Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Code website reflects the Pennsylvania Code changes effective through 51 Pa.B. 676 (January 30, 2021).

Pennsylvania Code



CHAPTER 812. INTERACTIVE GAMING PLAYER ACCOUNTS—TEMPORARY REGULATIONS

Sec.


812.1.    Definitions.
812.2.    Player account registration.
812.3.    Account security.
812.4.    Single account requirement.
812.5.    Account terms and conditions disclosures.
812.6.    Self-exclusion list.
812.7.    Player funding of accounts.
812.8.    Player loyalty programs.
812.9.    Player account controls.
812.10.    Player withdrawals.
812.11.    Player account statements.
812.12.    Suspended accounts.
812.13.    Dormant accounts.
812.14.    Use of player data.

Authority

   The temporary provisions of this Chapter 812 issued under 4 Pa.C.S. § §  1202(b)(30) and 13B03(b), unless otherwise noted.

Source

   The temporary provisions of this Chapter 812 adopted May 4, 2018, effective May 5, 2018, expire May 5, 2020, 48 Pa.B. 2631, unless otherwise noted.

Cross References

   This chapter cited in 58 Pa. Code §  814.1 (relating to general requirements); and 58 Pa. Code §  830.9 (relating to eligible passengers; accounts; funding of play; withdrawals).

§ 812.1. Definitions.

 The following words and terms, when used in this chapter, have the following meanings, unless the context clearly indicates otherwise:

   Electronic identifier—A unique identifier, other than personal identifying information (for example, a Social Security number), used to identify a player.

   Player session—A player session consists of all activities and communications performed by an authorized registered player and the interactive gaming system between the time the registered player logs in to the interactive gaming system and the time the registered player logs out or is logged out of the interactive gaming system.

   Strong authentication—A method that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter by combining at least two mutually-independent factors so that the compromise of one method should not lead to the compromise of the second and includes one nonreusable element, which cannot easily be reproduced or stolen from the Internet, to verify the identity of a registered player.

§ 812.2. Player account registration.

 (a)  Prior to engaging in interactive gaming, a player shall establish an interactive gaming account.

 (b)  To establish an interactive gaming account, the player shall provide all of the following information:

   (1)  The player’s legal name.

   (2)  The player’s date of birth.

   (3)  The entire or last four digits of the player’s Social Security number, if voluntarily provided, or equivalent for a foreign player such as a passport or taxpayer identification number.

   (4)  The player’s address.

   (5)  The player’s e-mail address.

   (6)  The player’s telephone number.

   (7)  Any other information collected from the player to verify his identity.

 (c)  An interactive gaming certificate holder or interactive gaming operator licensee shall create and maintain an electronic player file containing the information the player submitted to establish the player account.

 (d)  The electronic player file created by an interactive gaming certificate holder or interactive gaming operator licensee must encrypt the information in an electronic player file.

 (e)  The interactive gaming certificate holder or interactive gaming operator licensee shall verify the player’s identity and record the document number of the government-issued credential examined, or other methodology for remote, multisourced authentication, which may include third-party and governmental databases, as approved by the Board.

 (f)  The interactive gaming certificate holder or interactive gaming operator licensee shall verify that the player is of the legal age of 21 years of age, not self-excluded or otherwise prohibited from participation in interactive gaming.

 (g)  The interactive gaming certificate holder or interactive gaming operator licensee shall require the player to affirm that the information provided to the interactive gaming certificate holder is accurate.

 (h)  The interactive gaming certificate holder or interactive gaming operator licensee shall record the player’s acceptance of the interactive gaming certificate holder’s terms and conditions to participate in interactive gaming.

 (i)  The interactive gaming certificate holder or interactive gaming operator licensee shall record the player’s acknowledgement that the legal age for interactive gaming is 21 years of age and that he is prohibited from allowing any other person to access or use his interactive gaming account.

 (j)  The interactive gaming certificate holder or interactive gaming operator licensee shall record the player’s acknowledgement that any violations of the interactive gaming regulations are subject to the penalties provided in the act and may result in criminal prosecution under 18 Pa.C.S. (relating to Crimes Code).

 (k)  The interactive gaming certificate holder or interactive gaming operator licensee shall require the player to establish a password or other access security feature as approved by the Board and advise the player of the ability to utilize strong authentication login protection.

 (l)  The interactive gaming certificate holder or interactive gaming operator licensee shall notify the player of the establishment of the account by e-mail or first class mail.

§ 812.3. Account security.

 (a)  An interactive gaming system must utilize sufficient security to ensure player access is appropriately limited to the registered account holder. Unless otherwise authorized by the Board, security measures must include, at a minimum, all of the following:

   (1)  A username.

