Olga Finkel has had an article published in the Remote Gaming Update 2014 issued by the Malta Lotteries and Gaming Authority. The article addressed the regulatory and compliance challenges for mobile gaming.

An important channel for gaming
Mobile gaming is expected to become the truly new frontier of the gaming industry, with a recent survey by the research firm MECN[1]showing that over 80% believe that mobile gaming will soon be the key driver of future growth. Some gaming operators have published figures showing  upwards of 30% of total revenue derived via mobile channels (smartphones, tablets), with reported figures being even higher for selected products, notably sportsbook products. The industry is also exhibiting a clear trend where new market entrants primarily focus on consumers using mobile devices. Established operators launching new mobile solutions should reasonably expect at least 7% of their business to be driven by mobile. With smartphones and tablets continuing to proliferate and a steady decrease in the cost of mobile data the future of mobile gaming is bright.
Mobile-friendly regulatory framework
Considering its strong upward trend, it is vital that the gaming regulatory framework is capable of embracing mobile gaming. The Maltese Remote Gaming Regulations (‘RGR’) have been designed on the principles of technological neutrality, which means that any channel of remote communication used for the provision of remote gaming services is covered by the regulatory regime, be it online, interactive-TV or mobile. In practical terms, this also means that once a gaming product has been approved by the LGA, it can be offered by the operator via any and all channels, including the mobile channel, without the need to obtain any additional licence.
Generally speaking, whether a desktop computer, a tablet or a smartphone is used by the player, the same rules apply to regulate the gaming offering. However, mobile devices and mobile technologies have certain limitations and pose certain specific concerns. A mobile-friendly regulatory regime, therefore, must recognise and be sensitive to technological challenges and limitations of the mobile delivery channel, while ensuring, at the same time, that player protection and general regulatory oversight are not compromised. Although the regulations are technology neutral, they were not drafted with mobile gaming in mind and as a result pose certain regulatory challenges, some of which are examined below.
Information to be provided to players
Players must be fully informed on the service provided to them, as well as on the company providing such service. The Regulations set out the minimum necessary information that a remote gaming operator must provide to the players about itself and its service, including the full name of the company-provider, its address, list of all licences and their date of issue, a statement that the operations are regulated by the LGA, links to the sites of organisations specialising on helping problem gamblers, links to terms and conditions of the game, dynamic seal of the Authority and other information. It is understandable and correct that a change of the delivery channel from a website to a smartphone should not prejudice the player, in anyway. The player should still be given the opportunity to access all prescribed information. However, the Regulations tend to be too prescriptive, requiring all the above-mentioned information to be on ‘the homepage’, which is, quite obviously, extremely cumbersome for a smartphone. In our view, as long as the operator provides all the required information, he should be allowed to deviate from the ‘homepage’ approach and use other, more appropriate means to present information to the player.
Responsible gaming issues
Responsible gaming principles require operators to provide the players with tools for self-assessment, self-restriction and self-exclusion, so that the risk of potential addictive behaviour is minimised. During the early rollout of mobile online gaming products, there was a perception that the nature of mobile devices, in particular the fact that they are,  more pervasive than desktop computers and constantly within reach of players, would lead to a higher risk of addictive gambling behaviour. This perception so far has been unfounded and, as far as responsible gaming measures are concerned, mobile gaming should be treated in the same way as other forms of remote gaming. The Remote Gaming Regulations, in fact, require operators to implement responsible gaming measures irrespective of the delivery channel, requiring operators provide players with the possibility, amongst others, to self-impose limits on their playing time, on periodic losses and wagering, as well as to self-exclude themselves from gambling altogether, whether for a period of time or indefinitely. The Regulations also require operators to implement hourly reminders to players interrupting play, aimed at raising player awareness of uninterrupted playing sessions that can lead to addictive behaviour.
While, in general, the above regulatory measures present an adequate framework for responsible gaming, one has to look closer to see whether the required implementation of such measures is adequate or appropriate in relation to mobile gaming.
Let’s consider hourly reminders: The assumption behind the hourly reminders is that once the game is launched, the player will be engaged in the game until he decides to do something else, forcing the game to be idle or suspending or closing the session. Clearly, in the context of gambling via a smartphone, a player may have interruptions that he is either compelled or at least much more likely to attend to – such as an incoming phone call or a message, temporary unavailability of data connection, etc. In such situations, the game application would normally still be running in the background, even though the player would not be playing the game. In our view, therefore, it would be appropriate to allow a re-set of the timer in such cases, as the game would clearly be interrupted.
Prevention of underage gambling and KYC compliance
One of the most fundamental cornerstones of the gambling industry is that underage play must be prohibited and all available means should be used to ensure that this principle is complied with. For remote gaming this boils down to adequate identity verification, which is a critical process not only for filtering out of minors, but also for carrying out operators’ compulsory general ‘Know Your Client’ (‘KYC’) procedures. Identity verification and filtering of minors on mobile devices are, in some respects, more technically challenging, as well as more time consuming for the player, especially when it comes to collecting data by way of lengthy forms, statements and other copies of documents.
