The evolution of artificial intelligence technology, particularly its application in generating sophisticated deepfakes and synthetic identities, poses an increasingly significant threat to the integrity and security of the gambling sector. Operators and players alike face heightened risks from AI-enabled fraud, necessitating enhanced security standards and potentially costly technological investments to mitigate these emerging challenges.

AI is already being leveraged by malicious actors to create fraudulent content, including promotional material for illegal gambling operations. Over the Easter weekend in 2025, for instance, reports surfaced of an AI-generated video featuring realistic likenesses of news presenters touting gambling applications. This fake advertising was disseminated across social media platforms, directing users towards illegal gambling sites often embedded within gaming applications available on app stores.

The risks extend directly to anti-money laundering (AML) and counter-terrorist financing (CFT) efforts. In April 2025, the UK’s Gambling Commission issued an update specifically warning licensed operators about the growing prevalence of AI deepfakes and their connection to emerging money laundering and terrorist financing risks. This followed an amber alert published by the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT) the previous year, which highlighted the use of AI to circumvent customer due diligence (CDD) checks. Demonstrating the tangible nature of this threat, the UK’s National Crime Agency (NCA) reportedly took down a website last year that was offering AI-generated identity documents, such as passports and driver licenses, for as little as $15.

Regulatory guidance from the Gambling Commission has specifically advised all operators of the critical need to train their staff to accurately assess customer documentation for signs of AI-generated content. Criminals and fraudsters are known to quickly adopt emerging technologies, and the widespread use of digital mediums for services has made synthetic identity theft a growing challenge for law enforcement globally.

Synthetic identity theft involves combining genuine and fabricated personal information to construct entirely new, fake identities. The increasing sophistication of AI technologies, including voice cloning and behavioural mimicry, enables the creation of AI-generated synthetic identities that can effectively bypass traditional Know Your Customer (KYC) systems. These AI-powered identities can potentially defeat facial recognition tools, exploit vulnerabilities in customer support chats, or spoof voice-activated authentication mechanisms.

Research into deepfake technology published in March 2025 by the Alan Turing Institute highlighted that AI-enabled crime is being propelled by the technology’s capacity to automate, augment, and vastly scale up criminal activity. The report indicated that, as of early 2025, UK law enforcement was “not adequately equipped” to effectively prevent, disrupt, or investigate AI-enabled crime. While acknowledging the potential for legislation as a deterrent, the institute called for a “more robust and direct approach,” centered on the proactive deployment of AI systems by law enforcement agencies themselves.

Regulatory Response and Operator Obligations

Regulators worldwide typically adopt a stringent approach to AML infringements, particularly within the gambling industry, given its inherent risks associated with the movement of funds. In the UK, recent enforcement actions underscore this focus. In the month prior to April 2025, the Gambling Commission imposed significant penalties on two operators for AML and customer care failures: Football Pools was ordered to pay £375,000 for AML breaches where processes failed to implement hard stops when financial thresholds were reached until manual reviews occurred, and Corbett Bookmakers was fined £686,070 for numerous AML failures, including not adequately understanding relevant customer, product, geographic, and payment risks and failing to take a sufficiently risk-based approach.

In response to the developing risks posed by AI, the Gambling Commission has reiterated its requirement for all operators to ensure staff are trained in the assessment of customer documentation for potential AI-generated alterations. Potential regulatory responses to the rise of deepfakes and synthetic identities could involve encouraging information sharing across secure channels, promoting innovation in fraud detection technology within the sector, fostering international cooperation among regulators and law enforcement, and conducting reviews of their own regulatory frameworks to adapt to the evolving threat landscape.

Given the rapidly advancing nature of AI technology, there is a view that regulators may exercise some degree of leniency in early instances of AML rules being breached due to sophisticated deepfake technology, particularly if an operator can demonstrate their systems were bypassed in a way that was not reasonably foreseeable or preventable at the time of the incident. However, it is also understood that regulators are unlikely to be lenient if a failure of systems occurs that could have been prevented with existing tools and practices, or if an operator has been slow to identify or address a potential vulnerability. Operators are expected to proactively engage with regulatory guidance and uphold their obligations to prevent their platforms from being used for illicit purposes.

Mitigation Strategies for the Gambling Sector

Fraud is recognised as the most prevalent crime in the UK, and AI has the potential to significantly increase the speed, scale, and sophistication of online scams. AI technology enables threat actors to target a larger number of victims or companies, potentially transcending international and language barriers. The increasing use of deepfake images and videos specifically makes fraud detection more challenging for businesses and individuals.

