Prevention of fraud
All Member States seek to prevent fraud and unfair games. National legislation aims to protect, consumers (from fraudulent and criminal operators), operators (from fraudulent players or player syndicates) and event organisers. Examples include: unauthorised use of credit cards, which may also be associated with “identity theft” and ‘match-fixing’ (eventfixing) where an individual, a group of persons (typically associated with organised crime) seek to influence the outcome of an event (e.g. a sports event or a card game) (E.g. criminal organisations based in China or Croatia have been involved in match fixing in BE, DE and FI.). Fraud also occurs when a group of players colludes against another player (e.g. rigged poker tables).
There are the following three types of fraud on which it wishes to consult:
– Players not receiving their winnings. Typical examples include fraudulent “lottery scams”, where an unlicensed illegal operator contacts consumers asking them to pay an amount of money (handling fee) or give personal information (bank details) before a prize can be paid. Such scams frequently make false reference to authorisations given by European gambling authorities (This should not be considered to be associated with delayed winnings where a licensed operator withholds winnings for due diligence purposes without giving the player sufficient information why this is done. The operator should in such cases explain why the payment is withheld. The most common explanation for such delays is additional customer identification controls.).
– Identity theft and data protection related issues. These involve the unauthorised use of another person’s personal information to assume that person’s identity and thus access resources or obtain credit and other benefits in that person’s name.
– Manipulation of the outcome by tampering with the software associated with the game or through corruption of persons involved in organising the game or event.
Prevention of Money laundering
The two extreme types of “money laundering” activity are on the one hand, complex transnational operations designed to hide the criminal origins of large scale crimes so that people and property are made to appear legitimate, and on the other, any activity that conceals, disguises, or disposes of the proceeds of any crime, no matter what the sum (selflaundering by offenders – sometimes expenditure – but also crimes to feed gambling addiction).
As regards money laundering techniques, there is very limited information or evidence suggesting that licensed on-line gambling operators in Europe are subject to money laundering activities. However, the problem is obviously linked to illegal operators. The Commission understands that the following practices could potentially be used for such purposes:
– On-line gambling firms could credit winnings or unused funds back to an account other than the one from which the original bet was made.
– They could allow one player to register multiple accounts with the same operator.
– Peer-to-peer games such as e-poker, where value transfers can occur between both electronic and human players as a result of deliberate losses, at a relatively low cost to the players. Such games could allow for on-line “chip dumping”. For example; a player deposits funds with a stolen credit card and then “dumps” the chips at a table to an accomplice or another account he created. These activities can be detected given that the principles are simple – players will make large bets on very bad hands (expecting to lose to the accomplice) (On-line poker rooms are aware of this scam and are seeking to detect perpetrators before their cash-outs are approved.).
– Use of e-cash as a payment option or similar means of payments such as Stored Value Cards (A stored-value card refers to monetary value on a card not in an externally recorded account and differs from prepaid cards where money is on deposit with the issuer similar to a debit card.) (those of concern are characterised by high limits, no post-purchase monitoring and poor know-your-customer (KYC) controls). This could also include payment enabled mobile phones that have not been through adequate KYC controls.
The 3rd Money laundering Directive is applicable to the financial sector as well as to other areas including casinos (bricks-and-mortar and on-line).
A particular problem with the enforcement of the provisions of this directive to on-line gambling services is that such websites frequently offer a variety of other (non-casino) gambling services and the operator may be licensed in more than one jurisdiction.
In addition to such general principles, the Commission is aware that licensed on-line gambling operators and national regulators have established a range of operational practices to fight against money laundering. These include:
– Customer due diligence – only registered players holding an account with the licensee are allowed to play. Application forms must be completed containing information (1) that the player is over the legal age limit to gamble (2) the player’s identity (3) the player’s place of residence and (4) the player’s valid e-mail address. The due diligence process may include velocity analysis (deposit/trades), geographic risk analysis, player behaviour anomaly, exposing player associations and cybercrime arrest policy. In all cases the player has to opt-in to provide the relevant personal data to allow for his account to be established.
– Payment controls – the player should always receive any payout from winnings (balance of account) by the same means in which the money was originally received (and to the account from which it was deposited). Operators must also make sure that they have control over the credit card numbers and personal data, relating to players, which they have stored in their systems. Moreover, direct payments between customers are prohibited.
– Operational controls – Operators use age verification lists and lists used by banks to identify terrorists and politically exposed persons (PEPs), i.e. World Check and the European Sports Security Association’s (ESSA) watch list. Operators also keep statistical records of transactional behaviour, which must comply with EU data protection rules, in order to be able to identify suspicious activities. They are required to apply stricter due diligence requirements where there are high limits on stakes. Operators must also submit Suspicious Activity Reports (SAR) to the national Financial Intelligence Units (FIU).
Prevention of other crimes
Other crimes that may be linked to on-line gambling include:
– Provision of gambling services offered by illegal operators (e.g. criminal organisations or individuals). A French report on Cyber crime and Gambling estimates that a thousand gambling websites are directly operated by criminal groups (The French Institute (CERT-LEXI) analysed 70 million websites in 2005 and found 14823 sites offering online gambling. Only 2005 websites were subject to a licence.),
– Non-authorised on-line games offered by a licensed operator,
– Tax evasion (where there is an obligation for the user to pay tax on winnings, i.e. tax evasion may primarily be invoked in relation to winnings from off-shore activities).
There are also a number of criminal activities that are relevant for many gambling services but not specifically for on-line gambling, such as (i) match fixing or rigged poker tables (see above), (ii) loan sharking activities and (iii) criminal activities carried out to finance the use of gambling services (e.g. theft) and (iv) the financing of terrorism.
© European Union