Audimation Services has been acquired by Caseware International Learn More.


Blog Image

Using Non-Financial Data to Detect Fraud

Lessons Learned from the Casino Industry

Behind the flashing lights, dings, and bells of a casino floor, massive amounts of data are generated each second. Every card swiped, drink served and handle pulled is recorded. Thanks to advanced analytics, casino auditors can examine big data in new ways to keep the organization safe from money laundering, fraud schemes, errors and other profit-draining issues.

The U.S. gaming industry is one of the most heavily regulated and controlled business sectors in the world. In addition to comprehensive and stringent state gaming regulations, U.S. gaming operations are subject to federal anti-money laundering (AML) requirements.

We caught up with two data analytics gurus who have had tremendous success using CaseWare IDEA® to analyze data in some unconventional ways to meet compliance requirements and recover tens of thousands.

Samantha Webster, Senior Manager of Audit & Analytics with a major casino began using IDEA in 2015. In less than four years, the organization has saved thousands across three of its properties.

“We are constantly on the lookout for patrons that take advantage of our complimentary programs, table games, and slot promotions,” said Webster. “It makes us get creative with our thinking and analytic development.”


Free Slot Play Scam


Promotional marketing offers get customers in the door and loyalty cards keep them coming back for more. Yet some patrons take advantage of the system. Casino auditors were alerted to a free slot play scheme caught by the surveillance team where patrons were using slot machine coupons and PINs to earn cash and comps.

“We knew there was slot fraud going on and for years, surveillance and I talked about it,” said Webster. “We had all this data, but we didn’t know where to look. Once they discovered someone actually committing the fraud and they think of a way for me to look into the data, they had a good idea about what that data should look like and what the fraud looked like.”

Webster and her team worked with various departments to identify precisely how the scam worked – here is a snapshot of their process:


Step 1: Understand the Operations


  • How do patrons qualify for free slot play?
  • Rules for redeeming free slot play?
  • What data is collected when free slot play is redeemed?


Step 2: Get the Right Data

Any auditor knows the fastest way to get the data you need is to pull it yourself – here’s why:

  • Defining what you need is difficult
  • May take months for IT to build a report
  • Data may be filtered and not contain the data you really need

When working with IT you may get more data than you actually need; however it can be distilled down to just the essentials.

Step 3: Data Validation


  • What is the source of the data?
  • Is the data accurate and complete?
  • Do you have another source you can validate against that data?
  • Will the data change and when?
  • What is the data telling me?
  • Is the data useful?
  • Does the data cover the required timeframe?
  • Are my findings accurate – are there false positives and how can we weed them out?
  • How did I get these findings and can I replicate them?
  • Do I have to take more steps to ensure we’re not missing anything?
  • Is this scalable? Are we looking at too much or too little data?
  • If we go back three years, is that additional data going to provide us value?


Step 4: Develop Analytics


Operational departments are a great resource for analytic ideas – they know how the business operates and can spot patterns that are out of place.

Coupled with surveillance footage of the fraud in action and the analytics, auditors put the pieces together about how the fraud worked. The perpetrator would convince patrons to give them their free slot play coupons and keep any cash they won. In return, the coupon holders would earn comps without even visiting the facility until they were ready to redeem their perks.

“When we ran our analytics in IDEA, not only did some red flags pop up, but the known perpetrator (caught by the surveillance team) popped up immediately, so we knew were on the right track,” said Webster.

Auditors worked with the database marketing team involved in the promotion. They used physical and email addresses to identify other perpetrators.

“Communication is key,” said Webster. “Our operations team understands the business better than anyone. The surveillance team is our eyes in the sky. IT collects the data we need, and when there is a known fraud, we don’t want it to take months to get what we need. We work together as a cohesive team.”


Step 5: Developing Prevalent Analytics

Once everything was working as expected, Webster moved the analytics into production where tests run weekly. They also shared their analytics with the casino’s other properties and found the same free slot play fraud, but to a lesser degree. Using IDEAScripts, auditors handed over their analytics to the operations team so they can self-monitor for potential fraud, under the guidance of the audit team. Weekly analytics are now reviewed on a monthly basis to ensure everything is still working properly.


Step 6: Reporting

By gathering the right data and developing analytics based on good information, the internal audit team helped surveillance build their case. They identified more than 100 patrons committing the same fraud scheme, which helped the business increase profitability by not paying out cash or comps to patrons who had not rightfully earned those rewards.

Finding the fraud also changed how the casino structured its free slot play giveaway process. For example, vouchers are given away in very large amounts at some of the slot tournaments. Patrons who received multiple free slot play cards were more likely to win the tournament. With better insights about how frauds were being committed, the audit team could work on strengthening their controls.

