Bonus-abuse va moliyaviy himoya

1) Bonus-abuse nima va nima uchun bu moliyaviy muammo

• To’g «ridan to’g» ri yo’qotishlar: bonus qiymati, free spins, promo-fees/FX, CB/Refund.
• Metriklarning buzilishi: oshirilgan AR/MAU, soxta uplift’lar.
• To’lov xavfi: «karusel» depozit → chiqarish, chargeback-farming.
• Litsenziya xavfi: RG/KYC/AML buzilishi, misleading promotions.

2) Suiiste’molchilik taksonomiyasi (patternlar)

1. Stacking - bir kishi uchun bir nechta bonuslar/uy xo’jaligi/qurilma/to’lov tokeni.
2. Net-deposit loops - bonus uchun depozit → minimal stavkalar → chiqarish yoki charjbek.
3. Hedging/Arbitrage - o’zaro bog’liq bozorlarda/o’yinlarda tavakkalchilikni «yopish» uchun stavkalar.
4. High-RTP cherry-picking - faqat WRga katta hissa qo’shadigan taytllar o’yini.
5. Method arbitrage - arzon depozit usuli → qimmat/tezkor chiqish yo’lagi.
6. FX-arbitraj - depozit va chiqarish o’rtasidagi kurs farqi bo’yicha spekulyatsiya.
7. Multi-accounting - qurilmalar/tarmoqlar/to’lov vositalaridan qayta foydalaniladigan klonlar.
8. Chargeback farming - bonus o’yini, so’ngra nizo/chorjbek orqali depozitni qaytarish.
9. KYC-evasion - SoF/SoW’ni maqsadli aylanib chiqish, mamlakatni almashtirish (VPN/Proxy/SIM).

3) Moliyaviy himoya (policy core)

ND (Net Deposits) -gate:’ND ≥ 0’(yoki’ND ≥ θ’) ostonasida ishtirok etish/to’lovlar.
Same-method/Return-to-source: ND summasiga qadar chiqarish - faqat depozit manbaiga.
Payout-locks: WR bajarilgunga va qoidabuzarliklar tekshirilgunga qadar aktiv bonus bilan olib chiqishni taqiqlash/cheklash.
WR & Contribution%: o’yinning shaffof qoidalari (BONUS-ONLY yoki BONUS + DEPOSIT) va o’yin toifalari bo’yicha og’irlik.
Max bet WRda: absolut yoki bonusdan ulushlar limiti (masalan,’5 EUR’yoki’10% bonusdan’ ’).
One-per constraints: по person/household/device/payment_token.
Game/risk exclusions: «frispin sotib olish», jekpotlar, g’ayritabiiy yuqori RTP unvonlari taqiqlanadi.
Velocity caps: depozitlar/kreditlar/muvaffaqiyatsiz to’lovlar chastotasi limitlari.
Rolling-reserve/holdbacks: sheriklar/submerchantlar va yuqori xavfli o’yinchilar uchun sug’urta buferi.
FX-siyosat: grant bonusga reference rate belgilash; payout’da slippage’ni nazorat qilish.

4) Xavf signallari (to’lov va xulq-atvor)

Payment: BIN-geo ≠ KYC-mamlakat, tez-tez soft-declines, ketma-ket yangi tokenlar, karta/hamyon, taniqli «yuqori xavfli» emitentlar.
Device/Network: device-graph boshqa umumiy IP/ASN/VPN/hosting hisoblariga mos keladi.
Behavior: faqat high-contrib o’yinlar, min-depozitdan so’ng darhol chiqish, WR qoidabuzarliklarini takrorlash.
Geo: KYC ≠ IP ≠ SIM, anormal geo-tezlik.
Docs: shubhali KYC/POA/SoF (past sifat, namunalar, reuse).
FX: «zaif» valyutadagi depozitlar, «kuchli» valyutadagi xulosalar, vaqtincha yuqori spread.

Risk-skoring: bloklar bo’yicha chiziqli model/GBM (Payment/Device/Behavior/Geo/FX), step-up uchun chegaralarni kalibrlash (KYC/Liveness/SoF) va deny.

5) Qoidalar arxitekturasi (policy engine)

Idempotentlik: payment_token/household/device bir martalik grant.
«Depozitgacha» qoidalari: GEO/KYC/ND/one-per bo’yicha eligibility.
«Depozitdan keyin» qoidalari: grantni faollashtirish, max bet, WR, game-mix, taymer.
«Chiqish» qoidalari: same-method, ND-razrez, SoF/SoW step-up, hold/deny.
Audit: qoidalar versiyasi, sabablari, evidence (apellyatsiya va regulyator uchun).

6) Hodisa-pleybuklar

1. Abuse wave (stacking): ushbu kampaniyaning grantlarini darhol freeze, WR qayta hisoblash, tanlangan SoF, tokenlarni band qilish/households.
2. Chargeback surge: 3DS-step-up kiritish, same-methodni kuchaytirish, xulosa chiqarish va PSP zaxirasini oshirish.
3. FX-arbitraj: vaqtincha kross-valyuta xulosalarini cheklash va spread-guard joriy etish.
4. Method arbitrage: ND-manfiy uchun «qimmat» koridorlarni yopish, faqat manbaga qaytarishni yoqish.

