What about your Privacy & Security?

[aodat2]

I've recently played at a casino and after a few deposits, I was locked out of my account. Then they requested a few documents from me which they said that it's for their security purpose.

As usual, I tried to provide all the information that they need in a timely manner. After they got the information, I waited for about 24 hours for them to check and since I didn't get a reply after that I immediately contacted the casino in question on live chat.

During our chat, I found out that since I didn't directly use a credit card but went through another company (something like Entropay but it's not) they were contacted by that company to ask for my details (ID and etc) to be sent them. Now thinking that they will be a little smart and asked it from me directly instead of asking it from the casino, they didn't ask me at all.

Since they have already asked the casino about this, the casino provided my details (including my ID and etc) freely to the "third party" company without my consent or even a notice to me at all.

Would this be considered something which is against their own policy? Wouldn't this mean that the casino is actually sharing information of myself to a "third party"? Why did the casino which is an accredited casino here do such a thing without my consent?

How could such a casino actually be even remotely considered for an accreditation if such an incident were to happen?

Would you guys actually play at such a casino?

 

[The Dude]

You should know by now that casinos have business relationships with their ecash providers and or banks that require them to do due diligence against player fraud. This includes providing these companies with your personal details such as names, addresses, etc.

I wouldn't really consider this a "third party" since this is within their business environment. I would guess that they have an obligation to provide this information.

I remember you have had some issues in the past having your account mixed up with your mom's or your son's. I guess I'm a bit mixed up since I can't remember who you were/are supposed to be

 

[thisisvegas]

A casino asking for security documents is standard procedure and I almost find it rare that a place wouldn't ask for it. Things the operator has to worry about if the player is underage or more important if it is the real player in question. It is a standard procedure and I do test the waters at other gaming companies and they do the same for me as well.

Last I would probably list the name of the place because some players here might have positive or negative things to say about them but hopefully positive.

John

 

[winbig]

If the casino is providing information to your bank/ewallet/credit card company, then it's not really a violation of your privacy.

On the other hand, there have been casinos in the past that have actually opened a new ewallet account on behalf of the player, without their permission. To me, this is crossing the line and definitely a breach of privacy.

 

[aodat2]

I remember you have had some issues in the past having your account mixed up with your mom's or your son's. I guess I'm a bit mixed up since I can't remember who you were/are supposed to be

Yeah, that happened between me and Bet365. But then again, Kate told me that my real issue was with Entropay and I took it up with them and even the FSA got involved.

After a long line of emails, the FSA finally said... "we do not regulate that company". We merely issue the license for them. We wash our hands off your problem and if you would like to go on, bring it to court which I am too reluctant to do over $5k+. Not really worth my time and efford. By the time I reach court, it would have cost me about that amount already if not more. So I just let it go!

But just a WARNING to those people out there.

Entropay is NOT REGULATED by the FSA or UK Government. They merely issue the license for Entropay. If Entropay screws you, they may go out of a license at most but there's nothing the FSA will do to help. You'll have to take it to court yourself.

A casino asking for security documents is standard procedure and I almost find it rare that a place wouldn't ask for it. Things the operator has to worry about if the player is underage or more important if it is the real player in question. It is a standard procedure and I do test the waters at other gaming companies and they do the same for me as well.

Last I would probably list the name of the place because some players here might have positive or negative things to say about them but hopefully positive.

John

Well John, I don't think it has come to the point where I am going to name the casino. Sending in verification documents is not a problem. The problem is when they say that they have SENT your documents to the processor because the processor requested for it too.

Now, in my books... if I sent you my ID, I expect you to keep my ID and not share it no matter who the other person is. If the processor wants my ID, they should have requested it from me instead of requesting it from you. If they request it from you, then it would mean that the processor is totally OUT OF LINE as it's none of your business to furnish them with my ID. In fact, it's quite against the "privacy act" for you to furnish my ID to them. My details perhaps but totally NOT my ID.

That's what this casino did (or at least from what I understand through the chat) send my ID to the processor as well which is a total NO NO in my books!

 

[winbig]

Isn't it possible that they're required by law/regulated to provide identification documents as requested by the ewallet/bank/whatever? I'm sure they're regulated, and can't make up the rules as they go...and could probably get in trouble themselves by not sending the requested information.

Think of it as if a law enforcement agency were to contact them with a warrant, asking for any and all information they have about you. If they didn't comply, they would definitely be in hot water. I was reading somewhere about this same situation regarding Google. They specifically state that if they are contacted by LE for your records, then they will immediately comply - and are not required to even contact you letting you know that these documents were requested.

At least in this case, they let you know, and didn't keep you in the dark about it. They could have simply not told you and you would have never known.

 

[GrandMaster]

Entropay is NOT REGULATED by the FSA or UK Government. They merely issue the license for Entropay.

