What Is Gnoming and Multi-Accounting Fraud?
Multi-accounting is the practice of creating numerous fake or deceptive accounts on digital platforms. While some users do this to bypass regional restrictions, seasoned fraudsters create accounts in bulk using stolen or "synthetic" identities to commit financial fraud, collusion, or bonus abuse.
Gnoming is a specific subset of multi-accounting prevalent in iGaming. It involves a single user operating multiple accounts to:
- Exploit "new-player" welcome offers repeatedly.
- Rejoin a platform after being banned for predatory behavior.
- Gain an unfair advantage in poker or multiplayer games through collusion.
Fraudsters often use the identities of friends or family members ("mules") and mask their digital footprint using VPNs, emulators, and device spoofing, making them incredibly difficult to detect with traditional tools.
Why Is Gnoming so Hard to Detect?
Gnoming typically stays under the radar because the accounts appear legitimate. Since fraudsters often use real PII (Personally Identifiable Information) from acquaintances, their registration data doesn't trigger standard "fake user" red flags.
Without device-level insights, these users blend in with your genuine player base. Operators often only realize there is a problem after the bonus has been withdrawn and the "user" disappears.
Major Red Flags of Multi-Accounting
- Multiple accounts created from the same device or IP address.
- Use of VPNs, incognito mode, or identity masking browsers during account creation.
- Accounts created with spoofed or emulated browsers.
- Frequent creation of new accounts from risky geo-locations.
- Risky browsing patterns (like auto-clickers) on the device.
- Rapid activities (such as withdrawal or transfer) after new account creation.
The Impact of Gnoming and Multi-Accounting On iGaming Platforms
Welcome Bonus Abuse
Fraudsters use "hit-and-run" tactics to drain promotional budgets, inflating Customer Acquisition Costs (CAC) without gaining a long-term player.
Matched Betting
By placing equal and opposite bets across multiple accounts, fraudsters "lock in" profits from bonuses, ensuring the house always loses.
Distorted Analytics
Fake accounts skew data on new user growth and engagement, leading to poor business decisions based on "ghost" traffic.
Degraded User Experience
In peer-to-peer games like poker, gnoming allows for collusion, which ruins the experience for honest players and destroys platform trust.
Stopping Fraud with Device Intelligence
The device is the fraudster's most consistent tool. While they can change their name, email, or IP address, their hardware leaves a trail. Proactive device intelligence stops gnoming at the front door through:
Persistent device identification
Identify every physical device on your platform by assigning a unique identifier that remains persistent, even if a fraudster attempts to manipulate their digital fingerprint or factory reset the device to appear as a new user.
Real-time fraud intelligence
Use a combination of pre-defined rules, artificial intelligence, and machine learning to identify risky patterns associated with gnoming and multi-accounting. Such tools may include app cloners, GPS spoofers, emulators, and VPNs, and techniques can include app tampering, device tampering, and signs of jailbreaking.
Beat Gnoming and Multi-Accounting with SHIELD
SHIELD is a device-first fraud intelligence platform designed to stop gnoming and multi-accounting before they impact your bottom line.
What sets SHIELD apart?
- Tamper-Proof Device IDs that remain persistent across sessions, re-installs, factory resets, and tampering, even in incognito mode.
- Real-Time Session Monitoring to monitor device behavior in real-time and flag when a good user turns bad.
- Configurable Risk Controls to adjust 20+ fraud signals to match every business' risk tolerance.
