Late last week, a large number of active PokerStars players who have been frequenting the higher stakes Spin-and-Go tables received a bit of good, yet worrisome news – they’d been issued refunds by the site, some for amounts in the thousands of dollars. Although receiving a surprise addition of funds to one’s account is something anyone would welcome, the implication is troubling; as TwoPlusTwo poster “Don Stefano” pointed out in a thread on the subject, the amounts involved and the number of players who received refunds suggest that something big had been going on. Even for those who weren’t playing the games in question and didn’t receive a refund, the news that a major site has broken up a cheating ring is cause for ambivalence; on the one hand, it’s reassuring to know that the security team does manage to catch some cheaters, but by the same token, it does serve as a reminder that cheating does happen on a regular basis, and it’s impossible to know what percentage of cheaters are ultimately caught by the team, and what other scams are still out there, undetected.

These mixed feelings aren’t helped any by the customary lack of transparency concerning the details of who was doing what and how they were caught. The emails sent out by PokerStars to players who received refunds contained the following paragraph:

We regret that we will be unable to answer questions as to how your specific credit amount was calculated. Likewise, we are not at liberty to identify the specific games or player(s) in question. Suffice to say that the offender(s) have been barred from the site and you will not encounter them again.

This refusal to disclose information has been met with disapproval from some members of the community, with one noteworthy example being the op-ed penned by computer security expert Eddie Harari for Cardplayer Lifestyle, and which has been making the rounds today. Unfortunately, even if PokerStars weren’t habitually tight-fisted with its data to begin with, there are a couple of factors which make it difficult for poker sites to release details about cheating.

For one thing, any information so disclosed can potentially be used by other would-be cheaters in their own efforts to avoid detection. Obviously, the security team can’t reveal the methods by which it caught the cheaters if it wants those methods to continue to be effective in future, but even without such explicit information, potential cheaters could attempt to make inferences from any data released. For instance, simply revealing the number of parties involved would, over time, make it apparent what size of ring is optimal for avoiding detection.

Another factor, as pointed out by Michael Josem on Twitter, is that PokerStars’s privacy policies apply even to players who’ve been banned or are under investigation for cheating. Of course, there are plenty of details which could be revealed without providing the screen names or identities of any of the people involved, but here too the inference argument applies; any data PokerStars chose to release would first have to be scrutinized carefully in order to ensure it couldn’t be used by internet sleuths to help determine anyone’s identity. Without a clear and pressing need to disclose information, then, it’s natural that sites err on the side of caution and disclose nothing rather than risk disclosing something which turns out to compromise either site security or user privacy.

Collusion a likely possibility

The fact that PokerStars can’t reveal much about what happened doesn’t mean that the rest of us can’t attempt to guess, however. Given that the amounts of money involved suggest multiple cheaters, and that they all look to have been caught at once, it seems reasonable to assume that the guilty parties were working together in some way. Meanwhile, Spin-and-Go’s are played with three players per table, which is the optimal situation for collusion; the fewer players at the table, the more opportunities two players will have to work together, and having two players in cahoots against the third in a Spin-and-Go is the most extreme case of that.

There are many ways that collusion could take place, from manipulating pot odds, to setting up squeeze opportunities for one another, to sharing hole cards in order to help narrow the victim’s range and allow for more precise counting of outs. Even a simple dumping of chips from the player on the victim’s right to the player on the victim’s left would likely increase the latter’s odds of being the first one eliminated, due to positional considerations.

Of course, direct collusion isn’t the only way that players could collaborate to gain an edge. Exchanging hand histories would be another simple way a group of players could be helping one another to win in violation of the terms of service; statistical knowledge of opponents’ preflop tendencies is extremely important in hyper-turbo formats, so having such information on a player one has never played against oneself would be a fairly significant edge. The only reason I would consider that a less likely possibility is simply that it seems like something that would be extremely difficult to detect. Although PokerStars has acknowledged that such data-mining has been a problem in Spin-and-Go’s and was planning on addressing the issue, the company’s communications have seemed to suggest that the efforts would largely focus on preventing the collection of the data in the first place, rather than its use.