7) Huquq, RG va maxfiylik

Terms & Promo T&C: chekautda qisqa versiya, to’liq - profilda; mahalliylashtirilgan.
RG: self-exclude/limitlar - bonuslar mavjud emas; cooling-off faol grantlarni bekor qiladi.
KYC/SoF: maʼlumotlarni minimallashtirish, aniq kelishuvlar, retenshn siyosati, DPA.
Sanksiyalar/litsenziyalar: mamlakatlarning oq ro’yxatlari, muayyan yurisdiksiyalarda promo turlarini taqiqlash.

8) Ma’lumotlar va model (minimal)

sql
-- Игрок и атрибуты риска risk.player_signals (
user_id PK, risk_score NUMERIC, nd_total NUMERIC, nd_30d NUMERIC, nd_7d NUMERIC,
kyc_level TEXT, geo_ip TEXT, geo_kyc TEXT, geo_sim TEXT,
device_hash TEXT, household_id TEXT, payment_token_last TEXT,
fx_profile JSONB, updated_at TIMESTAMP
);

-- Гранты бонусов и прогресс/нарушения bonus.grants (
grant_id PK, promo_id, user_id, deposit_tx_id, currency,
bonus_amount NUMERIC, granted_at TIMESTAMP, expires_at TIMESTAMP,
status TEXT -- ACTIVE    FORFEITED    COMPLETED    EXPIRED    FROZEN
);
bonus.wr_progress (
grant_id, user_id,
turnover_slots NUMERIC, turnover_tables NUMERIC, turnover_live NUMERIC,
turnover_total NUMERIC, required_total NUMERIC, updated_at TIMESTAMP
);
bonus.violations (
id PK, grant_id, user_id, type TEXT, severity TEXT, details JSONB, occurred_at TIMESTAMP
);

-- Нетто-депозиты и разрез по методам finance.net_deposits (
user_id, currency, nd_total NUMERIC, nd_by_method JSONB, updated_at TIMESTAMP
);

-- Выводы и причины hold/deny payout.requests (
payout_id PK, user_id, method TEXT, currency TEXT, amount NUMERIC,
nd_snapshot NUMERIC, same_method_ok BOOLEAN, risk_score NUMERIC,
status TEXT, reason_code TEXT, created_at TIMESTAMP, decided_at TIMESTAMP
);

9) Psevdo-DSL qoidalari

yaml policy: "bonus_abuse_v4"
eligibility:
geo_whitelist: [DE, AT, FI]
kyc_min: L1 nd_min: 0 one_per: [person, household, device, payment_token]
deny_if:
- sanctions_hit == true
- risk_score >= 0.85 grant:
max_bet_amount:
EUR: 5 wagering:
base: BONUS_ONLY multiplier: 30 contrib:
slots: 100 tables: 25 live: 10 game_exclusions: [JACKPOT, BUY_BONUS]
controls:
payout_lock: UNTIL_WR_DONE same_method: true allow_nd_withdrawal: true fx_spread_guard_bps: 80 method_arbitrage_block: true escalations:
- if: nd_7d < 0 then: "deny_new_bonus"
- if: device_household_overlap >= 2 then: "manual_review"
- if: cb_rate_30d > 0.8% then: "hold_payout_48h"
audience:
exclude_segments: ["self_excluded", "high_risk_bin"]

10) SQL namunalari

10. 1. ND-gate va same-method

sql
SELECT r.payout_id,
(nd.nd_total >= 0) AS nd_non_negative,
(t.method = r.method AND t.payment_token = r.payment_token) AS same_method_ok
FROM payout.requests r
JOIN finance.net_deposits nd ON nd.user_id = r.user_id AND nd.currency = r.currency
JOIN dw.transactions_flat t ON t.tx_id = (
SELECT deposit_tx_id FROM bonus.grants
WHERE user_id = r.user_id AND status IN ('ACTIVE','COMPLETED')
ORDER BY granted_at DESC LIMIT 1
)
WHERE r.status='PENDING' AND r.created_at BETWEEN:from AND:to;

10. 2. Detekt household/device overlap

sql
SELECT suspect.user_id, base.user_id AS overlap_with, suspect.device_hash, suspect.household_id
FROM risk.player_signals suspect
JOIN risk.player_signals base
ON suspect.user_id <> base.user_id
AND (suspect.device_hash = base.device_hash OR suspect.household_id = base.household_id)
WHERE suspect.updated_at > now() - INTERVAL '30 days';