Addressing AI-facilitated fraud requires a collaborative effort involving private industries, law enforcement agencies, and the public. Legislation like the UK’s 2023 Online Safety Act places greater responsibility on online platforms to implement measures aimed at curbing fraud and terrorism. This includes requirements for service providers to explain their account verification processes and deploy automatic detection software to identify and remove advertisements or posts linked to the sale of stolen or faked credentials.

For gambling operators, mitigating the growing threat of AI deepfakes necessitates refreshing and enhancing existing AML and KYC processes. Operators should keep abreast of best practices and technological innovations in identity verification and fraud prevention. This includes enhancing AI-based document verification checks with biometric security measures such as facial verification and liveness detection to confirm that a user is a real person present at the time of verification. Utilising device fingerprinting and geolocation services can also contribute to higher detection rates by identifying inconsistencies or suspicious access patterns. Furthermore, correctly applied machine learning models can analyse player activity for subtle inconsistencies that might indicate fraudulent behaviour, adding an additional layer of security.

Technologies are emerging specifically to help detect synthetic identities and manipulated digital materials. These tools often involve end-to-end orchestration to centralise verification processes, advanced data intelligence to analyse large datasets for subtle inconsistencies, and the leveraging of artificial intelligence itself to detect evolving fraud patterns with greater accuracy and speed. However, the implementation of these high-quality defences can vary widely across the industry, requiring significant investment. Notably, some operators may find themselves using similar classes of AI tools for verification purposes as the fraudsters are using to mount attacks.

The gambling sector has historically been a target for fraudulent activity and the use of manipulated documents, leading to a perpetual “arms race” between operators enhancing security and fraudsters seeking new ways to bypass it. Experienced operators with robust processes in place for handling customer documentation may already possess foundational capabilities to address some aspects of this threat. However, mitigating the escalating sophistication of AI-powered fraud will not be inexpensive, demanding continuous updates to processes and technology. Smaller operators or those in grey markets, potentially facing budget constraints or lacking engagement with regulatory best practices, may be particularly exposed due to insufficient investment in adequate protections like likeness checks or the tooling and experienced staff needed to properly verify proofs of funds.

The Potential of Electronic ID Wallets and Need for Standardisation

One potential method for curbing identity fraud in the long term could be the broader adoption of official or national digital identity solutions. Digital identity wallets or applications leverage various technologies, including cryptographic keys and biometric data like fingerprints and facial recognition, to securely store and confirm a user’s identity. These are not nascent technologies; countries like Singapore (SingPass, 2002) and Estonia (digital ID card, 2002) have had national digital ID systems for many years, and other nations including Germany, Sweden, Japan, and Canada also offer digital ID options. In the UK, the Post Office EasyID, launched in 2021, provides a government-certified digital ID for various verification purposes.

Regulation is also driving the adoption of digital identities. The EU’s Digital Identity Framework Regulation (eIDAS 2.0), which came into force in 2024, mandates that EU member states must offer at least one digital identity wallet to their citizens. These applications will allow individuals to securely identify themselves to public and private online services across the EU. The implementation of these electronic ID wallets is seen by some as a potential “game changer,” expected to cause a significant jump in adoption over the next 12-24 months relative to April 2025. Even countries previously more hesitant about digital IDs, such as the UK, are reportedly planning to launch their own digitised driving license in the summer of 2025 as part of broader digital identity initiatives.

While the threat of AI deepfakes is immediate and the tools to mitigate it largely exist, a key challenge lies in the inconsistent adoption and application of these tools across the industry. There is currently no unified framework for tackling AI-driven fraud effectively. This highlights a need for greater standardisation and consistency across the sector. Experts suggest that regulators should push for industry-wide standards around identity verification that are specifically designed to withstand AI-powered attacks. Additionally, there is a call for enhanced collaboration between platforms, potentially including anonymised, real-time data sharing systems, to help flag suspicious activity across the entire ecosystem.

A significant challenge in detecting synthetic identity fraud stems from the fragmentation of personal identifiable information across numerous disparate platforms. Without some form of unified oversight or coordinated data analysis, it can be difficult to spot the inconsistencies that might reveal a fraudulent identity. Mitigating this effectively may require regulators and law enforcement to encourage international coordination on synthetic ID detection, information sharing, and the development of common regulatory standards to stay ahead of increasingly sophisticated AI-driven fraud techniques.

In conclusion, while AI is undoubtedly elevating the risk profile for potential fraud and AML breaches within the gambling sector, the fundamental obligations for operators to remain informed and up-to-date on security threats remain unchanged. The tools and technologies needed to help the industry stay ahead of the AI threat largely exist, but effectively deploying them and establishing a consistent, collaborative approach to combat AI-enabled fraud across the sector requires consensus and coordinated action from both industry stakeholders and regulatory bodies.