Gamshielf case study: working together to combat fraud Developed for Cybercrime, Security and Regulatory Compliance conference at ICE Totally Gaming Gamshield is a not for profit co-operative which includes some of the sector’s biggest names in betting, gaming and spread betting, all of which are fully licensed, and regulated in Tier 1 jurisdictions. Our mission is the detection and prevention of fraud in the gaming industry. Gamshield was started back in 2002 as a result of a number of like-minded fraud and payment managers sharing their concerns about the cost of fraud to them individually and to the industry generally. Our members meet on a quarterly basis in London with phone conferencing facilities for those members based out-side of the UK that are unable to join us in person. There is also a secure, members’ only online forum to enable users to raise concerns, and share knowledge and best practice regarding suspicious or confirmed fraudulent transactions. By sharing our combined knowledge, experience and resources across the industry, we have been able to take a united approach to combat fraud, that has been invaluable to our members, in terms of protecting both reputation and revenue. A proactive attitude to fraud prevention, with members reaching out directly to law enforcement and bank fraud teams has led to a number of successful prosecutions of prolific fraudsters and recovery of losses to the relevant business. As a direct result of our organisation, police forces have been able to make contact directly with members in order to discuss complex cases that may involve a number of organisations being targeted by one or a group of individuals. This pooling of evidence has proven to be beneficial in building a stronger case and achieving the appropriate result in court. CASE STUDY: The following case study shows how by working together, the Gamshield community and law enforcement were able to firstly initiate a successful prosecution, and thereafter track and identify one individual’s subsequent attempts to defraud the gambling sector using a number of different guises, each time resulting in a successful prosecution as detailed below. Alistair Peckover - aka William Graeme Peckover, aka James Green, aka Stephen Chalk (to name but a few of his known aliases) Between 2009 and 2010 Ladbrokes and Sky Betting and Gaming, together with a number of other operators, worked with Sussex Police to provide evidence against a computer hacker called Alistair Peckover, resulting in him receiving a custodial sentence. Mr Peckover had already received a suspended prison sentence in June 2009 for hacking into several bookmaking sites to make a large profit for himself by manipulating payouts using computer programmes he had written to guarantee no loss when playing and making thousands of pounds. The Daily Telegraph (June 2010): Alistair Peckover, 21, systematically defrauded legitimate online businesses and unsuspecting members of the public with his self-taught computer skills. Peckover, of London Road, Hailsham, East Sussex, was jailed for 20 months at Southend Crown Court in Essex after admitting two counts of fraud. A further 50 offences were taken into consideration, Sussex Police said. Using sophisticated computer programmes, some of which he wrote himself, ''obsessive loner'' Peckover remotely viewed files of other computer users without their knowledge or consent. Systems by Google and BT were misused by Peckover who breached security barriers to target online betting sites and individual email accounts. In one scam, Sussex Police said he was able to access the email account and the password of everyone that had bought an item using BT Openzone, which enables people to access the internet wirelessly. Using this pool of personal information, Peckover then searched to see which of them had a GMail email account, then created a list of more than 500 people whose email addresses he had obtained. Police said Peckover then placed "filters" on all the email accounts. Any email that contained key words including "sort code", "exp" or "amazon" would be deleted from the user's inbox without them knowing. The email would be automatically forwarded to him so he could use it for his own purposes. Using a computer "fake mail" programme, Peckover would take the identity of the original sender and continue correspondence with the victim. Police said Peckover's victims stretched across the world, and with the personal information he illegally obtained, he used credit cards belonging to others to buy gifts for himself and loved ones. He also took rent money somebody had been paying their landlord via bank transfer and directed money to himself that someone had put aside to buy a car. Detectives seized a Porsche from Peckover, as well as £40,000 in cash stuffed in two containers, a Breitling and Rolex watch, six computers, a Nintendo Wii, a Pioneer car stereo and gold bullion. Passports in three names he used were also found. In a further scam, Peckover stole the identities of unsuspecting people to open gambling accounts with Ladbrokes and SkyBet. He had already received a suspended prison sentence in June last year for hacking into gambling sites and making a large profit for himself. But just two months later police said he was breaking the law again, by hacking into BT Openzone and gaining details of people's email accounts and their passwords. He then used one of the identities to open a gambling account. Police said he later admitted all the offences and to cheating on several other gambling sites. Profits he obtained from his method of deception were often moved into one of his many personal bank accounts, and some of it would be spent on expensive items. Without the assistance of the gambling sector, the full extent of Peckover’s crimes may very well never have come to light. It was only by joining all of the dots that the full extent