Casino and Gaming International

WHERE IT ALL STARTED

The Internet is such an integral part of our lives these days that it's hard to imagine life without it, yet much of what we call the Internet has happened in less than a decade.

At first the Internet was seen as just another communication channel - first there was radio, then TV came along and now we have the Internet. Sure enough the first successful entrepreneurs on the Internet made their money through advertising. Even today, one of the stars of the Internet world - Google - makes its money based on this model.

Yet very little of the business that takes place on the Internet these days is based on an advertising model; instead goods and services are bought and sold requiring the transfer of money to seal the deal. Without this business activity taking place directly on the Internet, the Internet itself would be little more than a vast catalogue of brochures, technical and academic data.

The solution for financial transactions over the Internet is credit cards and debit cards but ask any person who has made a payment over the internet and you'll think they were talking about taking a bungee jump. The situation was much worse for merchants wanting to accept transactions online - the general requirements included the ability to perform triple backward summersaults while holding a glass of martini.

Here was a payment solution that was practically instantaneous, worked 24/7, was automatically multi-currency and already familiar to users. What followed afterwards was like a remake of the movie Zulu Dawn.

The problem with Internet payments turned out to be a lot about the problems with the payment industry itself as much as with the Internet. For years, Visa and MasterCard, to mention but two of the usual suspects, adopted a complacent, talk-to-the-hand policy; the hand, in this case was the banks that issued the cards or gave acquiring services to merchants.

Back in 1999 it was still common to get your card number printed on your receipt at the point of sale and ATM machines did the same each time you withdrew money. So, was there no fraud prior to 1999? Hardly, but the Internet brought anonymity and convenience, and it turns out that when no one is looking morality values get flexible. To top it all off, take away the reassuring smiles and general body language of normal face to face interaction and for many people, paranoia sets in, adding to pressures online merchants had to deal with.

So what was the 'hand' doing while all this was happening? The banks effectively had one remedy to deal with fraud - make sure that someone else paid for it. In the meantime, online fraud become a thriving well-organized industry

Then the online gaming industry took off and a new chapter was added to the story. Here was a way to actually turn stolen credit cards to cash. Online Gaming Operators effectively could be used in lieu of a bank - fraudsters would pay money in by card then request a withdrawal - except the withdrawal could only be sent to a bank account controlled by the fraudster. A side industry soon developed fueled by the profits that could be made - Identity Theft. Opening a bank account, setting up an account with a betting operator - all this required an identity.

PRESENT DAY
Now fast forward to 2008 and the situation is very much changed. Dare I say - we have never had it so good! In 1999 I started the 'Endeavour Payment Gateway' a Payment Solution Provider approved under the Payment Card Industry Security Standards. Endeavour has been at the pioneering edge of payment technology over the last nine years and today operates through network of 8 banks.

The changes to the payment industry have been many and we are now starting to see the benefits. Let's look at some of these changes.

3DSecure
The solution to fraud and chargebacks has been in the making for a number of years and is called 3DSecure; it encompasses schemes operated by the major card brands. Visa calls its scheme 'Verified by Visa', while MasterCard calls its scheme 'Secure Code'. 3DSecure works by allowing a card holder to identify himself directly to his own bank; it harnesses the Internet to allow real time collaboration between the bank that issues the card, the bank that collects payments for an online business and the card holder himself; A payment gateway is involved that orchestrates this collaboration seamless and transparently.

For a business accepting payments online, 3DSecure is a dream come true. Payments are accepted online without the risk of chargeback. Businesses can grow their online operations without costly verifications and losses to fraud.

For a card holder, if his card is still not participating in 3DSecure he will not notice any difference when he makes a payment, even if the online business is using 3DSecure. Should his card be enrolled, however, after he submits his credit card number and general details he will find himself automatically redirected to a web page operated by his bank. Here he will see a personalized message registered on enrollment as a security measure to assure him he arrived at his bank's website. He will then identify himself through a password and on completion will be redirected back to the original website to finish off the payment process. The whole process is completed in less than 30 seconds. The card holder needs not worry about having his card number stolen - without his password the payment would be rejected and the password is shared only with his own bank and no one else.

