Lebull’s Head of Compliance on why payment data beats assumptions, how identity fraud got easy, and the risk of AI decisions no one can explain
Ahead of SBC Summit 2026, we spoke to Miguel Luis, Head of Compliance at Lebull, about the payment and fraud challenges facing gambling operators as they push into new regulated markets. From reading player behaviour rather than relying on assumptions, to the growing ease of identity fraud and the danger of AI decisions no one can explain, Lebull’s Luis makes the case for risk systems operators actually understand.
For more details on your chance to attend SBC Summit 2026, and hear from Miguel Luis in person, follow the link HERE for more details.
Read the full interview below.
As the number of regulated gambling markets increases, what are the biggest payment challenges operators face when entering new jurisdictions?
The first one is local knowledge. Knowing the core international payment methods isn’t enough anymore, you need to understand the APMs that actually matter in that market, because in a lot of jurisdictions that’s where the player is. Pricing is the second piece, and it’s a basic one, but it still trips operators up when they underestimate it. Third, you need a provider that performs, not just one that’s present. Low latency, a solid acceptance rate, minimal downtime, these things decide whether a player completes a deposit or gives up halfway through.
And then there’s the regulatory side, which people sometimes treat as an afterthought. Local AML and financial transaction rules vary a lot, and some jurisdictions expect a much closer look at source of funds, even on payment methods that would be considered low-risk elsewhere. You need to understand the full flow, from deposit to withdrawal, and make sure the account holder and the player are, without question, the same person.
You have written about the importance of using behaviour rather than assumptions when assessing risk. How can payment data help operators identify genuine risk?
There’s an enormous amount of data generated by every transaction today, and most operators only use a fraction of it. Combine transaction data with player behaviour and patterns start to speak for themselves. A player who almost always plays at certain hours suddenly has an intense session with multiple deposits at a completely different time of day. That’s worth a look. Or players in a certain age bracket who typically favour a specific payment method, and one of them suddenly switches to something entirely different. Same with the classic case of an average deposit size that suddenly spikes.
None of this replaces proper verification, though. It flags where to look closer. Every player still needs to be assessed individually, the data just tells you where to point your attention.
As payment methods evolve and fraudsters adapt, what emerging threats should operators be preparing for?
Routing money through an increasingly long and complex chain of methods and providers is becoming much easier to do, and much harder to trace. Identity fraud isn’t new, it’s been around in one form or another forever, but the tools available to commit it have gotten so good, and so accessible, that the barrier to entry has basically disappeared. That’s the part that concerns me most, not a new type of fraud, but how easy the old ones have become.
You have suggested that “the model said so” is not enough when explaining risk decisions. Do you think the industry is doing enough to understand how its AI systems reach those decisions?

Honestly, no. There’s a growing tendency to let AI tools handle everything without asking what configuration was used, or what the actual reasoning behind an outcome was. That’s exactly where things fall apart, the moment one of these automated decisions gets challenged by a regulator or in court, and nobody in the room can explain what data was analysed or how it led to that decision.
And the decision itself can be entirely correct. That’s not even the issue. If you can’t explain and justify it, you don’t just lose the case, you damage the credibility of the whole operation.
There is a trade-off between stronger fraud controls and a smoother customer experience. Are operators sometimes adding too much friction because they are not using data effectively enough?
Yes, and it cuts both ways. Not using the data you already have properly leads to too much friction in places where it isn’t needed, or not enough scrutiny exactly where it should exist. A lot of the time it comes down to not knowing how to configure a proper risk-based system, one that treats different types of players differently, which is how it should work in the first place.
Do you think the next stage of fraud prevention will come from advances in technology, or from operators gaining a better understanding of player behaviour?
Both, and I don’t think you can really separate them. You need the data, the tools to analyse it properly, and, just as important, operators and providers who understand how to configure their systems so players are routed and handled according to their actual risk level. Take any one of those three away and the other two only get you so far.
Held in Lisbon from 29 September to 1 October 2026, SBC Summit is one of the world’s largest gatherings of betting and gaming professionals.
The event will bring together 40,000 attendees from across the industry for three days of learning, networking, and discussion, alongside a major exhibition featuring leading brands from around the globe.
For more information and tickets, visit sbcevents.com/sbc-summit.
Source: Payment Expert