Case Studies

The Problem

Marketing, Finance, and Risk suspected that a significant share of promo spend and withdrawal volume was being captured by organized studios operating multiple synthetic accounts. There was no unified view of how these accounts linked together, no way to size the leak, and no actionable list the operations team could execute against.

Our Approach

We designed a tiered cluster-detection framework linking accounts via shared withdrawal channels, name hashes, and phone fingerprints — ranking each cluster by suspiciousness (P0/P1/P2). We then built an 11-category fraud-type classifier so each cluster would route to the right downstream team.

Cluster output was joined to deposit, withdrawal, promo cost, and game-level betting data to compute per-cluster net P&L — producing multi-dimensional Top-30 actionable lists, each cluster a self-contained case file.

Results & Impact

• ✓Two promo rules accounted for 67% of arbitrage outflow — rule-fix projected to save over ₱20M/month (over ₱240M annualized)
• ✓Top-30 list used by Risk to freeze withdrawals, Marketing to rewrite promo rules, Finance to recover ₱50K+/month
• ✓First end-to-end view of organized activity across 18 banking and e-wallet channels
• ✓Framework adopted as standard P0 risk-tiering methodology platform-wide

SQL (MaxCompute) Python Tableau Graph Cluster Modeling

The Problem

During cluster review, one cluster of 53 accounts showed a withdraw-to-deposit ratio of 7.82× — three standard deviations beyond the population norm. The challenge: prove systematic fraud or rule it out, then generalize the detection pattern across the entire player base.

Our Approach

We verified zero jackpot wins and a 51-of-53 positive win-rate — statistically impossible under fair play. Analysis revealed 99% of betting volume concentrated on Texas Poker with a cluster-level RTP of 1.90.

We then generalized the pattern into a scalable detection rule: flag clusters where size ≥ 3, RTP ≥ 1.5, and poker concentration ≥ 80%. Batch-registration fingerprints were layered in to reduce false positives.

Results & Impact

• ✓Detection rule adopted into the standard risk-tiering system by the Risk team
• ✓Three distinct victim layers sized, enabling leadership to prioritize remediation
• ✓Immediate action recommendations and longer-term anti-collusion controls delivered
• ✓over ₱6M/month extraction from honest players stopped

SQL Python RTP Analytics Behavioral Fingerprinting

The Problem

Marketing, Risk, Operations, and Finance each maintained their own slice of player data, leading to inconsistent definitions of "active user," "deposit cohort," and "marketing ROI." Ad-hoc queries were slow and rarely agreed with each other — creating friction in every cross-functional meeting.

Our Approach

We designed a 59-field player-profile snapshot table covering identity, lifecycle stage, deposits/withdrawals (lifetime + 1d/7d/30d), betting and GGR, channel and game preferences, and marketing-cost attribution — modeled as five mutually exclusive cost categories.

Per-player unit economics (cost-to-deposit, cost-to-GGR) were computed at the player level, surfacing money-losing cohorts Finance previously couldn't see. Built as a daily INSERT-OVERWRITE partitioned ETL with explicit test-account filtering.

Results & Impact

• ✓Replaced redundant per-team aggregations with one authoritative daily table
• ✓Cut analyst query time from minutes-against-raw-fact-tables to seconds
• ✓Became upstream join source for fraud-cluster pipeline and churn model
• ✓Finance gained first-ever view of money-losing player cohorts

SQL (MaxCompute) Dimensional Modeling T+1 ETL Tableau