and value of monies misappropriated could be assessed. Sadly this was not the end of Mr Peckover’s activity, and the gambling sector again was instrumental in alerting the appropriate authorities to his activities. Crawley News (August 2012): William Peckover, formerly known as Alastair Peckover, used sophisticated computer programmes to remotely view files that another computer user was viewing. He could then gain access to their computer and steal data, including personal details. Peckover, 23, of Sheppey Close, Broadfield, had been convicted three times in three years of hacking frauds. And on July 20 Sussex Police successfully applied for a serious crime prevention order at Croydon Crown Court. The order lasts five years and prevents him using any name other than his official name, William Graeme Peckover. It also forbids him from carrying more than £1,000 in cash on him at any time, and restricts the number of bank accounts and internet-accessible devices he can hold. In addition he must supply details of his financial status to the police every four months for the next ten years and pay back £47,000 of criminal profits within six months. This is the first time such an order has been obtained by Sussex Police. In June 2009 Peckover was sentenced to 26 weeks in prison, suspended for 18 months, after admitting hacking into the systems of an online spread betting company to obtain £39,000. In June the following year he was sentenced to 20 months in jail after pleading guilty to similar frauds – spending the profits on a Porsche sports car, expensive watches and more than £30,000 of gold bullion. He was subsequently told to pay back £124,000, which has mostly been paid back. Then, last year, he was sentenced to 27 months in prison for further frauds from which he gained more than £33,000. Detective Inspector Ali Eaton states on her Sussex Police blog: Back in July I blogged about our first successful Serious Crime Prevention Order (SCPO) on Alistair Peckover, a serial fraudster. Peckover had been convicted of fraud for the third time in three years and we were hoping that the stringent conditions set in the SCPO would have prevented him undertaking any more criminal activity…..wrong!!! Peckover breached his SCPO last week and also committed further fraud. He assumed two new identities using the names James Green and Stephen Chalk. Using both identities he opened up multiple gambling accounts with on-line casinos, giving false addresses, email accounts and fraudulent proof of identity. He then discovered a way to manipulate on-line games to guarantee no loss when playing and making thousands of pounds. One of his scams was betting on red or black in roulette. He would gamble £1000 on red but also £1 on black whilst running the software. If red came in he would joyfully collect the winnings but if it was black the bet was cancelled and he would simply play again! But not so clever as he has been caught by us, arrested and charged with 4 offences of SCPO breach and 2 new fraud offences which are: Making a false representation by claiming he was entitled to money from the Green account (£31 000) Making a false representation by claiming he was entitled to money from the Chalk account (£14 500) Peckover pleaded guilty to all the charges at court and has been remanded in custody. Good work by our Major Fraud Team. Thanks to the highly regulated industry that we find ourselves in, Gamshield members have become experts in their respective businesses as a matter of necessity with an excellent skill set covering issues involving; Fraud, KYC, Compliance, Financial Crime, Payment Processing to name but a few. The sector has changed enormously since Gamshield was formed at the start of the .com online boom. Historically a forum for online operators, the last decade has seen massive regulatory and technological changes resulting in a greater emphasis on due diligence, social responsibility, managing a greater range of payment methods, products and channels. Back in the beginning there were a number of challenges faced by our members, not least internally within our own organisations to prove that information sharing of our fraud issues was not commercially damaging and was in fact a good way of ensuring any fraudster ‘doing the rounds’ would not impact any business that was already aware of their ‘M.O’. New members have found it invaluable to have access to our live fraud case information across the group. Over the last couple of years, existing organisations have brought in new staff to bolster the numbers of their fraud teams, which in turn has offered a fresh perspective to the attending member demographic. We are very pleased to say that collectively our membership now boasts teams which consist of ex-police officers, bank and payment processor fraud teams as well as experienced betting and gaming teams. Fraudsters now operate in a multi-faceted environment – Gamshield needs to do the same if it is to remain an effective force in keeping the industry secure. As a result Gamshield has taken the decision to move away from its historic ‘on-line operators only’ membership policy and actively seek engagement with operators across all channels and products, gaming providers and suppliers, payments providers and any other party with an equal interest in keeping the sector safe. If you are a payments, fraud, security or compliance professional in your organisation and would like to find out more about joining Gamshield, contact us at: info@gamshield.org Not only will you be joining an established group with a proven track record of helping businesses reduce the cost of fraud, you will also have the opportunity to engage with and learn from some of the leaders in the sector from companies such as Betdaq, Betfair, BetVictor, City Index, GAIN Capital, Ladbrokes, PKR, Playtech, Skybet, Sporting Index, Stan James and William Hill to name but a few.