   (2)  A password of sufficient length and complexity to ensure its effectiveness.

   (3)  Upon account creation, the option for users to choose strong authentication login protection.

   (4)  When a player logs into his registered interactive gaming account, the system must display the date and time of the player’s previous log on.

   (5)  An option to permit a player to elect to receive an electronic notification to the player’s registered e-mail address, cellular phone or other device each time an interactive gaming account is accessed.

   (6)  The interactive gaming system must require a player to re-enter his username and password after 15 minutes of user inactivity.

 (b)  An interactive gaming certificate holder or interactive gaming operator licensee may not permit the creation of anonymous interactive gaming accounts or accounts using fictitious names. A registered player may, while engaged in interactive gaming, represent himself using a screen name other than his actual name.

 (c)  An interactive gaming system must provide an account statement with account details to a player, on demand, which must include information as required under this chapter.

 (d)  An interactive gaming system must utilize sufficient security to ensure third-party access to player accounts is limited as follows:

   (1)  Network shared drives containing application files and data for interactive gaming system must be secured so that only authorized personnel may gain access.

   (2)  Login accounts and passwords required to administer network and other equipment are secured so that only authorized IT personnel from the interactive gaming certificate holder or interactive gaming operator licensee may gain access to these devices.

   (3)  Remote access by vendor personnel to any component of the interactive gaming system is allowed for purposes of support or updates and is enabled only when approved by authorized IT personnel employed by the technology provider.

 (e)  Interactive gaming certificate holders and interactive gaming operator licensees may utilize third-party vendors to verify player information so long as those vendors are licensed by the Board when required and the agreements related to the provided services is submitted to the Board.

§ 812.4. Single account requirement.

 (a)  A player shall have only one interactive gaming account for each interactive gaming certificate holder or interactive gaming operator licensee. Each interactive gaming account must be nontransferable, unique to the player who establishes the account, and distinct from any other account number that the player may have established with the interactive gaming certificate holder or interactive gaming operator licensee for noninteractive gaming activity.

 (b)  Each registered player account shall be treated independently and players may not be permitted to transfer funds between accounts held with different interactive gaming certificate holders or interactive gaming operator licensees. Registered players are prohibited from transferring funds to an account held by another player.

 (c)  To ensure compliance with this subpart, interactive gaming certificate holders and interactive gaming operators shall:

   (1)  Record and maintain the physical location of the registered player while logged in to the interactive gaming account.

   (2)  Ensure that a registered player does occupy more than one position at a game at any given time.

§ 812.5. Account terms and conditions disclosures.

 (a)  During the registration process the player shall agree to the terms and conditions which govern the relationship between the interactive gaming certificate holder or interactive gaming operator licensee and the player. The terms and conditions must include a privacy policy which governs the protection and use of the player’s data.

 (b)  The terms and conditions provided to players by interactive gaming certificate holders and interactive gaming operator licensees shall be submitted to the Bureau of Gaming Operations for review. The terms and conditions must contain, at minimum, all of the following:

   (1)  The name and address of the interactive gaming certificate holder or interactive gaming operator licensee.

   (2)  A statement that the interactive gaming certificate holder or interactive gaming operator licensee is licensed and regulated by the Board for the purposes of operating and offering interactive gaming services in this Commonwealth.

   (3)  A requirement that the player acknowledges that he has read the terms and conditions and agrees to be bound by them.

   (4)  A requirement that the player will comply with all applicable laws, statutes and regulations.

   (5)  A statement that no individual under 21 years of age may participate in interactive gaming and that it is a criminal offense to allow a person who is not legally of age to participate in interactive gaming in this Commonwealth.

   (6)  A statement that the player consents to verification of registration information including name, address, date of birth, Social Security number, passport identification (for non-United States residents) and any other identification information required to confirm age and identity.

   (7)  A statement that the player consents to verification of his location for the duration of play of interactive games.

   (8)  A statement that players have the right to set responsible gaming limits and to self-exclude from interactive gaming.

   (9)  A dispute resolution policy including notifying players of their right to file a complaint with the Board.

   (10)  A player disconnection policy.

   (11)  Any other information that may be required by the Board.

§ 812.6. Self-exclusion list.

 (a)  All interactive gaming certificate holders and interactive gaming operator licensees shall have a link to the self-exclusion page of the Board web site.

 (b)  Any person seeking to place his name on the self-exclusion list shall follow the procedures in the Board’s regulations.

§ 812.7. Player funding of accounts.

 (a)  A player’s interactive gaming account may be funded through the use of all of the following:

   (1)  Cash deposits made directly with the interactive gaming certificate holder or interactive gaming operator licensee.

