In a significant enforcement action highlighting the critical importance of Know Your Customer (KYC) protocols, the Pennsylvania Gaming Control Board (PGCB) has officially fined BetMGM US$100,000.
The penalty follows a detailed investigation into four distinct “fraud rings” that successfully bypassed the operator’s security measures, resulting in over $2 million being wagered through illicitly created accounts.
Systemic Failures in KYC and Verification
The PGCB characterized BetMGM’s identity verification processes as “insufficient,” noting that the joint venture between Entain and MGM Resorts allowed individuals to create and maintain numerous accounts using stolen personal information.
According to the state regulator, these fraudulent profiles at both BetMGM and its sister brand, Borgata, were funded using “stolen or fraudulently obtained” payment devices.
The scale of the breach was extensive across the four identified cases:
- Ring One: Operated for over two years, resulting in 119 accounts and $895,092 in wagers.
- Ring Two: Lasted approximately 25 months, with 1,567 accounts created and $229,580 spent.
- Rings Three & Four: Combined for nearly $900,000 in fraudulent activity over 34 and 19 months, respectively.
A Pattern of Regulatory Scrutiny
This latest fine follows a separate $250,000 penalty issued to BetMGM in January 2025. In that instance, the operator was sanctioned for allowing a self-excluded individual to access the platform and wager on over 150 different occasions.
The PGCB issued a stern reminder to the industry regarding compliance obligations:
“Licensed operators of igaming sites in Pennsylvania must deny individuals on the self-exclusion list from establishing or maintaining an interactive gaming site.”
As the Pennsylvania market continues to mature, regulators are signaling that technical oversights regarding player identity and financial security will meet aggressive legal pushback.