The Endeavour Payment Gateway has been offering Verified by Visa and Secure Code for quite sometime, fine tuning this technology to perfection.

NEW PAYMENT PARADIGM
With 3DSecure the payment paradigm has changed. The client must now participate in the processing of his card and payment gateways can no longer be used as a background process to take money from a client at the discretion of the merchant.

PAYOUTS
On the same footing as 3DSecure itself, the ability to send winnings back to a credit card has been probably the most important development for the online gaming industry. This is available for Visa, with MasterCard expected to also allow payouts eventually.

Earlier we mentioned how the betting industry was targeted by fraudsters because stolen credit cards could be cashed out under the pretext of a withdrawal. With the ability to send money back to a credit card, even in excess of what was deposited, this vulnerability has been closed off, at least for Visa.

FRAUD DETECTION
At the same time, fraud detection continues to play an important if redefined role. Before 3DSecure a lot of third party fraud detection systems were on offer; some of these were more fraudulent then the fraud they supposedly detected, generally they were costly and overall not very effective. The main problem with these third-party solutions was that they where at the wrong place and at the wrong time to stop the fraud. Now we are seeing fraud detection being deployed at the acquiring banks; since the acquiring bank is seeing all the transactions happening on the cards it issued it alone is in a unique position to apply effective fraud screening. Payment gateways still carry out a lot of fraud screening and in addition can deal with a whole section of screening techniques that are specific to the Internet and which are beyond the scope and competence of the banks. Within the Endeavour Payment Gateway, the fraud detection system is called Phalanx. Phalanx employs a range of sophisticated techniques to profile, cross-reference and detect fraudulent transactions, suspicious activities/profiles and source of transactions. The sophistication of some of these techniques has only been achieved through sustained research and development carried out for so many years in the industry.

Over the last decade we have seen the deregulation of the gaming industry - moving away from state run monopolies towards a free market model, albeit licensed and regulated to enforce responsible gaming and protection of players. The results have been spectacular, the growth phenomenal. The flip side of the coin is that the market place is crowded and the competition intense. Bonuses, better odds, free rolls etc can only work for so long; indeed many operators that based their strategy on this approach have run out of money and ceased operations. The focus has shifted from a strategy based on freebies to a strategy of customer service/satisfaction and maximizing turnover in particular by not losing payments.

NOT LOSING TRANSACTIONS
It turns out that your payment gateway can have a big impact on your customer service and with the advent of 3DSecure, the payment process cannot be relegated to a background process hidden away from the customer - but rather one in which the payment interface plays a central role. Endeavour has made a major investment in 3DSecure, the focus of which has been to:

• Enable smooth operation of a 3DSecure Payment.
• Assist clients who are confused or wary of a new payment process.
• Recover lost business by bringing back the client and completing the payment process.

REJECTED TRANSACTIONS
Some transactions will always get rejected. Understanding why transactions are rejected is quite a science in itself - the reasons are varied and complicated. However many transactions can be recovered. The Endeavour gateway now offers information that helps recover lost transactions.

Often times this information is appreciated as much by the client as the merchant. Consider a player getting pretty frustrated with a website because his deposits are rejected. If the merchant is able to tell the client that the card was used too many times that day and would work the following day - that merchant would get the extra business plus a happy customer.

Customer Satisfaction
Gateways play a role in the interaction with the customer and therefore can play an important part in ensuring customer satisfaction. The number one concern for a customer sending card details over the Internet is clarity and piece of mind. For example, on the Endeavour Payment Gateway, customers can receive the confirmation email in their native language, an important feature for the European Market. Even ensuring the email is delivered is a major issue, when a gateway is sending thousands of emails per minute; it looks very much like a spammer. Ensuring delivery of emails at this scale of operation becomes a science.

RECONCILATION AND MERCHANT TOOLS
Invariably clients will have questions about their payments - and the tools offered by the payment gateway to the merchants to deal quickly and efficiently with these queries forms an important part of the customer satisfaction arsenal.

