The ongoing saga of numerous well-known poker pros having thousands of dollars each stolen from them via fraudulent deposits made through Global Payments Gaming Solutions' "VIP Preferred" echecks service has taken a strange twist in recent days. Numerous pro-player victims have now received collection letters from Global Payments demanding that the players return the stolen money to Global Payments, even though they were among the known victims of a widespread fraud scheme that is still under investigation.
The stolen funds had been already been clawed back from Global Payments via the anti-fraud services that most banks provide to their checking accountholders. What is known about the scheme at present is that the victimized players all had bogus online accounts created in their names at a few favored online gambling sites that utilize Global Payments' VIP Preferred system, which is employed by more than 500 casinos across the United States.
Funds were then transferred from players' legitimate online-linked bank accounts to bogus gaming accounts created in the players' names, then quickly transferred out to separate banking accounts controlled by the perpetrators. The thefts are known to have occurred over a span of several weeks, beginning in early October, were done through sites including BetMGM and California's Viejas Casino.
The scheme may or may not be related to another under-investigation fraud scheme involving DraftKings and FanDuel sportsbooks, where numerous gamblers' accounts were accessed and drained of funds. The DraftKings/FanDuel thefts utilized customer data likely purchased on the dark web that originated on another online gambling site. The data was then used to test for vulnerable accounts that used the same e-mail/password combinations in what is referred to as a "credential stuffing" attack. According to a recent update from ESPN's David Purdum, the DraftKings/FanDuel-related fraud is more extensive than first believed and the U.S.'s Federal Bureau of Investigation (FBI) has joined the investigation.
Kyna England first to disclose Global Payments collection attempt
Global Payments, to date, has not acknowledged that the fraud targeting well-known poker pros is distinct in any way from the DraftKings/FanDuel fraud. However, a couple of the victimized sites reported that the likely source of stolen data was from transactions on sites where unique passwords were used, making a credential-stuffing exploit far less likely. Also, only poker players victimized via VIP Preferred have reported receiving the collection letters from Global Payments; no similar collection attempts against DraftKings/FanDuel victims have been posted publicly, if any such even exist.
Kyna "KynaCool" England, one of several known poker-related fraud victims, was the first poker player to go public over Global Payment's seemingly unwarranted collection attempts:
Several other known poker victims reported receiving similar letters. PokerOrg has seen images or text from multiple collection letters, which are similar in most instances but do not necessarily share specific legalese. Given that known victims come from several U.S. states and that Global Payments may have used third-party collections services in some instances, the variance in the letters has easy explanation.
However, the collection demands themselves seem extreme, especially since they were sent to already known fraud victims. Demands have included such items as copies of police reports and notarized affidavits of forgery, despite the fact that the clawbacks were initiated through the victims' banks and were already accompanied by supporting evidence.
One poker pro, a victim of the fraud who spoke on condition of anonymity, told PokerOrg, "They should already know it’s fraudulent. They have all the information. So this letter and request makes no sense." The victim then added, "It’s not our fault the money was stolen from us. They shouldn’t be sending it to collections."
Global Payments responds to collection-letter controversy
When contacted by PokerOrg, Global Payments acknowledged that the collection letters were sent and denied that the collection attempts ran afoul of any consumer-protection laws, an issue that has been raised on at least one poker forum where the scandal is being discussed.
A Global Payments company spokesperson told PokerOrg, "We have been assisting law enforcement with an investigation into fraudulent accounts set up at unaffiliated third parties using stolen personal information. Letters sent to VIP Preferred account holders regarding this, follow a format mandated by the Fair Debt Collection Practices Act, as we are required by law to generate a notice to customers about certain account activities. We continue to work closely with these third parties to ensure all impacted individuals receive refunds."
However, Global Payments did not respond to a follow-up question as to whether sending collection letters was, in general terms, a wise or proper action given the known circumstances of the scheme. Global Payments has also not wavered from an earlier quote supplied to ESPN's Purdum, which stated, "There has been no security breach or fraudulent accounts opened at our gaming business in connection with this investigation."
That quote, though, circles around the greater framework of the fraud as publicly known, in that all the fraudulent transactions were conducted through Global Payments' Preferred VIP service, which is implemented as a front-end platform as a casino-deposit option. Wherever the various fraudulent accounts were created, the scheme appears to have taken advantage of lax protocols that enhanced the ease of getting customers' deposits into players' online accounts, but at the cost of sufficient security for those players' own bank accounts. As an example, Global Payments' online VIP Preferred portal does not appear to offer any form of two-factor authentication (2FA) for making changes to important account information.
Whether certain practices and protocols that were exploited by this scheme's fraudsters are standard operating procedure by Global Payments or were specified by the payment processor's partner casinos is not yet known, and actually may never emerge into public view. Nor is it yet known how various regulators for both the gambling and banking industries will view the episode as an online-commerce security issue. ESPN's Purdum noted that the New Jersey Division of Gambling Enforcement (DGE) has taken interest in the matter, as BetMGM, DraftKings, and FanDuel all do business in New Jersey.
PokerOrg will continue following this story and will offer updates as new information comes to light.
Image source: Global Payments