Anna Badaeva: “The best security process is one that is strong, silent, and out of sight”

TonyBet’s Anna Badaeva outlines how the company combats rising AI-driven fraud through advanced tools, deepfake detection, and notably, cross-border intelligence sharing. She highlights proactive AML/KYC strategies, advanced risk scoring, and continuous staff training. Badaeva discusses the evolving cyber threat landscape, the need for constant innovation, and how TonyBet’s balanced approach to personalization, responsible gaming, and ethical AI use help strengthen the operator’s own resilience to such emerging challenges. Looking ahead, TonyBet plans market expansion, stronger gamification, and improvement across core verticals, as well as ever-strengthening its fraud-prevention capabilities.

Q: Anna, you recently spoke on a panel about AI fraud, deepfakes, and cross-border threats at SiGMA Central Europe. What key insights did you share at the event, and how do they inform Tonybet’s broader cybersecurity strategy?

At SiGMA Central Europe, I emphasized the growing sophistication of AI-driven fraud, particularly the rise of deepfakes and synthetic identities. These threats undermine KYC processes, user authentication, and overall brand trust. Effectively tackling these complex cross-border threats requires a multi-layered strategy built on several core principles.

First, the responsible use of AI. Any fraud detection tools we build follow a "Privacy by Design" approach, ensuring system transparency, minimal data collection, and a requirement that any automated decision to restrict an account undergoes human review. To counter these threats directly, we are investing in advanced AI-detection tools to identify and mitigate deepfake attempts during registration and verification.

Collaboration is equally important. We are strengthening our cross-border threat intelligence network, but in a standardized and lawful way. I have been advocating for a rigorous "Legitimate Interests" assessment to facilitate the sharing of pseudonymised threat indicators under strict legal, contractual, and technical safeguards. This improves collective security without cutting corners on compliance.

Our experience operating in multiple jurisdictions, such as Ontario and the Netherlands, has taught us that robust security is inseparable from compliance. The frameworks we've built there have shaped our global approach, helping take proactive measures against threats with integrated action plans. This strategy, which also includes enhancing employee training programs to recognize sophisticated attacks, lets us maintain a great player experience while staying one step ahead of emerging threats.

Q: The landscape of AML and KYC compliance is rapidly evolving. How is Tonybet strengthening its processes to keep pace with emerging risks and regulatory expectations globally?

Our philosophy at Tonybet is to stay ahead of problems proactively, rather than simply reacting to them. We recognize that AML and KYC compliance is not static, which is why we are actively strengthening our processes through several key initiatives.

First, we leverage advanced technology, including AI and machine learning, to enhance our defenses. This includes more granular risk scoring based on a wider range of data points and behavioral analysis, allowing us to take a dynamic, risk-based approach. We are also investing in automated monitoring systems that use this technology to effectively detect complex, cross-border threat patterns like layering schemes or synthetic identity fraud. Our ethical guidelines ensure this is done responsibly by collecting only necessary data and maintaining human oversight.

We avoid a one-size-fits-all approach to compliance. We tailor our strategy for each market by conducting thorough regulatory gap analyses and adapting to specific jurisdictional risk factors. This ensures we meet local expectations, whether adapting to Ontario's AGCO standards or entering a new market elsewhere.

We also reinforce these technical and market-specific measures with a strong human element. Ongoing training keeps our compliance staff updated on the latest regulatory changes and best practices. We regularly engage with regulators and industry experts to ensure our programs meet the highest standards. This comprehensive strategy allows us to build a protected community for our players, supporting features like instant withdrawals and transparent terms, while fostering lasting trust with both players and regulators and future-proofing our business.

Q. Online casinos have been historically very good at protecting player data. Is this because they are a step ahead when it comes to cybersecurity best practices, and are there evolving threats that are seeing the industry fall behind in adapting?

Excellent question. The online casino industry has traditionally prioritized player data protection, given the large financial transactions and sensitive personal data we handle in real-time. This has led to the early adoption of key cybersecurity practices, such as encryption, multi-factor authentication, regular security audits, and strict internal access controls. For licensed operators like us, these measures aren't optional – they are the baseline condition for survival, ensuring player trust and maintaining our license to operate.

The threat landscape, however, is constantly evolving, and we must stay ahead in critical areas. As a high-value target, we face an arms race against increasingly sophisticated threats. While the industry has a solid foundation, we must now adapt quickly to new challenges like the rise of sophisticated AI-powered fraud - including deepfakes and bots that mimic human behavior - along with sophisticated phishing, ransomware, and DDoS attacks.

The growth of the illegal grey market, with its weak security, also affects the reputation of the entire industry. This environment demands continuous adaptation and investment. We are responding by innovating our AI-driven detection models, bolstering our legal expertise to navigate complex cross-border data laws, and upholding the high standards that distinguish licensed operators. Complacency is not an option; staying ahead requires relentless vigilance and technological investment to counter these emerging threats.

Q:Tonybet was nominated for multiple SiGMA Central Europe Awards this year. What do these nominations mean for you and the Tonybet team, and how do they reflect your approach to responsible gaming and security?

