This weekend: the Super Bot

It’s funny, I usually don’t watch the professional American football championship game (yes that’s in bold because I’m feeling a little facetious about copyright) unless my casually beloved New England Patriots are playing. Of course, in recent years, that’s meant I’ve been as likely to watch the game as not, #blessed as I am to be a Bostonian who grew up during the Tom Brady era. This year, though I don’t have a rooting interest, I’ll be tempted to have the game on in the background while I keep an eye on the oddsmakers, just to see what happens.

I’m not betting on the game; I only bet when I’m playing Texas Hold’em with friends. But watching the odds change could be a sign of a competition happening off the field. It could be a sign that bots are fighting against humans to swing the percentages in a particular direction.

Bot against bot, bet against bet

Go ahead, punch in “super bowl odds” and see what comes up. Now click through to the second result. Now to the third. The odds—especially on prop bets and parlays—aren’t exactly the same from one site to the next. Each major betting site tends to have its own in-house bookmakers, and while their general sense of who is most likely to win a given game might be similar, it’s rarely identical.

One of the things they teach you in Economics 101 is the concept of “arbitrage”. It happens when there’s any shred of difference between the margins or the prices of a given item. Someone buys, say, a new PS5 on one outlet at $400, and is able to get $500 on a third-party site. They’ve made themselves a hundred bucks for doing nothing.

Betting also has the opportunity for arbitrage. It’s fairly complex in its mathematics, at least to this vaguely math-allergic writer, but the general principle is this:

  • Find two sites that have different odds on different outcomes of the same event, and where the odds of those different outcomes (like a Los Angeles win on one site and a Cincinnati win on another) add up to no more than a certain number.
  • Bet on both sites.
  • No matter what the outcome is, you’ll make enough money to cover the losing bet and still turn a tidy profit.

The linked article cites a report that betting arbitrage opportunities only last about 15 minutes before the odds shift and the advantage disappears, which creates a huge incentive for bots.

After all, arbitrage betting is a function of mathematics and speed, two things that computers—and bots—are very good at.

So arbers (a term for arbitrage bettors) will often use bots to find those opportunities and place bets before they disappear. And the bots that power this experience are not only easy to find, they’re endorsed by some of the sites that take bets. It’s essentially just a web scraping attack, but looking for a very specific discrepancy between two competing sites.

The house always wins, though. Bets have fees, like online trading. So even if you end up in the black from arbitrage betting, the house is still getting its share. And the majority of bettors aren’t arbers, so the house will make it back without breaking a sweat.

A kickoff advantage

Another way that betting sites might get targeted by bots going into this weekend’s
Big Gamenot a trademark is in the incentives they offer to get new bettors in the door in the first place. It’s common, especially on the English sites that host a great deal of soccer-related betting, to have a “first bet free” promotion, or occasionally improved odds on the first bet.

Is there a stronger incentive for a fake account fraud attack than free bets, especially when paired with that arbitrage betting approach? Now a botmaster can place as many bets as they can create new accounts, and if they can run that arbitrage scheme on multiple sites with similar incentives, max out their winnings.

If I’m a betting site taking odds for this weekend’s game, I’m definitely paying very close attention to my account creation pages to see if anything weird is happening there. Especially since this weekend will be one of the biggest betting weekends of the year, it seems like it might not be very difficult for an unprotected account creation page to fail to notice a bunch of bots sneaking in the door while an offer is ongoing.


Gonna bot the odds

The other key thing to remember about how bookmakers work is that their odds for a given result in a game will change based on how many people are betting on it. If Los Angeles started the day as a 4-3 favorite to win the game, enough people might bet on that outcome to make it less profitable for the bookmaker to keep that payout ratio, so maybe it changes to 5-4, or even higher odds.

Odds are based on the volume of bets, for the most part, and it’s why odds for the Kentucky Derby (to reference another sport entirely) are changing right up until post time. As bookmakers take bets, their sensibilities about the most likely outcomes might shift, as does the math about how much the bookmakers will make from losing bets if their winning customers are all piling in at a good payout ratio.

But there’s that key word again: volume. As HUMAN Co-founder and CEO Tamer Hassan likes to ask, if you could look like a million humans on the internet, what would you do? In this case, the answer might be “place a million small bets on one outcome to push the odds in the other direction, and then place one really big bet on the other outcome now that the odds are more favorable.” Like with the arbitrage scenario, a clever botmaster can find those inefficiencies in the betting marketplace and manipulate them to their advantage. And if nothing else, botmasters are increasingly clever.

All of these attacks, it’s worth noting, are completely preventable. Web scraping attacks, new account fraud attacks, bots transacting in volume…all can be thwarted with the right bot mitigation tool. HUMAN’s Bot Defender can safeguard your apps and APIs from the influence of bots, including arbitrage betting bots.

That said, if someone’s taking Puppy Bowl bets, I’ll put $10 on Wasabi to score a touchdown.