International edition
May 22, 2019

GiG's server allowed a patron from Nevada to gamble online through Hard Rock's site

New Jersey fines a technology firm USD 25,000 for a flaw in geolocation

New Jersey fines a technology firm USD 25,000 for a flaw in geolocation
The flaw allowed a patron trying to access the Atlantic City Hard Rock's gambling site from Nevada to inspect the browser code and change data to falsely indicate that the patron was located in New Jersey.
United States | 05/13/2019

On July 4, a geolocation company was checking the system at Hard Rock's request when it found the vulnerability. Patron access to the system was shut down and a fix was put in place the next day. Division of Gaming Enforcement says the Malta-based Gaming Innovation Group did not take adequate steps to ensure that the computer server made the final call on whether a patron was within New Jersey.

N

ew Jersey regulators fined Gaming Innovation Group (GiG) USD 25,000 for a flaw in its geolocation technology, which is designed to make sure people are within the state's borders before they can gamble. The state Division of Gaming Enforcement says the Malta-based company, which provides online gambling for Atlantic City's Hard Rock casino, had a technical vulnerability last summer.

It allowed a patron trying to access the Hard Rock's gambling site from Nevada to inspect the browser code and change data to falsely indicate that the patron was located in New Jersey, The New York Times reported.

On July 4, a geolocation company was checking the system at Hard Rock's request when it found the vulnerability. Patron access to the system was shut down and a fix was put in place the next day.

In New Jersey, gamblers must be physically present within the state in order to gamble online. The way companies ensure this is through geolocation, a multi-layered series of technologies that determine where a person is at the time he or she is trying to place a bet.

In this case, the gaming enforcement division determined, GiG did not take adequate steps to ensure that the computer server made the final call on whether a patron was within New Jersey. Instead, the patron was able to trick the system. The company calls it a one-time incident that was quickly reported and fixed, and that it maintains controls to make sure it complies with regulations "at all times."

"This one-off single incidence of out-of-state gambling was due to a technical vulnerability which was quickly discovered and reported to the regulator in New Jersey in the first week the company went live in New Jersey," Gaming Innovation said in a statement. "An end user from outside the state of New Jersey with technical knowledge managed to access the front end debugger to change the location and pretend to be from New Jersey." 

It wasn't the first such incident; in March, New Jersey gambling regulators ordered a California man to hand over more than $90,000 from online accounts he had funded and gambled with from outside the state.

In a separate enforcement action, the division fined the Borgata casino $7,500 for taking prohibited sports bets. On Dec. 8, the casino accepted bets on two college basketball games, Clemson vs. Mississippi State, and Connecticut vs. Florida State. Both games were played at the Prudential Center in Newark. State law prohibits betting on New Jersey college teams, or any college games held within the state, even if it involves teams from elsewhere in the country. The casino refunded all wagers on those games.

Leave your comment