10. 3. Max-bet va game-mix buzilishlari

sql
SELECT b.user_id, b.grant_id,
SUM(CASE WHEN b.amount > l.max_bet_amount THEN 1 ELSE 0 END) AS maxbet_viol,
100.0 SUM(CASE WHEN game_category='slots' THEN b.stake ELSE 0 END)
/ NULLIF(SUM(b.stake),0) AS slots_share_pct
FROM dw.bets b
JOIN bonus.session_limits l USING (grant_id, user_id)
WHERE b.placed_at BETWEEN:from AND:to
GROUP BY 1,2
HAVING SUM(CASE WHEN b.amount > l.max_bet_amount THEN 1 ELSE 0 END) > 0
OR 100.0 SUM(CASE WHEN game_category='slots' THEN b.stake ELSE 0 END)
/ NULLIF(SUM(b.stake),0) >:one_game_share_max;

10. 4. Chargeback-post-bonus monitoringi

sql
SELECT method,
10000.0 SUM(is_chargeback::int) / NULLIF(COUNT(),0) AS cb_bps_14d
FROM risk.outcomes o
JOIN dw.transactions_flat t USING (tx_id)
WHERE o.occurred_at BETWEEN (CURRENT_DATE - INTERVAL '14 days') AND CURRENT_DATE
AND EXISTS (SELECT 1 FROM bonus.grants g WHERE g.deposit_tx_id=t.tx_id)
GROUP BY method
ORDER BY cb_bps_14d DESC;

10. 5. FX-slippage

sql
SELECT g.promo_id,
SUM(fx_effective - fx_reference) 10000.0 / NULLIF(SUM(amount_reporting),0) AS fx_slippage_bps
FROM dw.transactions_flat t
JOIN bonus.grants g ON g.deposit_tx_id=t.tx_id
WHERE t.settled_at BETWEEN:from AND:to
GROUP BY 1;

11) KPI va dashbordlar

Abuse Rate: qonunbuzarliklar/tergov bilan grantlar ulushi.
WR Completion % / Time-to-WR (p50/p95).
ND Gate Hit% va ishtirokchilar orasida ND <0 ulushi.
Chargeback After Bonus (bps) usulida/PSP/geo.
Payout Hold Share va oʻrta TAT yechimlari.
FX Slippage (bps) promo/valyutalar bo’yicha.
Promo Liability (passiv) va Breakage%.
Household/Device Overlap Index (klasterlash).

12) Alerta va ostonalar

Abuse Spike: рост `violations/100 grants` > X d/d.
CB Surge Post-Bonus: cb_bps_14d usuli/geo> chegara.
ND Negative Share ↑: ND <0 ulushi> Y%.
Max-Bet Burst: buzilishlar ko’payishi> brend/titl bo’yicha chegara.
FX Anomaly: slippage_bps> valyuta juftligi bo’yicha limit.
Household Bloom: qurilmalar/manzillarning yangi katta klasteri.
Policy Drift: qoidalar/roziliklarning qayd etilgan versiyasiz grantlar.

13) UX-patternlar (konversiyani «yoqmasdan»)

Depozit ekranidagi shartlarning qisqa kartochkasi (min dep, WR, max bet, same-method).
WR-progress-bar + muddat, toifa bo’yicha hissa.
ND/xulosalarning izohi: «Sof depozitlar summasigacha - faqat manbaga».
Yumshoq step-ups: SoF/signal bo’yicha selfi; shaffof muddatlar.
Apellatsiyalar: chek-varag’i bo’lgan «tortishish» tugmasi.

14) A/B-himoya testlari

Nimani sinash kerak:’nd _ min’,’max _ bet’,’WR multiplier/base’,’one _ per’-strategiyalar,’fx _ guard’.
Guardrails: CBR bps, Abuse Rate, AR/Take-Rate, Payout TAT.
Metodika: GEO/BIN/usul bo’yicha stratifikatsiya, pre-xulq-atvor bo’yicha CUPED, SV/xulosalar uchun lag.

15) Joriy etish chek-varaqasi

• ND-model va usullar bo’yicha kesish; same-method/return-to-source в payout.
• Promo DSL + qoidalar validatori, versiyalar va audit.
• Max bet, WR, contrib%, exclusions; velocity limitlari.
• Device/household graph; BIN-geo/FX profillari.
• Risk-skoring + step-ups (KYC/SoF) va deny-chegara.
• Hold/Reserve mexanika xulosalari va PSPda.
• KPI dashbordlari va alertlar; hodisalar pleybuklari.
• Huquqiy matnlar (mahalliy), RG-geytlar, rozilik va retenshn.
• SLA bilan apellyatsiya va qo’lda hal qilish jarayoni.
• A/B qattiq gardrails va data-friz bilan.

Xulosa

Bonus-abuse-dan samarali himoya qilish taqiqlar to’plami emas, balki tizimdir: ND-nazorat va to’lovlarda same-method, qat’iy WR/max-bet va contrib%, Payment/Device/Behavior/FX signallari, step-ups bilan risk-skoring, shaffof UX va yuridik tozalik. Bu to’g’ridan-to’g’ri yo’qotishlarni kamaytiradi, P&L ni barqarorlashtiradi va halol o’yinchilar uchun halol tajribani saqlab qoladi - ortiqcha ishqalanish va «yolg’on ishqalanishlarsiz».