding process when it comes to enabling the regulated sector competing with the black market? 

MC: I believe it’s absolutely critical.

One of the black market’s biggest competitive advantages is simplicity. Registration is fast, verification is minimal and players can often begin gambling immediately. Licensed operators obviously cannot compete by lowering compliance standards.

Instead, they must compete through technology.

If regulated operators can complete identity verification in under a minute while maintaining robust fraud controls, they remove much of the friction that historically pushed some players towards unlicensed platforms. I believe effective onboarding is therefore no longer just a customer experience issue. It’s also a competitive advantage for the regulated market.

iGX: How much has AI evolved the threat of fraud and what can regulators do to a real challenge in keeping up with the threat as it evolves? 

MC: AI has significantly lowered the barrier to sophisticated fraud. Techniques that previously required specialist knowledge are now widely accessible.

Fraudsters can generate convincing fake identities, automate attacks and continuously adapt to defensive controls. Regulators face a difficult challenge because legislation inevitably evolves more slowly than technology. Rather than prescribing specific technologies, I believe regulation should increasingly focus on principles.

For example:

  • risk-based controls; 
  • governance of AI systems; 
  • transparency; 
  • accountability; 
  • continuous monitoring. 

Close collaboration between regulators, operators, technology providers and law enforcement will also become increasingly important.

Fraud is no longer an individual operator problem. It’s an ecosystem challenge.

iGX: Looking ahead, what do you believe the ‘ideal’ digital identity ecosystem for gaming operators will look like, and which technologies or regulatory developments will shape it the most? 

MC: The ideal future is one where identity is verified once but trusted continuously.

Instead of repeatedly asking customers to upload documents, operators will increasingly rely on reusable digital identities supported by trusted identity providers, government-backed digital wallets and interoperable verification frameworks.

Risk assessment will become continuous rather than event-based.

AI, biometrics, behavioural analytics, digital identity wallets and real-time data sharing will all contribute to dynamic trust scores that evolve throughout the customer relationship.

From a regulatory perspective, greater European harmonisation should help operators build scalable solutions rather than maintaining multiple fragmented compliance models. Ultimately, the future is less about collecting more documents and more about building greater confidence in digital identity.

iGX: Why is it so important for industry minds to come together at events like the SBC Summit Lisbon? 

MC: Because fraud evolves faster than any individual operator can respond alone.

Criminal networks share knowledge.

Technology evolves globally.

Regulation continues to change.

The industry benefits enormously when operators, suppliers, regulators and technology providers exchange experiences openly.These conversations accelerate innovation, improve collective resilience and help establish common standards.

For me, one of the greatest values of events like SBC Summit Lisbon isn’t simply discovering new technology, it’s understanding how others are solving the same challenges, learning from their successes and mistakes, and building relationships that strengthen the integrity of the regulated gaming industry as a whole.