Casino Blog

Well, I believe people who read my articles on this casino blog know what is eCogra. Just in a few words for those who is not familiar enough to gambling industry:

*eCOGRA is a non-profit organization, a kind of independent standards authority of the online gaming industry, which is specifically overseeing fair gaming, player protection and responsible operator conduct to protects everybody who is engaged in online gaming where it is lawful.

So, it has become a question on great interest how to obtain an eCogra seal for a software provider. This is what I would like to explain in this article.

First of all, for eCogra requirements may be applicable to different products:

All – All products C – Casino P – Poker S – Sportsbook B – Bingo
Minimum software requirements for all types of software:
1. All receipts from and payments to players must be conducted through a formal documented process.
2. Registration, deposit and withdrawal conditions and procedures shall be clearly communicated to players.
3. All information regarding receipts and payments shall be logged and retained by the applicable parties.
4. Financial reconciliation procedures must be demonstrated.
5. Players shall be able to access their account history dating back for a minimum period of one month, including all deposits, withdrawals and payments.
6. Any uncontested funds left in an account, previously de-activated by the operator, shall be remitted to the owner of the funds.
7. The locking of player accounts shall be conducted through a formal documented process.

Minimum information requirements:
1. A complete history must be maintained of all transactions that affect player balances for a period of 12 months.
2. Records of player transactions that individually or cumulatively exceed $/€10,000 must be retained for a minimum period of 5 years.
3. Reports shall be generated for all changes made to game parameters. (for C P B)

Minimum security requirements:
1. Security policies and procedures shall be documented, communicated and reviewed at least annually or in the event of material changes
2. Security policies and procedures shall be implemented. Risk-based internal and external security reviews shall be conducted at least annually or in the event of material changes.
3. Virus scanners and/or detection programs must be installed on all pertinent information systems. These programs shall be updated regularly to scan for new strains of viruses.
4. Controls shall be in place for changes to information processing facilities and systems in order to reduce the risk of security or system failures.
5. Player credit card numbers stored on the system shall be secured from unauthorised use.
6. All players must have their identity verified with an account identifier/password pair, or by any other means that provide equal or greater security (e.g. digital certificates), prior to being permitted to access the system. Account transactions must be subject to strict security control and shall be maintained in a system audit log.
8. All system users must have their identity verified with an account identifier / password pair, or by any other means that provide equal or greater security, prior to being permitted to access the system. Passwords must be a minimum of 8 characters in length, and where feasible comprise of letters, numbers and special characters.
9. Where technically feasible, the system must use password history techniques to maintain a password history of users. The history file should contain the last 10 passwords of users and store them in encrypted form.
10. Passwords on the system should be changed every 60 days.
11. The system shall provide the facility for users to change their passwords.
12. The system should limit the number of failed logon attempts to 3.
13. All inactive accounts, which hold player funds, shall be restricted against unauthorised user access, and no admin adjustments shall be processed against inactive accounts without the appropriate level of authorisation.
…and much more

To learn more about minimum requirements and suggested practices to get eCogra seal for software providers, please, dowload the document below.
ecogra_software_accreditation requirements

save this post as PDF

This entry was posted on Monday, December 29th, 2008 at 16:01 and is filed under Uncategorized (tags: none). You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.