1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Dismiss Notice
  3. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Leovegas - Unsatisfactory security

Discussion in 'Casino Complaints - Non-Bonus Issues' started by citizenx, Sep 1, 2015.

    Sep 1, 2015
  1. citizenx

    citizenx Meister Member MM

    Occupation:
    Stuff
    Location:
    UK
    Have been with Leovegas for some time and have felt a little concerned by this for some time but on reflection, it's time for Leovegas to do something about it.

    As a result, I have closed my account as I do not wish for my information to be in such a way that may compromise the security of my personal information and money.

    The Issue:

    Leovegas hold both the account number and the secure ID for Neteller accounts.

    What this means:

    You can make a deposit via Neteller without having to remember pesky things like security codes....

    ...but so could anyone else - be that a current or former employee or a hacker.


    Here in the UK, like much of Europe, we have data protection legislation which enshrines the following You must register/login in order to see the link. in law, when it refers to the processing of personal information:


    1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

    (a) at least one of the conditions in Schedule 2 is met, and

    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

    2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

    3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

    4. Personal data shall be accurate and, where necessary, kept up to date.

    5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

    6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

    7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

    8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.




    Note: These are NOT guidance, they are law.

    I feel that Leovegas are breaching the legislation on point 2 as there is NO LAWFUL PURPOSE in retaining the secure ID for the account. I consider that no different from writing a PIN on the back of a card - its OK if YOU do it (although incredibly stupid) but NEVER OK for another to presume to do so with data relating to other people.

    I also believe that principle 5 is breached as there is no purpose in holding that data so to hold for any period of time is a breach.

    Considering point 7, as the very fact they hold data they do not have a lawful purpose to hold (namely, the secure ID) means this is irrelevant.





    I have alterted them to my concerns, via live chat. Initially I was told that they DID NOT hold the secure ID but backed down when challenged. I found this a little troubling (verbatim quote below).

    [LV]We do not hold any Neteller security details, you would have to contact them directly.

    [Me] Yes you do. If i want to deposit on Leovegas i;m never prompted for my secure ID. Neteller won't authorise a transaction without it ergo you have it stored.
    And quite frankly, I'm not impressed now that you're denying it.

    [LV]Sorry I think we have had crossed wires somewhere. Let me explain this a little better for you. We do actually save the secure ID but as this changes every time with the 2 step deposit method.
    You need to remove the Neteller from your "saved cards"
    And then once you deposit again it should work.

    This had bothered me somewhat in the past. This lack of honesty and the assumption about two stage authentication troubled me when I queried "changing" the secure ID as Neteller has recently updated mine led me to deciding that I do not wish to deposit and play with an organisation which shows, in my view, a negligent disregard for data protection legislation and simple common sense security measures when it comes to sensitive data.

    To that end, I consider it my responsibility to make forum users aware that at best - a poor decision has been taken on how to maintain information about users. Whether it bothers you or not is a matter for you.
     
  2. Sep 1, 2015
  3. interlog

    interlog Senior Member MM webmeister

    Occupation:
    Manager
    Location:
    London
    Isn't this no different than say Amazon where you can pay for items and it remembers your card details including the code on the back of the card (one click check out)?

    I think the key to this is how the data is stored in the database. If it is properly encrypted then it is less of a security issue than if it was stored as plain text.
     
  4. Sep 1, 2015
  5. citizenx

    citizenx Meister Member MM

    Occupation:
    Stuff
    Location:
    UK

    Can't really comment about Amazon as I don't use them but as a principle, its a very bad idea.

    In this scenario however, I believe this is covered by S7 but as I can discern no "proper reason" for holding this data to begin with, S7 remains moot in my opinion.
     
  6. Sep 1, 2015
  7. Casino2014man

    Casino2014man Non-Gambler

    Occupation:
    Noneya
    Location:
    United Kingdom
    I have to say, I always thought this was odd when I used leo, but at the same time I am lazy and can never remember that code so found it helpful :p
     
    1 person likes this.
  8. Sep 1, 2015
  9. spintee

    spintee Meister Member webby mm2

    Occupation:
    gambler :)
    Location:
    Northants
    I think its secured like bank details,

    I recently came across a similar matter using skrill 1 tap, Not a clue what it was about, But I see 1 casino connected to my skrill I thought whats that about and concealed it,

    A few days later I think It was casumo and I was messing about with the deposit slider, Next thing I had funds in my account, No ask for password, No ask for confirmation, Lucky it was foe a small amount, I than took a look as it must of been this 1tap, I come to realise that its a feature that stores the info so need to log in etc,

    I see this skrill 1tap pooping up in loads of casino's now, So any body using skrill I would log in and just cancel the 1tap next to the casino name, Some people may prefer to use this but if you do not no what it is about it can be a dangerous tool

    If somebody managed to get into my casino account they could clean my skrill account, and waste all my money, You try telling the casino that it was not you :)
     
  10. Sep 2, 2015
  11. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    It would be worth contacting Neteller about this as this may be against their merchant agreement. With an unsecured deposit method saved to a casino account, then only ONE layer lies between the internet wild west and your bank/Neteller/card account, the casino login process. Normally, hacking a casino account only exposes funds already in there, but not funds held in a connected deposit method.

    It's rather like contactless cards, if someone steals a contactless card, they have all they need to make purchases from your account up to the value of £30. With a regular card, it's necessary to also steal your PIN. Unlike banks, users of Neteller and Skrill have little redress against the fraudulent use of their funds.
     
    1 person likes this.
  12. Sep 12, 2015
  13. Deeplay

    Deeplay New World Order CAG mm1 webmeister

    Occupation:
    Works For Self
    Location:
    The biG Eu
    In the past I would have said this should not be a major worry so long as you keep your password upto date and the casino https is valid and secure.

    But the past 6 months I have had my debit card hacked 2 times not through a casino but through people charging the card.
    Luckily each time I spotted it and got the money refunded by my bank. But have to go through the hassle of waiting for a new card.

    Last time was last month. So since then I never keep any of card details stored online no matter if its a casino
    or BT or who ever. and the same should hold true for other sensitive info such as ewallet account numbers.

    It should be standard practice that we enter in details new each time or at least be given that option.

    Card / account fraud is a massive issue and everything needs to be done to make this as hard as possible for the scammers.
    So very valid topic raised by the OP!
     
    1 person likes this.

Share This Page