Ixaris Systems Ltd which operates Entropay is not licensed in any shape or form. It has been granted a small e-money issuer certificate which certifies that it is not subject to regulation as an e-money issuer.

 

[GrandMaster]

A casino asking for security documents is standard procedure and I almost find it rare that a place wouldn't ask for it.

The issue is that the casino passed on this information to a third party.

If the casino is providing information to your bank/ewallet/credit card company, then it's not really a violation of your privacy.

Yes it is, if they are doing it without my permission.

Isn't it possible that they're required by law/regulated to provide identification documents as requested by the ewallet/bank/whatever? I'm sure they're regulated, and can't make up the rules as they go...and could probably get in trouble themselves by not sending the requested information.

Think of it as if a law enforcement agency were to contact them with a warrant, asking for any and all information they have about you. If they didn't comply, they would definitely be in hot water. I was reading somewhere about this same situation regarding Google. They specifically state that if they are contacted by LE for your records, then they will immediately comply - and are not required to even contact you letting you know that these documents were requested.

An e-wallet is not a law enforcement agency. It can choose not to do business with you if you don't provide the documents and that's about it.

Furthermore, if these companies were based in the EU then they fall under the data protection law of the countries where they are processing personal data, and in particular, it would be illegal for a company to hold personal information obtained in this manner. I am slightly confused whether it was entropay or not, one post says "something like Entropay but it's not" the other one complains about entropay, but if it is based in the UK, a complaint to the Information Commissioner costs nothing.

 

[aodat2]

Furthermore, if these companies were based in the EU then they fall under the data protection law of the countries where they are processing personal data, and in particular, it would be illegal for a company to hold personal information obtained in this manner. I am slightly confused whether it was entropay or not, one post says "something like Entropay but it's not" the other one complains about entropay, but if it is based in the UK, a complaint to the Information Commissioner costs nothing.

GrandMaster, the casino that I'm mentioning is an accredited casino and NO it's not Entropay which is in question. It's another company all by itself. I'm just using Entropay as an example.

I'm not really wanting to make a complaint or anything. The casino is working with me right now on this issue and hopefull we will be able to resolve this issue on a better term than compared to the complaint route. That would be my last choice.

Will update you guys on what's happening as I get updates. Sorry I can't tell who the processor is as well.

 

[vinylweatherman]

Many of these processors advertise their service as offering a conduit such that you do NOT have to reveal your full details to the merchant. Normally, the idea behind this is to prevent the merchant from misusing your fixed payment method details and emptying your bank or card account.

The processor would surely ask for it's client's details up front, but may be asking for the merchant to supply what IT sees as their "client's details". This could check that the processor account itself has not been "hacked", and used by other than it's owner with an online merchant. Unfortunately, it seems that the casino may have supplied more information than is necessary for the processor to carry out such a check. This could be cause for complaint under EU privacy laws, although many casinos and processors fall outside them.

The FSA really does not have a clue, as by issuing these "small e-money" licences, they are creating a deception that many companies are only too willing to exploit. Many may mistake these "licences" as an indication that the company is properly regulated, and thus can be trusted. Those companies that are properly regulated will also be affected, as trust in the FSA will be undermined when complaints get the brush-off (as above).

 

[Rhyzz]

Personally I see it as a positive thing that these casino's ask for documents - it keeps the fraudsters at bay. However, I do think it is a little stoneage with the amount of information available to these companies online - they just don't want to pay the relevant fee's to obtain the information, thus making the process easier for players.

A simple example is what's known as a 'code 10 name & address check' - having previously worked for a finance department, these cost a company around $5 to run and it's a basic personal details check against the owner of the card. If they match, great, if they don't, there is reason to have suspicions on the account.

I do think these casino's should be doing more to make the process more fluent but it's as the old saying goes, if you have nothing to worry about then you have nothing to worry about!

 

[Fleur-De-Lis]

I've recently played at a casino and after a few deposits, I was locked out of my account.

But why you were locked? Did casino offer any explanation on this?

 

[spearmaster]

I'm with Grandmaster.

A casino has NO BUSINESS WHATSOEVER (did I make myself clear? ) sharing your information with ANYONE, even the GOVERNMENT, unless REQUIRED by law.

So whichever accredited casino did this, you better fix your procedures doubly quick before you get found out.

By the way, this is directed towards third-party processors - if the processor is contracted directly by the casino for fraud prevention and payment processing, that's a different issue entirely.

Btw, aodat, how certain are you that the casino actually did this?

