Hi Paul,
Referring to your earlier message I just want to make it clear - the two statements aren't related.
In my first point I just outlined the reasons for why we ask for NIDs - we do have a lot of players trying to defraud us. There are many other checks in place to make sure they don't get anywhere near this far but this is one of our final ways to prevent them from succeeding.
In the 2nd statement I simply pointed out the frequency of the NID request and as mentioned the numbers were just to outline the rarity, they aren't the actual numbers. It doesn't often come to this - and when it does, we often have a case. There is nothing contradictory here.
Hope that clears up some of the confusion.
Kind regards,
Adam
So do all the other operators, yet they don't ask their players to post documents half way around the world.
As for finding three different sets of documents from three players in different countries having the same photo, you don't need notarised documents sent to the Philippines to spot that. Most other casinos spot that pretty quickly from the "normal" JPEGS that players have sent in during KYC.
It's also very odd that a player that has been with the group for a while, has been verified, and has made a number of deposits and withdrawals, suddenly gets lumped in with some "fraud ring". Almost all the frauds relate to the loss leading new player offers, particularly no deposit free chips (for obvious reasons). Such players do not carry on depositing and playing the lower value "loyalty bonuses", they cobble together another set of fake details and have another no deposit free chip or 200% introductory bonus. They know that formal KYC only takes place when they withdraw, so they will not be faced with cobbling together a full set of fake documents for every fraudulent account they create.
The message that is being sent out is that this trust is purely one way. Players are expected to trust a casino that has proven it's worth, yet a player will NEVER be trusted by the casino, no matter how much they have proven their worth through staying loyal for months, even years.
By making it more "normal" to have players post their documents out to Manila, you are taking the risk that this procedure will one day go horribly wrong, a player will post their documents, they will never arrive, and then they will have their identity stolen and misused. Whilst a link may not be proven, the ensuing investigation will involve the player having to tell the police of anything they can think of that may have lead to their sensitive documents and data ending up in the wrong hands, and they will say "well, there was this one time back in xxxx when Omni casino ordered me to send a notarised copy of my passport to the Philippines, and then they claimed it never arrived".
When it comes to EEA rules and regulations:-
The request that a player from within the EU posts their documents to the Philippines is a potential violation of the Data Protection Rules.
Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
There is a list of those non EEA countries that have been approved for their adequacy of data protection:-
The Commission has so far recognized Andorra, Argentina, Canada (commercial organisations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US Department of Commerce's Safe Harbour Privacy Principles as providing adequate protection.
I don't see the Philippines on that list, and until it makes the grade and gets EEA approval, no company should be sending their customers' personal data there for processing and storage.
It would seem that Playtech casinos are NOT looking after the interests of their customers, but are risking their customers' data in the pursuit of the lowest costs of operating their business.
It also seems rather odd given that Playtech is listed on the LONDON stock market, yet is sending it's most sensitive customer data out for storage and processing in the Philippines, rather than an EEA or commission approved non-EEA country. Why not store and process this sensitive player data in Britain, where the company is based?
I would consider a notarised hard copy of a document a far more serious threat than a mere JPEG image of one, as it is an original, not a copy, and therefore of more use to a fraudster if they were able to get hold of it.
Whilst it is very hard to prove where the links are, it does seem that the spammers have been somehow able to get hold of the kind of player data that should ONLY be held and processed in casinos' most secure data handling facilities. There is an obvious causal link between using an email address to sign up at casinos and the increase in volume of online casino related spam received by that address as compared to the background level of online casino related spam received to a "control" email address that is never used for any gambling related activity.
Data leakage is more likely from a data centre based in an EEA non approved country than an approved one, even though approval is no guarantee of zero risk.
Players already face a losing battle against spam related to their data managing to leak from casinos they have signed up with at some point, so naturally we don't trust the industry to take the best care they can to prevent this from happening.