Without a direct way of determining what information a player has access to, the only way the security team could go about catching that form of cheating would be to pick up on changes in the cheater’s own statistical tendencies which suggest that the player is pre-emptively adapting to opponents before having seen enough of their play to be making those adjustments legitimately. Because of the high frequency, random seating and short duration of an individual Spin-and-Go, however, it’s unlikely that there are many cases in which one collaborator has many hand histories with a given victim and his partner has zero or very few. My intuition is that this would make it very difficult to produce sufficient statistical evidence that the security team would feel confident banning the players involved and seizing their accounts.

Doesn’t randomized seating prevent collusion?

The argument I’ve seen made in most articles on this story is that the randomized seating of Spin-and-Go’s should itself prevent collusion by making it impossible for collaborators to guarantee that they find themselves at the same table. This strikes me as a fairly naive assumption, for a few reasons.

Firstly, collusion teams don’t need to be at the same table every single game. Even without making any efforts whatsoever to get seated together, simply being online and playing at the same time makes it likely that two players will find themselves in the same game occasionally. This is, of course, more likely to happen the fewer players are playing at the time. You might not find yourself at your friend’s table very often if you’re playing $3 Spins on a weekday evening, or Sunday afternoon, but if we’re talking about playing $60 Spins at 4 AM on a Tuesday, there are probably sufficiently few other users in those games that even fully random seating will land two partners at a table together a decent percentage of the time.

Similarly, another way to increase those odds is simply to have more players involved in the collusion team. If three players sit down, the odds that any two of them end up seated together are roughly three times greater than the odds that a two-man team does. With four players, those odds are now six times greater. With five, ten times greater, and so on. This is often called the “handshake problem” in math, and the calculation is relatively simple to do and often posed to high schoolers.

There’s another way to artificially boost the chances of being seated with a given partner, however, which is to synchronize your start-up times. The efficacy of this approach is demonstrated, in a backwards fashion, by the former popularity of the now-prohibited software SpinWiz; this was a script-seating program that would communicate between its various users in order to desynchronize their sign-ups, to avoid them being seated together. The assumption here was that anyone investing in such software would likely be stronger than the average player, so helping its users avoid one another would give them, on average, softer tables than everyone else.

SpinWiz can therefore be seen as proof-of-concept that synchronizing or desynchronizing sign-up times is effective as a means of controlling seating. That doesn’t mean that synchronizing start-ups guarantees sitting together, of course; PokerStars may add a random delay to combat this plan and, if not, network latency will do the job naturally. However, the fewer games starting up, the longer the delay in between them, and therefore the less precise one would need to be to make this work. In high stakes games at off-peak hours, it can take several seconds for the system to find opponents. At that sort of delay, would-be collusion partners wouldn’t even need digital assistance; it would suffice to be on the phone together and say “1, 2, 3, go” or, in the case of a larger group, synchronize digital watches beforehand and agree that all participants will be registering for their games at e.g. 17 seconds past the minute.

Between such a strategy and the natural probabilistic factors mentioned above, even a fairly small group of cheaters could be fairly assured of having some of their members playing together at any given point in time. However, it’s this kind of thing that also makes them most likely to be caught; analyzing players’ statistical decision-making frequencies is difficult and requires a lot of data, but it wouldn’t take very long at all to prove beyond reasonable doubt that a certain group of players’ sign-up times were too tightly clustered to be random. That could be picked up by a computer algorithm quite readily, at which point a human specialist could look at the hand histories of those players for signs of collusion that a statistical algorithm might miss.

Although PokerStars security does catch and ban individual, not-too-competent cheaters on a regular basis (bot-users especially), the highest-profile cases of cheating rings being caught and broken up in recent years have involved sleuthing by the player community. It makes sense that the players actually in the games would have better intuition for who is likely to be cheating, and know what to look for when performing statistical analysis of the hand histories. On the other hand, one would expect that PokerStars security would be much more likely to catch bots and cheaters based on meta-behavior – mouse movements that don’t look human, for instance, or non-random sign-up times as we’re talking about here. That kind of thing is much more easily attacked by computer analysis, but relies on data not available to the player community.

Obviously, this is all pure speculation on my part, but I think it’s a reasonable guess. There are other possibilities too, of course, but it would at least be consistent with all known facts that the cheating involved collusion between multiple parties, and that their efforts to game the randomized seating system in order to play together may have been the first clue which tipped off the security team. Unfortunately, we’ll probably never know if I’m right, but if you’re wondering about what went down, that’s my read.

Alex Weldon (@benefactumgames) is a freelance writer, game designer and semipro poker player from Montreal, Quebec, Canada.