The New Jersey Division of Gaming Enforcement has fined Malta-based Gaming Innovation Group (GiG) $25,000 for failing to prevent someone from outside the state to gamble on HardRockCasino.com, a site for which GiG provides its online gambling services.
The incident actually occurred at some point before July 4, 2018, though it is not specified when exactly. That date was the date a geolocation firm was conducting an audit on GiG’s systems and found a browser vulnerability which allowed users to make it look like they were playing New Jersey when they were, in fact, sitting somewhere else.
One player was confirmed to have bet and lost $29 on HardRockCasino.com from Nevada, which, of course, is not allowed. One might wonder why someone would gamble on a New Jersey site from Nevada, where online poker is legal. It is because though online poker is legal, ONLY online poker is legal – online casino games are not. The player may have just wanted to play some table games, spotted the exploit, and gave it a shot. That only $29 was lost could indicate any number of things: a) the player was a low-roller, b) the player was just conducting a small test for a future gambling run, or c) the player was just goofing around to see if he could pull it off. Who knows?
What we do know is that the $29 has cost Gaming Innovation Group $25,000, as indicated in civil action order signed by New Jersey DGE Director David Rebuck on April 30, 2019.
“This one-off single incidence of out-of-state gambling was due to a technical vulnerability which was quickly discovered and reported to the regulator in New Jersey in the first week the company went live in New Jersey,” Gaming Innovation said in a statement to the Associate Press. “An end user from outside the state of New Jersey with technical knowledge managed to access the front end debugger to change the location and pretend to be from New Jersey.”
As the company mentioned, it was the first week GiG was live in New Jersey, so while it was a mistake that should not have happened, it’s not like it was going on for months; it was caught quickly. GiG was approved for New Jersey operation on June 28, 2018.
Then again, this is something that probably should have been spotted during the software testing process and should have never been in the live product in the first place. Shit happens, I guess. One key to remember is that while online gambling opponents might point to an instance like this and say, “See? Regulation doesn’t work! Someone still exploited the system,” I would say that it shows that regulation does, in fact, work. Without regulation, there would have been less incentive for GiG to hire a company to audit its system, there would have been less incentive to self-report the problem, and there would have been less chance that this would have been caught.