The entire Tonybet team is extremely proud of our SiGMA Central Europe Award nominations, as they reflect our core philosophy of putting the player experience first by prioritizing trust and security. Being recognized in categories like "Best User Experience" and "Best Player Retention" shows that our focus on a responsive interface, gamified programs like Daily Missions, and treating players as a guided community truly resonates.

After all, you cannot deliver a "Best Casino" experience if players do not feel secure. These nominations highlight the impact of our investments in multi-jurisdictional compliance, proactive industry advocacy, and player security updates, positioning Tonybet as a leader. This includes constantly refining responsible gaming tools like self-exclusion programs and deposit limits, as well as investing heavily in cybersecurity training for our employees and advanced technologies to prevent fraud.

The best security process is one that is strong, silent, and out of sight. We love that our players enjoy a smooth experience, largely unaware of the deep protections operating behind the scenes.

Q: Personalization and gamification are transforming the iGaming experience. How does Tonybet balance these innovations with safeguarding player data and maintaining robust security controls?

The industry's shift towards deep personalization and gamification is creating a more engaging player experience, but this reliance on personal data makes balancing innovation with security a challenge and a top priority for Tonybet.

Our approach is a "Privacy by Design" implementation, integrating data security into the development of every new feature. When we use AI and data analytics to power personalized gaming lobbies, tailored promotions, and gamified programs, we do so with strict safeguards. These include data minimization, processing only what is necessary, and using anonymization and pseudonymization techniques to protect personally identifiable information.

This technology serves a dual purpose. The same AI models that tailor personal preferences are also deployed to monitor for signs of risky play, enabling proactive gambling interventions such as suggesting a break or facilitating deposit limits. We also implement granular access controls to limit internal access to sensitive data.

Our strategy is one of purposeful integration, where every technological advance is matched by a security counterpart. This is allsupported by the regulatory frameworks of the tightly regulated markets in which we operate, like the Netherlands. This ensures that the personal touch players expect is built on a foundation of robust, ethical data practices — allowing security to enhance, rather than compromise, the player experience.

Q: We would be remiss not to ask you about the role of AI in the iGaming industry today. How has Tonybet been adapting to the FOMO that AI has created around it, and what practical uses have you found for the technology?

The "FOMO" surrounding AI is real and can lead to rushed implementations, wasted resources, and poor decision-making. At Tonybet, we take a pragmatic, strategic approach. We don’t implement AI for its own sake - only when it solves a genuine business, security, or player experience problem.

Our focus is on practical applications that deliver tangible results. This includes using AI to analyze user behavior to optimize the journey and boost retention, as well asstrengthening our security and AML compliance through real-time fraud detection that analyzes transactions and account activity for anomalies. We also leverage it as a responsible gaming operator, using behavioral analytics to identify at-risk players by monitoring patterns like bet sizing and session duration.

Beyond these core areas, we are exploring its other uses, like AI-powered chatbots in customer support for faster, more efficient assistance, and in refining personalized marketing. Underpinning all these initiatives is a commitment to using AI responsibly and transparently, ensuring our approach remains ethical and focused on meaningful outcomes rather than just chasing the latest buzzword.

Q: Effective fraud prevention often requires intelligence sharing between operators, yet it brings data privacy challenges. How does Tonybet manage threat intelligence sharing with partners while ensuring legal compliance, transparency, and purpose limitation?

Threat intelligence sharing is crucial for combating sophisticated fraud, but it requires careful management to protect data privacy. At Tonybet we address through a high-quality, standardized Legitimate Interests Assessment (LIA) across all our partnerships. This ensures our data transfers have a clear legal basis and are used strictly for collective security - not competitive advantage.

Our approach to this is multi-layered, with strict technical and contractual safeguards. We share anonymized or pseudonymized data with our partners, such as device fingerprints or threat patterns, stripping away any personal identifiers. This practice is governed by firm data sharing agreements that outline the limited purposes of the data and prohibit further disclosure, ensuring full compliance with regulations like GDPR.

We maintain transparency with our players about these practices, giving them the option to opt-out. Regular audits ensure that our processes stay aligned with our privacy policies and legal obligations. By standardizing this responsible approach, we create a safer ecosystem for all operators while protecting the trust and legal rights of every player.

Q: What is next for Tonybet in 2025 and beyond?

For the rest of the year and beyond Tonybet is focused on thoughtfully expanding our footprint. We aim to do this by staying adaptable to changing trends and continuously innovating. It’s all about getting our brand seen by more people, appreciated by more people, and consolidating these gains.

In terms of concrete product development, we are expanding our e-sports offering, introducing more flexible betting options like partial and full cashouts of live bets in-game, and further tailoring the user journey with advanced gamification tools. More control and a personalized experience are the future.

On the expansion front, we are currently advancing our license application for Portugal and closely monitoring regulatory developments in key markets like Finland, New Zealand, and Alberta.

Beyond products and markets, Tonybet is future-proofing itself. We’ll be using AI as a transformative force for gamification and to counter fraud. On the advocacy side, we’ll be actively pushing an agenda of safety and compliance, alongside addressing the poor practices of grey area online gambling, which lends a bad name to the industry as a whole.

Image credit: Casino Guru News