Authors: Elisa Lorenzo/Paula González de Castejón

The Spanish gambling regulator (the General Directorate for Gambling Affairs or “DGOJ”) has recently published a document containing technical guidelines on the prevention, detection and management of fraud on online gambling activities. The Spanish version is available in the following link.

These guidelines are aimed at ensuring that all online gambling operators licensed in Spain count with an adequate policy for the prevention, analysis and management of fraud activities aligned with the criteria of the DGOJ.

This is the first time the DGOJ publishes their criteria in connection with the specific rules that online gambling operators must implement to prevent fraudulent activities. Online gambling operators in Spain are obliged to count with a so called Fraud Manual aimed to detail the procedures put in place in order to detect and impede fraudulent activities from players. However, as mentioned before, up to date, the DGOJ had not elaborated any guidelines on the actions that online gambling operators should adopt in order to prevent those activities.

Within these guidelines, the DGOJ analyzes the main fraudulent activities variants identified during these past years and that based on their experience more frequently take place on an online gambling website. According to this document, the main fraudulent activity which concerns the DGOJ is the “identity fraud”, as this may imply the access to online games to persons who have been excluded from the games (such has minors, and persons having gambling problems such as self-excluded persons).

This document includes measures that must be implemented by all online gambling operators to ensure compliance with the requirements of the Spanish gambling regulations, as well as additional standards that can be taken into account by online gambling operators in order to elaborate their own counter fraud systems.

The most relevant fraud variants identified by the DGOJ in this document are:

a) Identity Fraud: This type of fraud occurs when a user has registered in the website by intentionally using incorrect registration details (both using their correct identification data but changing any of the registration details, or using a third party personal data). The most relevant risk associated to this fraudulent activity is that persons having prohibited the access to the games try to register and play (such as minors or self-excluded players).

b) Fraud on the payment methods: Adequate measures should be implement to ensure that all gambling and payment transaction can be totally traced. Therefore, the guidelines require online gambling operators to ensure that all withdrawals permit the traceability of the transactions.

c) Fraud on the origin of the funds: The measures to be implemented pretend verifying that the funds used by the players have not an illegal or fraudulent origin, and are mainly addressed to verify that the player has sufficient economic level to the funds invested on the games.

d) Fraud of geo-location: Online gambling operators are required to ensure that registered players are not using VPNs or Proxy devices to avoid the geo-location of their access. Said measures must impede that Spanish residents access to other operators’ site (other than the .es) using technologies aimed at hiding their IP address.

e) Fraud related to match-fixing: The measures to be adopted in order to avoid this type of fraud are addressed to provide adequate training to all involved parties, as well as to inform the relevant authorities on the suspicious of fraud.

In all the cases, the DGOJ reinforces the need to monitor in an adequate manner the users activities in those cases where it has been detected that the user could be involved in a fraudulent activity, as well as to proceed with the suspension of the user account if there are suspicious of a fraud, and to proceed to cancel the user account if the fraudulent activity is confirmed.