TL;DR: COVID-era player growth has expanded the fraud surface for bonus hunting, multi-accounting, account takeovers, and illegal chargebacks while operators still need to meet AML and age-verification obligations across Europe and the UK, according to SumSub. The governance problem is not whether to add checks, but how to calibrate identity controls so they reduce abuse without creating onboarding friction that drives users away.
NHIMG editorial — based on content published by Sumsub: KYC Guide for the Gaming industry: Europe and UK
By the numbers:
- COVID-19 caused a surge of players joining gaming apps and platforms, with forecasts indicating growth of €140.05 billion from 2021 to 2026.
Questions worth separating out
Q: How should gaming operators balance KYC friction with fraud prevention?
A: Treat KYC as a risk-based control, not a single gate.
Q: Why do multi-accounting and bonus abuse break weak identity programmes?
A: They exploit the gap between first-pass verification and ongoing identity reuse detection.
Q: What should compliance teams separate in gaming onboarding?
A: Separate age verification, AML screening, and fraud controls.
Practitioner guidance
- Separate verification paths by regulatory purpose Define one path for age verification, another for AML screening, and a third for fraud controls so each obligation has its own evidence trail and exception process.
- Tighten duplicate-account detection across signals Correlate device fingerprints, payment instruments, and identity attributes so the same person cannot repeatedly enter the platform under different accounts.
- Calibrate KYC depth to player risk Use lighter checks for low-risk access and escalate verification when withdrawal, transaction, or behavioural thresholds indicate higher abuse exposure.
What's in the full article
Sumsub's full guide covers the operational detail this post intentionally leaves for the source:
- Use cases for identity verification in gambling across onboarding and higher-risk player actions
- An overview of the online gambling regulatory landscape for Europe and the UK
- Best practices for KYC verification levels and how they map to conversion trade-offs
- An identity verification checklist you can adapt for implementation planning
👉 Read Sumsub's KYC guide for gaming in Europe and the UK →
KYC in gaming: what Europe and UK operators need to balance?
Explore further
Gaming KYC is a conversion control and a fraud control at the same time: operators that treat it as only one of those things misread the system they are governing. The guide shows that onboarding design, verification depth, and regulatory evidence all sit in the same operating model. The practical conclusion is that identity teams have to manage user experience, fraud resistance, and auditability as one programme, not three separate projects.
A few things that frame the scale:
- 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: How can operators tell whether KYC is actually working?
A: Look for declining account reuse, fewer duplicate registrations, lower chargeback rates, and cleaner audit evidence when exceptions occur. A functioning KYC programme reduces abuse without creating excessive abandonment. If fraud remains high or drop-off spikes, the verification design is either too weak or too rigid.
👉 Read our full editorial: KYC for gaming in Europe and the UK must balance fraud and growth