A much neglected area is the ability of the merchants to carry out reconciliation and make sure that all payments are reconciled. Buggy software, often times at the bank and sometimes within the merchant's website can lead to lost payments, double payments or transactions unpaid by the bank to the merchant. Caught in time, most credit card issues are easily dealt with - in fact the traceability of credit card payments is a big advantage for merchants and cardholders alike - but disputes within the card industry carry a time limit within they must be resolved. Detecting where the reconciliation problem is can be next to impossible without proper tools. Again, banks are generally poorly equipped to deal with reconciliation issues and simply pass the responsibility to the merchant. Recognizing the importance of reconciliation, Endeavour has introduced reconciliation modules with most of the banks it works with - greatly facilitating this tedious but essential task.

LIMITING THE BURDEN ON MERCHANTS
The Internet is based on technology and technology is complex and rapidly evolving. Back in 1999 anyone with a knack at web design could fancy himself a web expert. Things have come a long way since then and the level of complexity involved is no place for amateurs.

The security implications alone are mind boggling. Any form on your website can be a vector of attack. Servers have to survive denial of service attacks, intrusion attacks and everything else in between. Every flaw is exploited within hours of being made public.

Browsers themselves are compromised or misunderstood. Follow through these simple examples:

A client accesses your website and is viewing a webpage. He then hits a button and moves to another page on your website. The data arriving on the second page is coming from the first page with the addition of any extra data that the client may have entered.

The above statement is already wrong! The data is actually coming from the browser of the client running on the client's computer. If the browser itself is compromised, the data received from the first page to the second page can undergo substantial modifications.

A second scenario, a client downloads a secure page. The browser shows the padlock sign and everything looks in order. The client fills his card details and hits the send button, knowing that his data will be protected with SSL encryption while in transit between his computer and the website.

The above statement is again wrong! The padlock shows that that data for the form itself was downloaded over SSL. The actual post itself can quite easily be happening over a normal unsecured connection.

Having said all this, merchants need not be IT experts. Indeed, many successful merchants are very knowledgeable of their respective markets but with scant knowledge of technology. It is the role of the payment gateway to carry as much of the security burden as possible - allowing the merchants to focus on their business - namely getting the clients up to the payment page and providing the customer service there after.

The truth of the matter is that some payment gateways themselves are poorly prepared to be an online business themselves. The Payment Card Industry Security (PCI) standard was introduced to deal with these situations. The Endeavour payment gateway has been compliant with this standard from the very early years when it was introduced. If a merchant uses a payment gateway that is not an approved PCI compliant Payment Solution Provider (PSP), then that merchant will be responsible for any fines resulting from the hacking of the PSP.

The merchants are expected to act responsibly. Storing of credit card information is rarely a case of responsible behavior and as we have seen even the largest organizations with presumably qualified personal can be hacked. Quite simply, these organizations are acting outside the scope of their core competencies.

Endeavour has worked closely with its merchants to understand why credit cards may need to be stored. Within gaming, a number of reasons come up, some of which are:

• Payouts
• Detecting if registered card details have changed
• Refunds and Cancellations
• Fraud Detection

Security can never be sacrificed for expediency; instead the payment gateway needs to measure up to the task, reducing complex problems to simple solutions any merchant can work with.

UNDERSTANDING THE GAMING INDUSTRY
The risks with online payments for a sports book are different than the risks for a casino and both are different than a poker network. Endeavour is very involved in the Gaming Industry and has turned this experience to a profit for its merchants.

OVER THE HORIZON
What does the future hold for the card industry? The Euro zone has made the EU a more homogenous and therefore a more attractive market place. The Single European Payment Area (SEPA) will lower the costs for bank transfers and will open access to the multitude of debit cards in Europe, which right now can only be accessed through local banks.

The gaming industry is very susceptible to the payments industry; anyone doubting this fact has only to look at the approach the US took to stop remote gaming. For the European market at least, there is reason to be optimistic.