Poker bot detection: the signals, the economics, and the limits.

A single uncontrolled bot is a revenue leak, not just a fairness problem.

Operators tend to frame bots as an integrity issue — a matter of fairness. That framing undersells the damage. The clearer way to see it is as a direct hit to club revenue, because the mechanism is mechanical.

A modern bot plays mathematically strong poker. A recreational player has no realistic edge against it over any meaningful sample, so their deposit drains in a handful of sessions — and then they leave. Each casual player a bot burns out takes their lifetime value with them: every future dollar of rake that player would have generated, gone. In a typical club, one well-run uncontrolled bot can quietly kill five to ten recreational players a month. The lost LTV runs into thousands of dollars of rake the operator will never see.

The second-order damage is worse than the first. When players start to suspect foul play — and they do not need proof, only rumour — the club's reputation erodes. "That club has bots" is, by itself, enough to start an exodus. Reputation is the most valuable asset an operator owns, and the cheapest to lose. The same external automation that drains casuals is what the liquidity side of our work exists to keep balanced; detection is how you find the automation you did not sanction.

What an automated account actually looks like.

No single sign proves a player is a bot. A human can play long sessions; a bot can be programmed to misclick. Detection is about combinations — when several independent signals stack on one account, investigation is warranted. The signals fall into three families.

Behavioral signals

• Round-the-clock play without breaks. A human cannot sit for 18 hours at a constant intensity. A bot can, and many do.
• Identical decision timing. A bot often takes the same time on a trivial fold and an agonising river decision. Human latency varies with difficulty; a flat timing distribution is one of the strongest single tells.
• No human texture. Never misclicks, never fat-fingers a bet size, never responds in chat, never reacts to a bad beat. The absence of noise is itself a signal.

Statistical anomalies

• Unnaturally high win rate. A sustained 20–40+ bb/100 over a long sample is either a once-in-a-generation talent or a program. Talents are vanishingly rare.
• Mechanically perfect ratios. A VPIP-to-PFR gap that sits at exactly the same value across thousands of hands, or a WTSD pinned at 25.0%, is a distribution no human produces. People drift; programs hold the line.
• Identical sizing. Betting exactly ½ or ⅓ pot in matching spots, every time. Humans vary their sizing without meaning to; bots reproduce it.

Collusion and team-play

Bots are not the only threat — coordinated humans do equal damage and are harder to catch, because each individual account can look clean. The tells live in the interactions: two players who consistently avoid building big pots against each other, synchronised session entries and exits, suspicious folds of strong hands against one specific opponent, matching timing patterns as though one person is playing two seats, and — where the operator has the data — shared IP or GPS. Collusion only resolves over a long sample of cross-account behaviour, which is exactly where automated analysis beats the human eye.

The eye test doesn't scale past a few tables.

Every operator starts with manual review: skim the stats, watch a suspect, read a few hand histories, act on member complaints. It works for a small club. It collapses the moment the club grows.

The arithmetic is unforgiving. A club with 200+ active players and thousands of hands a day generates more behavioural data than any human can audit. The platforms' own tools help only partially — and reactively:

• Most built-in platform tooling is complaint-driven. It waits for a player to report something before anything happens, which means the damage is already done by the time it acts.
• Coverage is uneven. Some apps focus their fraud systems on financial abuse rather than gameplay; others run periodic ban waves that are slow and blunt. None of it is tuned to your specific club's baseline.

What the operator actually needs is continuous, club-specific monitoring that runs every day and flags clusters before the complaints arrive. That is the gap a dedicated detection layer fills.

Four layers, scored together.

No one method catches everything, so we run four in parallel and escalate accounts that score across several at once — that overlap is the high-confidence signal. The system profiles every player in the club and re-scans the full roster daily.

1. 01

   Behavioral biometrics

   Decision-timing distributions, action-latency curves and bet-sizing histograms across stack depths. Human players show wide, population-realistic noise; coordinated bot accounts collapse around tuned medians. Latency is the strongest single layer — accounts in the same cluster tend to converge on near-identical timing.

2. 02

   Statistical hand-history audit

   Aggregate stats over large per-account samples — VPIP, PFR, three-bet, c-bet, showdown and all-in EV variance. Static-profile bots cluster in unnaturally narrow bands; coordinated multi-account play produces correlated win/loss patterns no single human would generate.

3. 03

   Collusion graph analysis

   Cross-account interaction over rolling 30-day windows: chip-dumping signatures, soft-play in heads-up pots, abnormal fold-to-bet correlations between specific pairs. We build an interaction graph and flag clusters with anomalous edge density.

4. 04

   Network and device fingerprinting

   IP-block analysis, device-ID overlap, login geography. Farms mask this with proxies and VM isolation, but at scale the patterns leak — and combined with the behavioural layers, fingerprint overlap sharply lifts confidence on a suspected cluster.

On performance: a suspicious account is generally identifiable within a few hundred to roughly a thousand played hands, after which the high-confidence tier is reliable enough to act on. The sample-size requirement is the honest caveat — detection is a function of observed behaviour, so a brand-new account has to play before it can be judged, and we'd rather surface a confident flag late than a shaky one early. For the player-side view of this same arms race, see how poker rooms catch bots.

What lands in your weekly report.

The operator receives a ranked report on a fixed weekly cadence, so week-over-week patterns stay tractable:

• Suspicious clusters, ranked by confidence. Each entry lists the contributing accounts, which detection layers fired, an evidence summary, and a low / medium / high score. High-confidence clusters usually have all four layers firing at once.
• Movement summary. What changed since last week — new clusters, escalations, and clusters that went quiet (often because you already actioned them).
• Population-health snapshot. Real-player retention, win-rate distribution and overall ecology metrics, so you can separate farm-induced churn from other pressures.
• Recommended actions, not automatic ones. Per-cluster suggestions — ban, refund, watch-list, escalate. You make the call; we supply the rationale.

If a new high-confidence cluster surfaces between reports, it escalates immediately. We do not wait for Monday on accounts actively damaging your club.

Questions operators ask first.