AI Deepfakes Pose Escalating Threat to Gambling Sector’s AML Defences

The growing use of artificial intelligence in creating identification deepfakes and synthetic identities is becoming an increasingly significant threat to gambling operators. As technology continues to evolve rapidly, so too do the methods employed by fraudsters, prompting urgent calls for stronger safeguards and more sophisticated defences across the sector.

AI-generated deepfakes are already being weaponised in multiple ways. Over the Easter weekend, Sky News uncovered a disturbing example: a deepfake video that used old footage of presenter Matt Barbet was circulated online, falsely showing him discussing an iPhone gambling app with another correspondent and claiming they had won £500,000. These fraudulent adverts, distributed via social media, were designed to promote illegal gambling apps available on Apple’s app store.

The UK’s Gambling Commission, recognising the serious risks involved, recently issued a warning concerning the link between AI-generated deepfakes and emerging money laundering and terrorist financing threats. In April, the Commission highlighted that AI could increasingly be exploited to bypass customer verification procedures.

This echoes concerns raised by the UK’s Joint Money Laundering Intelligence Taskforce, which last year issued an amber alert on the use of AI to evade customer due diligence. The National Crime Agency (NCA) also dismantled a website offering AI-generated identification documents—passports and driver’s licences—for as little as $15.

The Gambling Commission is now instructing all gambling operators to ensure staff are trained to identify AI-generated documentation. As threat actors become more adept with cutting-edge technology, traditional fraud prevention methods risk being outpaced.

“Synthetic identity theft is a type of fraud in which genuine and fabricated personal information are blended to generate a completely new, fake identity,” explains Dr Michaela MacDonald, senior lecturer in law and technology at Queen Mary University of London. She warns that combined with tools like voice cloning, behavioural mimicry and deepfake tech, such synthetic identities can easily sidestep standard Know Your Customer (KYC) checks—evading facial recognition systems, exploiting customer support interfaces, and tricking voice-authentication procedures.

Research from the Alan Turing Institute, published in March, emphasised how AI’s potential to automate, enhance, and scale up criminal operations makes it particularly dangerous. The report concluded: “UK law enforcement is not adequately equipped to prevent, disrupt or investigate AI-enabled crime,” and called for a more proactive approach involving the strategic use of AI within law enforcement operations.

In light of recent AML-related enforcement actions, regulatory authorities are expected to take the threat seriously. In the UK, the Gambling Commission recently fined two operators—Football Pools and Corbett Bookmakers—for a range of AML failures. Football Pools paid £375,000 for not triggering ‘hard stops’ upon reaching AML thresholds without manual intervention, while Corbett Bookmakers was hit with a £686,070 fine for poor risk assessment across customers, products, and payment methods.

According to the Commission, “all operators must train staff in the assessment of AI-generated documents.” This statement signals that regulators will expect greater diligence moving forward. While initial missteps related to this fast-moving technology may be met with understanding, failures to act or engage with regulatory bodies could result in harsher penalties.

“If you haven’t even engaged with the authority to say ‘I’m not sure what I can and can’t do,’ it will be considered that you didn’t do what you were supposed to, to abide by your regulatory obligations. And that’s going to be a whole different situation,” says Annabelle Richard, legal partner at Pinsent Masons.

The NCA has described fraud as the UK’s most prevalent crime, noting that AI dramatically increases the potential scale, speed, and reach of scams. “The use of AI to facilitate fraud underscores the need for private industries, law enforcement and the public to all take steps to reduce the threat,” the NCA stated. It added that the UK’s Online Safety Act places additional obligations on platforms to prevent such fraud, including implementing tools to identify and remove content promoting fake credentials.

With fraud becoming more sophisticated, operators must refine their AML procedures. Tools such as facial recognition, liveness detection, device fingerprinting, and geolocation services are now essential. Machine learning can also help detect behavioural anomalies among players, offering another line of defence.

Dr MacDonald pointed to emerging tools like end-to-end orchestration, data intelligence, and AI-enhanced verification systems as powerful allies in the fight against synthetic identity fraud. “These tools work together to centralise verification processes, analyse large datasets for subtle inconsistencies and leverage machine learning to detect evolving fraud patterns with greater accuracy and speed,” she said. However, she also acknowledged that the quality of defences varies widely, especially since many operators are using the same class of AI tools that fraudsters exploit.

Fraud within the gambling sector is not new. Mick d’Ancona, a consultant with Circle Squared, stressed that operators have long dealt with fraudulent documentation. “All that’s happening now is it’s easier to [fake documents required by operators]. But actually, if you’re a good operator and you’re [processing documents] properly, you’ve got what you need in place,” he said. Still, he warned that this would not come cheap, especially for smaller or grey-market operators that may not have adequate resources or protections in place. “If you only ask for a copy of a passport, but you don’t do a likeness check… you are, for sure, exposed,” d’Ancona added.

One promising development in tackling ID fraud is the rise of digital identity wallets. These systems combine biometric data and cryptographic keys to provide secure verification. Countries like Singapore and Estonia have had national digital IDs since 2002, while the UK launched its Post Office EasyID in 2021. The EU’s Digital Identity Framework Regulation, effective from 2024, requires member states to offer at least one such wallet, enabling secure identification across public and private services.

Jarek Sygitowicz, co-founder of Authologic, believes the EU's initiative could mark a turning point. “These have seen adoption growing over the years, but with the EU implementing the eIDAS 2.0 regulation, what has been a slow wave will become a big jump in the next 12-24 months,” he said. He added that even initially skeptical countries like the UK are moving toward similar measures, with a digital driving licence expected this summer.

Yet, despite the availability of many defensive tools, adoption remains inconsistent. Peter Wood, CTO of Spectrum Search, sees this as a major vulnerability. “What’s missing right now is consistency. There’s no shared framework for tackling AI-driven fraud, and that needs to change,” he said. He called on regulators to set industry-wide ID verification standards and facilitate anonymised, real-time data sharing to detect suspicious activity.

Without unified oversight, identifying fragmented personal data across platforms becomes increasingly difficult. Dr MacDonald believes that the solution lies in regulatory and law enforcement cooperation. She recommends “international coordination on synthetic ID detection, information sharing and regulatory standards, which will be essential to staying ahead of increasingly sophisticated AI-driven fraud.”

While AI has raised the stakes for AML risks and fraud in gambling, the responsibilities of operators remain constant. Technology may be evolving fast, but so too must the industry’s commitment to staying informed, vigilant, and aligned on best practices to counteract the growing threat.

By fLEXI tEAM