Technically, and irrespective of gaming-specific regulations, mobile operators, as well as handset and mobile operating systems manufacturers can offer solutions to this problem by providing verification services. Moreover, mobile payment providers, especially those that are required to undertake prior stringent KYC checks, such mobile payment methods operated by banks, can also provide additional verification data for gaming operators. It is important for regulations to be as technology neutral as possible in this area, as certain prescriptive rules, such as the forced verification of a player’s email address, may be very cumbersome or even totally meaningless for mobile users who wish to register and login into their player account solely via their mobile phone and mobile number and who would want to verify their account securely using an SMS-based or similar method. Mobile KYC services are also becoming increasingly popular, taking advantage of inbuilt cameras and geolocation devices that are widely available on smartphones. New smartphone technology such as inbuilt fingerprint scanners will also help increase the level of identity verification afforded by smartphones, potentially making mobile gaming more secure than other forms of gaming. For this reason, in our view, email address verification for a player registering via a mobile device should be dispensed with in favour of more appropriate, and arguably more secure, mobile-focused verification methods.
Geolocation and geofencing issues
As mentioned above, geolocation and geofencing generally provide positive opportunities both for operators and regulators. The use of geolocation services can aid in determining the legality of a gambling transaction across borders by having realtime location monitoring coupled with geolocation transaction stamping.
Newly implemented regulations in other jurisdictions, such as the New Jersey regulations, provide for mobile gaming that is legal within pre-specified geographical boundaries that can be checked using geolocation and geofencing technology. However, one has to bear in mindthat geofencing technology can give results of varying precision, especially in highly built-up urban areas where GPS co-ordinates can be significantly imprecise – enough to identify a state border accurately, but not always good enough to identify the precise casino boundaries or even specific areas within a casino, for example, the casino parking area – making legislation that relies on overly precise geofencing requirements technically hard to implement and enforce. Land-based casinos in Nevada which implemented a mobile gaming service with similar restrictions have realised a less than 0.01% increase in tax revenue[2], so the US approach is still untested and may not give much, if any, added benefit to European style regulations.
Geofencing can also be used by operators to provide a personalised service to players, by offering customised bonuses and promotions that are activated by the player being physically in a particular location at the particular time. The existing Regulations adequately cover such marketing activities as long as the operator does not resell or disclose the player private location data.
Data security and privacy concerns
Geolocation and geofencing do, on the other hand, bring along data privacy concerns. Privacy concerns are exacerbated with mobile gaming due to the possibility to identify, at least approximately, the player’s physical location and the player movements, due to the ease with which information can be shared across devices. Security concerns are rising due to the possibility of misplacing and losing mobile devices, resulting in unauthorised use.
Personal data is already protected adequately in the EU via data protection regulations, which also prevent the operator from using player geolocation for unapproved uses outside the scope of the direct provision of online gaming services and without player consent. Nevertheless, gaming operators need to be more vigilant in mobile privacy issues, while regulators may conceivably provide for additional levels of protection specifically for players whose mobile devices have been demonstrably abused or stolen, to enable transactions to be rolled back, voided or cancelled.
On the other hand, data security concerns are adequately covered by existing regulations that are applicable to other forms of online remote gaming. The mobile device industry has spent considerable amounts of capital and resources to ensure that smartphones and mobile phones in general inherently possess a high level of security. While smartphones and tablets can indeed be hacked as with any other sophisticated computing device, the general risk to operators remains low – in many cases lower than with other types of devices, especially considering features like fingerprint recognition, which are inbuilt in some mobile devices.
Personalisation and realtime data mining
The need for operators to provide a fast and frictionless user experience on mobile devices makes the use of personalisation even more important when compared to other devices that have more display space available for the player. Commercially, operators also need such methods to offer a competitive product that adapts to player preferences, minimise the amount of complaints and reduce issues that players may experience as a result of an awkward or user unfriendly interface. Marketing campaigns on mobile using direct SMS and mobile-friendly methods, such as push notifications and mobile optimised email messages, are often more time sensitive and immediate than with a desktop site, requiring the use of simple user profiling to ensure, for example, that players are not disturbed at odd hours of the day, or during times when they are unresponsive and do not wish to be disturbed.
The use of real-time data mining and player segmentation tools in the mobile gaming context can also be more effective in detecting potential addictive gambling patterns and abnormal usage, while preventing the use of such tools may lead to a decrease in the player protection level.
While data mining and personalisation, as very briefly mentioned above, have very useful applications particularly in the mobile gaming sector, both for commercial and regulatory advantage, the new European Union legislation on data protection proposed by the European Commission in 2012 provide for further restriction of personalisation and data mining methods, with opt-ins become absolutely essential. It may be a significant challenge for mobile operators to have both compliant and commercially and technically sensitive opt-in checkboxes in the user interface. For other means of collecting personal data, operators are obliged to provide adequate unsubscribe and opt-out instructions to their players. In desktop and even tablet based operations, having a short unsubscribe link or message displayed unobtrusively in a marketing message does not generally pose a problem. However, on mobile devices, the methods used may render this impractical – for example, in an SMS, where the amount of available characters is severely limited. In our view, given the important regulatory advantage of personalisation and data mining methods in mobile gaming, gaming regulations should allow operators to use alternative, more user-friendly means of collecting opt-ins and opt-outs from mobile devices.
Mobile gaming operators face practical issues imposed by player’s mobility and a constant sense of immediacy, as well as smaller device displays used in mobile gaming. All these issues need to be handled in a compliant manner, while allowing at the same time smooth and attractive user experience. At the same time, remote gaming regulations should also evolve in order to sensitively handle issues presented by mobile gaming to allow this ever growing segment to flourish and achieve its full potential in a compliant way.
[1] MECN. Online Gambling Benchmarking 2013 Edition. London/Munich, September 2013.
[2] State of Nevada. Legislative Fiscal Estimate to S-1323, June 5, 2012.