Welcome to this week’s edition of the ONSEC iGaming Weekly Digest, bringing you the latest shifts in compliance, regulation, and cybersecurity shaping the global betting and gaming landscape. From soaring regulatory penalties and mounting AML scrutiny, to the steady rise of digital-first gaming and mobile dominance, operators face a fast-changing environment where agility and compliance are now core to competitiveness. At the same time, regulators across the U.S. and Europe are tightening oversight, tax regimes are shifting, and fresh reforms are emerging in key markets like Norway. Finally, a wave of cyber incidents — from luxury retail breaches to ransomware attacks in Brazil — reinforces the growing importance of supply-chain security and player data protection.
Trends & Analytics
- The cost of gambling compliance surges — Sept 17, 2025 – iGamingToday. In the first half of 2025, operators absorbed over US$160M in penalties across 40+ enforcement actions in eight countries. Europe alone imposed €36M in AML fines, mostly for weak customer due diligence. This underscores how non-compliance is becoming one of the industry’s most expensive risks. Source: iGamingToday
- SIGA hit with anti-money laundering fine — Sept 15, 2025 – World Casino Directory. The Saskatchewan Indian Gaming Authority (SIGA) was fined US$1.175M by FINTRAC for failing to file suspicious transaction reports, omitting required details, and lacking updated AML policies. The case highlights regulators’ growing willingness to penalize procedural gaps. Source: World Casino Directory
- Digital overtaking land-based casinos — Sept 2025 – Space Coast Daily. Online iGaming is projected to capture ~40% of Europe’s gambling revenue in 2025 (≈€51.1B). At this pace, digital could surpass land-based by 2029, marking a structural tipping point for the industry’s future growth. Source: Space Coast Daily
- Mobile dominates player behavior — Sept 2025 – Dolby Optiview. Seamless UX, live streaming, and instant payments are now baseline expectations, as mobile betting becomes the default channel worldwide. Operators without optimized mobile platforms risk losing significant market share. Source: Dolby Optiview
- Crypto & e-wallet payments gaining ground — Sept 2025 – Adsterra. Players increasingly demand rapid withdrawals and cross-border flexibility, pushing operators to adopt cryptos and e-wallets where permitted. Payment diversity is becoming a competitive differentiator. Source: Adsterra
- Responsible gambling & ESG pressure — Sept 2025 – SOFTSWISS. Regulators and players alike now expect stronger tools for self-exclusion, deposit limits, and RTP transparency. ESG practices are also rising in importance, with compliance and reputation tightly linked. Source: SOFTSWISS
Law & Regulation
- Arizona warning over prediction markets — Sept 15, 2025 – InGame. The Arizona Department of Gaming (ADG) issued letters to licensed sports betting & fantasy operators cautioning that involvement with prediction markets (or companies offering event contracts) outside of Arizona—or in jurisdictions where such activity might violate law—could jeopardize their state license. Source: InGame
- West End penalised for breach of Danish gambling law — Sept 2025 – Gambling Insider. The operator “West End” (operating in Denmark) was penalised for illegal gambling activity, specifically offering services without a license or infringing the Danish Gambling Authority’s regulatory requirements. Source: Gambling Insider
- CFTC & SEC move to clarify oversight of prediction markets — Sept 2025 – JDSupra / legal-update. U.S. regulatory agencies, the CFTC and the Securities and Exchange Commission (SEC), have made a joint statement expressing interest in clarifying which prediction market platforms fall under their scope. This action comes as demand for these markets grows and as platforms begin to offer both sports- and non-sports-related event contracts. Source: JD Supra
- The shifting gambling tax map of Europe — Sept 16, 2025 – iGamingToday. Six major European markets have implemented gambling tax reforms, collectively targeting over €520 million in additional annual revenue. Reforms include higher turnover taxes and other fiscal measures; however, early results suggest that increased taxation does not always yield proportional revenue gains, particularly where operators are pushed offshore. Source: iGaming Today
- Norway gambling reform hopes still alive despite election — Sept 17, 2025 – NEXT.io. Despite a change in government following the September elections, stakeholders in Norway remain optimistic that major reforms in gambling regulation will move forward. This includes reforms around licensing, consumer protection, and possibly changes to how gambling is taxed and overseen. Source: NEXT.io
Hacks & Data Breaches
- Kering (luxury retail) confirms customer data breach — Sep 15, 2025. Kering (owner of Gucci, Balenciaga, etc.) confirmed hackers accessed customer data (claimed ~7.4M email addresses were taken). This was reported Sep 15 and has broad implications for PII exposure and phishing risks. Why iGaming should care: Large retail breaches lead to a spike in credential stuffing and phishing campaigns that target any industry — operators must harden customer authentication and monitor login anomalies. Source: Morningstar
- Jaguar Land Rover cyber-attack disrupts operations — Sep 16, 2025. JLR extended production shutdowns after a cyber incident; the company reported some internal data was affected while forensic work continues. Why iGaming should care: Attacks on major suppliers/manufacturers show how supply-chain or vendor compromises can cascade; iGaming vendors (payment processors, platform providers, game studios) face similar risks. Source: The Guardian
- Plex/related consumer service security incidents reported (week of Sep 11, 2025) — Sep 11 updates.Multiple reports during the week flagged Plex and other consumer platforms confirming incidents and urging credential resets; aggregated cyber briefings called these out on Sep 11. Why iGaming should care: Media-streaming / consumer app breaches create credential reuse risk and boost account-takeover attempts against player accounts and loyalty programs. Source: Cyber News Centre
- Texas General Land Office (disaster relief system) data exposure — reported Sep 15, 2025. A misconfiguration/exposure in a grants system led to thousands of records being viewable; reporting around Sep 15 covered the incident and remediation steps. Why iGaming should care: Public-sector data exposures increase the volume of available PII on fraud markets — fuels synthetic ID creation and social-engineering attacks targeting onboarding/KYC flows. Source: San Antonio Express-News.
- KillSec / ransomware activity targeting Brazil’s healthcare sector — Sep 15, 2025. KillSec ransomware activity and related supply-chain attacks against healthcare software providers were reported mid-September, with stolen data and service disruption noted. Why iGaming should care: Ransomware campaigns against verticals (healthcare, manufacturing) show the persistent threat to service availability and to vendors that iGaming operators rely on (payment gateways, analytics providers, platform hosts). Source: Dark Reading
Final words
As regulators tighten their grip, markets shift toward digital, and cyber threats grow more complex, the message for iGaming operators is clear: success depends on balancing agility with resilience. Compliance must be proactive, player experience seamless, and security uncompromising. Those who anticipate regulatory changes, diversify payment and technology strategies, and strengthen defenses against emerging cyber risks will be best positioned to thrive in the months ahead.
Book a call with ONSEC – Stay secure !
Leave a comment