Step 7: Prevention

Taking a proactive approach, Webster and her team looked for correlations between employee, vendor and customer databases to identify relationships. Beyond the standard matching by name and physical address, they used secondary fields such as:

  • Emails (work and personal)
  • Remit to mailing addresses
  • Phone numbers (home, mobile, work)
  • Doing Business As (DBAs)

They searched for conflict of interest by layering additional information including department, position and job codes. Using vendor payment data, auditors looked for duplicate payments and looked at whether payments were processed properly.


Real ROI


Auditors at the casino discovered the real value of working with other departments to achieve measurable results and continue on their quest to prevent unnecessary losses.

Their use of data analytics has saved the casino tens of thousands, even within their first year of use, and continues to accrue each year.

“We are catching the frauds right away now in several areas and developing new analytics to catch new frauds,” said Webster.


Following the Cash Flow


Another professional using unconventional data, including surveillance footage to track cash entry and exit point, is Brian Lopez. He has worked with some of the largest casinos in the world to assist with independent testing of BSA/AML programs, remediation work, and fraud investigations.

With a background in engineering, a master’s in business and experience working with law enforcement as an investigator; Lopez has the right mix of skills for using data to uncover fraud schemes.

“Now that the banking industry is heavily regulated, casinos are the new target for money launders and fraud schemes,” said Lopez. “Casinos have strict requirements, but you don’t have to present an ID or open an account to gamble. Tracking patrons below a certain threshold is difficult, making it easier to move cash anonymously.”

More than ever, casinos are using all of the available information they have to stay ahead of fraud and meet the growing regulatory requirements. During his investigations, Lopez has discovered many perpetrators who stay just below the radar with minimal play.

All cash activity is aggregated for a 24-hour period, often referred to as the gaming day. If cash-in or cash-out transactions exceed $10,000 during this time, a Currency Transaction Report (CTR) is filed by the casino. Data analytics can be used to ensure ratings are complete and accurate. By analyzing dates and times, auditors and compliance professionals can ensure critical data elements are not missed or misrepresented.

For example, IDEA can be used to isolate all ratings missing key information by physical location, game type, employee shift or employee ID to check for patterns and pinpoint the root cause of potential issues.

“As criminals attempt to utilize casinos as a means to launder and disguise illegally derived funds, compliance professionals can use the data generated in the casino to detect potentially suspicious patterns of activity,” said Lopez. “Professionals should leverage data analytics to ensure they do not miss potential red flags. IDEA is like a Swiss Army knife – it offers new ways to search for fraud.”

Lopez offers a few pointers to casino compliance and audit professionals:

  • Think outside the box and look at everything
  • Look for indicators related to structuring (avoiding CTR reporting) such as:
    • Minimal gaming activity
    • Large cash-in or cash-out activity without gameplay
    • Chip walks – patrons leaving the casino with large amounts of chips
  • Run periodic audits to reconcile systems – make sure reports are accurate and complete
  • Stay on top of updates to sub-systems (e.g., slots) – one update can change everything
  • Examine ratings – are supervisors inputting buy-in information in accordance with company and regulatory policies?
  • Regularly analyze patron master data including addresses, social security numbers, phone numbers, etc.
  • Refer to the Financial Crimes Enforcement Network (FinCEN), which issues guidelines for casinos and compliance professionals

“Having a basic foundation in the understanding of data and how relational database systems work is vital,” said Lopez. “Couple that knowledge with software that can help you interrogate all types of digital information and you have the keys to unlock a powerful story that your information may be trying to tell.”

Special thanks to Samantha Webster and Brian Lopez for sharing their insights with fellow IDEA users!
Dowling Advisory Group has developed a proprietary data analysis methodology to perform a more effective and comprehensive Title 31 review that parallels IRS Examinations. Visit his firm’s website at for more information.

CaseWare IDEA , Data Analytics

Posted By

By Sarah Palombo
Sarah Palombo founded Avery Public Relations in 2007 and took on Audimation Services as her first client. She has more than 20 years of experience developing communications programs and creating content.

Related Posts
Your Data Said What?!?!?
Nov 19 How often have you queried your data and come back with garbage? You know the question you are trying to answer, whether it’s how many bills of sale went ...
New Perspectives (AHIA) Article on Data Analysis Challenges
Apr 19   Executive Summary   When it comes to using data analysis in place of manual audit processes, the benefits clearly outweigh the challenges. From...
Expert Data Importing Services Available
Oct 17 To help accounting and audit professionals meet the challenges of acquiring, normalizing and importing client data into IDEA for analysis, Audimation Services, ...

This website has been designed for modern browsers. Please update. Update my browser now