 

[pacers31]

Agreed Spearmaster, but when there is no regulatory body, no way to enforce any kind of legal issue, then this whole document thing is worthless. Just because I send a dl, bank account info, etc. in no way ensures that I am who I am. Conversely, if a site chooses not to pay me, there isn't a damn thing I can do about it except bitch. The only reason that any of the complaints heard here are addressed by the casinos is in their own self preservation. Can't let negative news about your site spook the rest of the pigeons ya know. Document requests are BS. If the casinos were truly interested in deterring fraud, most of them would ask for this so called proof of identity before they took the first cent as a deposit. Funny don't you think that these "document requests" only seem to come up when you withdraw. By creating obstacles to doing business with your site, you only encourage such things as chargebacks and bad debts for your business. Besides, so many sites have the all encompassing FU clause, that it really doesn't matter what credentials you may have or not have.

 

[jargon]

I'm with Grandmaster.

A casino has NO BUSINESS WHATSOEVER (did I make myself clear? ) sharing your information with ANYONE, even the GOVERNMENT, unless REQUIRED by law.

So whichever accredited casino did this, you better fix your procedures doubly quick before you get found out.

By the way, this is directed towards third-party processors - if the processor is contracted directly by the casino for fraud prevention and payment processing, that's a different issue entirely.

Btw, aodat, how certain are you that the casino actually did this?

Best be listening to what Grandmaster and Spearmaster have to say regarding this serious issue.

greek39

 

[pacers31]

jargon - ???????? I don't get your last post. Listen to them about what?

 

[aodat2]

OK, all settled and they have finally decided to reinstate my account.

Time to put the entire story into context.

I deposited into ClubWorld via ToggleCard a few weeks ago, played over there and some money there. Deposited more via ToggleCard. Then played on (trying to get the stupid Random Bonus). Anyways, after some time playing, they send me a message via the software to call them or get on live chat. I did as they told me and after the call, I noticed that they have locked my account asking me to provide my ID's and etc.

I immediately did that without any hesitation. Sent in everything within 24 hours of being asked to do that and they even sent me a confirmation that they have received everything.

3 days later and my account was still locked, I got on Live Chat and asked what's going on. They told me that they passed my stuff and information to ToggleCard to get it verified or something. I was so totally stunned that they passed my documents to ToggleCard without me even knowing.

Another 3 days later, after me sending in about 20 emails asking them what's going on, Tom (the rep here and also the Manager at ClubWorld) told me that ToggleCard didn't want to certify my account because of high risk. What's new... I come from Malaysia for god's sake. The country is HIGH RISK for any e-commerce transactions. Everyone knows that!!!

Anyway, my account is now back to normal except that ClubWorld too feels that I am high risk and now only allows me to deposit via Neteller (which is NOT available in Malaysia). Even after about 2k worth of deposits via my credit card months ago and everything went totally smoothly, they dare to tell me that until I establish a record of deposits with them, they will reconsider allowing me to deposit via Credit Card again.

So all in all, I would like to congratulate Club World Casinos for going into my List Of Casinos which I should not play at.

Just to answer Spearmaster's question, I am 100% SURE as I have the chat logs and everything that says it.

Here's a partial chatlog. I've changed all the names in there.
==================================================
ME:
the last time I was here, about 1 hour ago, Roger told me that the security dept people are going to give me a reply on my docs within 10 minutes... it's been 1 hour and still nothing

CS PERSON:
ok bare with me ill check now

ME:
ok

CS PERSON:
ok i have just had a word with the department for you we have passed all this information onto toggle card so we are waiting on them now... but we would be very happy if you could be patient on this matter
==================================================

 

[The Dude]

Hi Aodat,

I'd like to know why you are claiming that the casino had sent your ID etc to Toogle Card? I think what happened here is that while the cash out was in transition, Toogle Card "decertified" and closed your account. I do not believe there was any passing of your personal info except what was needed to make the transaction. They have told you this in an email btw.

 

[aodat2]

Hi Aodat,

I'd like to know why you are claiming that the casino had sent your ID etc to Toogle Card? I think what happened here is that while the cash out was in transition, Toogle Card "decertified" and closed your account. I do not believe there was any passing of your personal info except what was needed to make the transaction. They have told you this in an email btw.

Thanks for your feedback Meister.

I would just like to point out a few things on my post.

1. There was NO CASHOUT on my account at all. It was done on random.
2. Decertified? They sent my information to Toggle Card to get it certified. That's what they say initially. But then after that the manager, Tom said he made a mistake and it was just my information which is sent and not the entire documents and etc.
3. I said that I made about 2k deposits which in fact it is around 1k+ only (just to clarify).
4. I do apologize to ClubWorld for stating this out in the open but when this post was made, nobody cared about my situation and nobody was really interested until I PM Tom to clarify. If I didn't do so, nobody would have cared and it would just be like another normal day.

Email was sent to me some time after my initial post (thread starter) was made, not before the post was made. Again, yes the email did state that only information that was necessary was sent to ToggleCard but how certain are you that it was the only information sent to them?

