GPWA Times Magazine - Issue 25 - June 2013

Although the player who spoofs his loca- tion may be performing a low-risk activ- ity, the operator who accepts such a bet and the processor who handles the play- er’s payment are committing a crime. Not only will operators face federal prosecu- tion under UIGEA, but also state-level penalties in the jurisdiction where the bet actually occurred, and furthermore in the state where the operator is licensed. Veteran spoofers Though accustomed to performing basic country-level location checks and ensur- ing content is also language appropriate, it may prove to be particularly difficult for some operators to face up to veteran on- line players with significant spoofing ex- perience. These players have been playing for over a decade – whereas licensed of- ficers of U.S. gaming operators may never have even played online poker – let alone run a site. These players are highly skilled in en- suring uninterrupted access to sites at- tempting to block U.S. players and will likely be using a number of free or low- cost solutions requiring little technical savvy for the average player to use. State- level regulators new to the world of regu- lating Internet-based gaming may not yet realize exactly what (and whom) they are up against. A player’s toolbox A wide range of tools are typically employed by players determined to play out-of- bounds, including a host of spoofing tech- niques that fake their location results. They may use proxy servers, remote desktop programs, virtual private networks (VPNs) and even mobile phone apps to mask their location. Most of these methods involve a simple download or may come built-in to the operating system on their device. Apart from looking to gain unpermitted access to gaming sites, players may also be using spoofing techniques to collude in a poker game or claim a bonus they are not entitled to simply by appearing to login from somewhere else. Luckily, regulators are raising the bar and requiring operators to utilize more robust geolocation systems to thwart some of the following types of location spoofing. Proxy servers Proxy servers work as a “middleman” ser- vice between the end user and the website they are looking to access. This is a simple spoofing method used by players to redi- rect their Internet connection to a location where Internet gaming is accessible and legal; they will have the ability to mask their true IP address with the IP address of the proxy server’s location. If left unde- tected, this could easily fool an operator into accepting out-of-state payments from a player outside an allowable jurisdiction. Proxy servers may operate as a paid ser- vice or may be accessed from a number of free websites offering support and easy network connection tools for all common devices including PC, Mac, Android and iOS. This ultimately means that mobile operators will likely face the same proxy challenges as Internet operators offering desktop computer products despite the difference in player devices. Luckily, technology is now available to “pierce” a proxy and see the true origins of a player’s connection, and thus reveal the activities of a location fraudster. In order to remain compliant with gaming regula- tions, operators will likely need to deploy such technologies to detect proxies, and possess the ability to uncover and block this common spoofing method now used by many online gamers around the world. Remote desktop software Remote desktop software was designed to allow a user to control a computer from another (remote) device. Such pro- grams are readily available and may in fact come preinstalled on many Windows computers. Household names for other such products on the market in this cat- egory include GoToMyPC, LogMeIn and TeamViewer. While these programs can aid in remotely accessing a home computer while one is on vacation, gamers can also use them maliciously to remotely control a device located within a jurisdiction where online gaming is permitted. Doing so would al- low them to gain access to a site while out of state, so long as they had access to a de- vice in the ideal location. Unfortunately for mobile users, remote desktop software can typically be used to control PCs orMacs but not mobile devices themselves; there are, however, programs such as GoToMyPC that enable a PC to be controlled remotely from a mobile device. Any such programs that allow for remote control of mobile devices themselves are much less common and would require a “jailbroken” or hardware “hacked” device in order for them to be installed. Nevertheless, there are still plenty of veteran players out there willing to go to such lengths. For that reason, operators and regulators will need to employ great diligence in checking the running pro- cesses on a player’s device during play to thwart any remote-controlled access. Fortunately, location technology exists today to stand up to the challenge and screen for such running processes on a player’s device. What may emerge as a secondary issue for operators in their diligent checks is addressing the fact that many PCs with factory-installed remote desktop soft- ware may have these programs running “As U.S. players make the transition from offshore sites to regulated U.S. sites in places such as Nevada, they will likely bring along with them a plethora of spoofing techniques and auxiliary software programs designed to mask their true location to avoid eligibility issues.” 13 Putting geolocation on iGaming’s map