I'm not trying to say that I'm right or something, in fact if I did make an error somewhere or if I did say something which is wrong towards ClubWorld, I would like to first say that I am truely sorry for my mistake. I'll rectify it if or when pointed out and I'll even make a public apology to them if really needed.

 

[The Dude]

The thing is I think you blew this way out of proportion. You started this thread trying to convince the members here that some "accredited" casino was passing on your ID docs etc., when in fact that was far from the truth. They didn't share anything out of the ordinary.

Since they have already asked the casino about this, the casino provided my details (including my ID and etc) freely to the "third party" company without my consent or even a notice to me at all.

Would this be considered something which is against their own policy? Wouldn't this mean that the casino is actually sharing information of myself to a "third party"? Why did the casino which is an accredited casino here do such a thing without my consent?

How could such a casino actually be even remotely considered for an accreditation if such an incident were to happen?

Would you guys actually play at such a casino?

So now you have a thread that is incendiary in nature; people are getting ready to pick up the torches and pitch forks and head up to the "old mill" to crucify some casino.

Hell, you even got Grandmaster and Spear riled up

There was no lengthy time between emails - nothing was getting dropped through the cracks. You just had to wait a normal amount of time to have your account cleared up. I really don't understand why you made a problem out of this unless you just have nothing else to do with your time

 

[aodat2]

Meister:

There was a 5 days delay in verifying my documents and at one point of time, my emails were ignored or put on hold for about 2 days. So yes, there was a delay which made me kinda angry about it coz nobody responded to my emails. I'm sure Tom would be more than happy to confirm that with you.

Also at the point of time where I posted this, ClubWorld still did not mention to me that they made a mistake in the wordings or something. Also if they did make a mistake, why such a mistake? Wouldn't you think that they know better than to make a mistake in such a HIGHLY sensitive issue? From the chatlog alone, would you think that they have not shared your documents with ToggleCard? Am I wrong to actually say that during that time? I know it's all resolved now but at that time itself it wasn't and at that time, the statement I made was totally valid and correct.

Anyways, I'm glad to say that it is now all over with and I am guessing that we have somewhat resolved this problem already. But it still brings me to the point if it's safe to actually give out our ID's and etc to online casinos? You totally have no idea on what they do behind your back. Pass it around or something, who knows for sure?

 

[TDTAT]

Anyways, I'm glad to say that it is now all over with and I am guessing that we have somewhat resolved this problem already. But it still brings me to the point if it's safe to actually give out our ID's and etc to online casinos? You totally have no idea on what they do behind your back. Pass it around or something, who knows for sure?

Sorry to jump in here but ultimately no one can guarantee
your information is safe. Any employee can steal info. Not to mention
the recent debacles with goverments including the USA and UK.
Hundreds of laptops with personal data were stolen. I think even banks
have lost and or had info stolen.

Your credit card or ID or identity can be stolen by any employee
of any place you use it at any day, that is the reality.

Nothing is perfectly safe, you can know nothing "for sure".

 

[thisisvegas]

For thisisvegas we ask for ID depending on the circumstance but we don't share that with anyone including payment processors. We will cross reference information with payment processors but only if there is a mismatch in information. I believe most gaming companies do the same and have the same policy. There is no benefit or reason for them to send in ID documents to any payment processor. The only reason I could think of this happening is if either party has reason to believe the documents were forged.

I think Clubworld didn't pass on your documents but rather your information to see if it lined up with theirs and nothing more.

John

 

[Shocked]

Privacy and security issues with regards to online casinos (and to a lesser extent, bookies) just send me up the wall. I know why, to a certain extent, it's necessary, particularly for smaller outfits..but do I really need to send such ridiculous amounts of detail? As TDTAT points out, data is at risk from any employee who can access it and the more unecessary information that is given increases the ease at which (identity) fraud can take place.

Perhaps the most annoying request I've had is to send debit card scans - with the CVC number showing. I just won't do it - aside from the fact that I'd be concerned that any old employee from that group could take that info and sign up all my money away..email is NOT a secure method of sending information. It's like taking a photocopy of your cards, folding them, then closing the folds with a couple of bits of sticky tape and writing the address on the outside of the paper and hoping that it doesn't get handled by a dodgy postal worker.

Bah Humbug

 

[spearmaster]

Hell, you even got Grandmaster and Spear riled up

LOL.

I stand by my statement - however, in this particular instance I don't agree that the casino passed any documents on to the processor. "This information" does not equal "Your documents".

I would strongly advise choosing one's words carefully. You may not have intended to create any false impressions, aodat, but after seeing the limited evidence provided in here, I'd be inclined to recollect the story about "The Boy who cried 'Wolf!'"

 

[aodat2]

Sorry... will repost again later...