   (2)  Personal checks, cashier’s checks, wire transfer and money order deposits made directly or mailed to the interactive gaming certificate holder or interactive gaming operator licensee.

   (3)  A player’s credit card or debit card, including prepaid cards.

   (4)  A player’s deposit of cash, gaming vouchers or gaming chips at a cashiering location approved by the Board.

   (5)  A player’s reloadable prepaid card, which has been verified as being issued to the player and is nontransferable.

   (6)  Cash complimentaries, promotional credits or bonus credits.

   (7)  Winnings.

   (8)  Automated clearing house (ACH) transfer, provided that the interactive gaming certificate holder or interactive gaming operator licensee has security measures and controls to prevent ACH fraud. A failed ACH deposit attempt may not be considered fraudulent if the player has successfully deposited funds through an ACH transfer on a previous occasion with no outstanding chargebacks. If the interactive gaming certificate holder or interactive gaming operator licensee suspects fraud after multiple failed ACH deposit attempts, the interactive gaming certificate holder or interactive gaming operator licensee may temporarily freeze or suspend the player’s account to investigate and, if the interactive gaming certificate holder or interactive gaming operator licensee determines that fraud has occurred, suspend the player’s account.

   (9)  Adjustments made by the interactive gaming certificate holder or interactive gaming operator licensee following the resolution of disputes provided there is documented notification to the player.

   (10)  Any other means as approved by the Board.

 (b)  An interactive gaming certificate holder or interactive gaming operator licensee shall neither extend credit to a player nor allow the deposit of funds into an interactive gaming account that are derived from the extension of credit by affiliates or agents of the interactive gaming certificate holder or interactive gaming operator licensee.

 (c)  A player’s interactive gaming account may not have a negative account balance.

 (d)  Player account balances must be updated after each game cycle to ensure that sufficient funds are available for any future real money games the player may choose to play.

 (e)  Interactive gaming certificate holders or interactive gaming operator licensees may not accept or facilitate a wager:

   (1)  On any interactive game not approved by the Board for play in this Commonwealth.

   (2)  On any interactive game which the operator knows or reasonably should know is not between individuals.

   (3)  On any interactive game which the operator knows or reasonably should know is made by a person on the self-exclusion or the Board’s exclusion lists.

   (4)  From a person who the interactive gaming certificate holder or interactive gaming operator licensee knows or reasonably should know is placing the wager in violation of State or Federal law.

   (5)  From any licensed individual who is not permitted to participate in interactive gaming by virtue of his position with an interactive gaming certificate holder, interactive gaming operator licensee or other affiliated entity.

 (f)  All adjustments to interactive gaming accounts for amounts of $500 or under shall be periodically reviewed by supervisory personnel as set forth in the interactive gaming certificate holder’s or interactive gaming operator licensee’s internal controls. All other adjustments shall be authorized by supervisory personnel prior to being entered.

§ 812.8. Player loyalty programs.

 If player loyalty programs are supported by an interactive gaming system, all of the following must apply:

   (1)  Redemption of registered player loyalty points earned must be by a secure transaction that automatically debits the points balance for the value of the prize redeemed.

   (2)  All registered player loyalty database transactions are to be recorded by the interactive gaming system. If the player loyalty program is provided by an external service provider, the interactive gaming system must be capable of securely communicating with that service.

   (3)  The interactive gaming system must make readily accessible to the registered player all terms and conditions governing each available promotional or bonus feature.

   (4)  The terms and conditions must be clear and unambiguous, especially when bonuses or promotions are limited to certain tables or nontournament play, or when other specific conditions apply.

§ 812.9. Player account controls.

 (a)  A player session is started when a player logs in to the interactive gaming system.

   (1)  A player must be provided with the electronic identifier created by the interactive gaming certificate holder or interactive gaming operator, if applicable, and a password to start a session.

   (2)  The interactive gaming system must allow players to change their passwords.

   (3)  When a player has forgotten his password/PIN, the interactive gaming system must provide a secure process for the reauthentication of the player and the retrieval or resetting, or both, of the password/PIN. Processes for dealing with lost player user IDs or passwords must be clearly described to the player.

   (4)  When a player logs in to the interactive gaming system, the date and time of his prior player session must be displayed.

   (5)  Each player session must have a unique identifier assigned by the interactive gaming system which distinguishes the current session from previous and future sessions.

 (b)  During a peer-to-peer game, the software must permit a player to set an away from computer status (that is, self-imposed session inactivity). This functionality must be fully described in the help screens or applicable terms and conditions.

   (1)  The away from computer status must disallow all play and also cause the player’s turn to be automatically skipped during any round of play which takes place while this status is active.

   (2)  If a player sets an away from computer status during the middle of a round of play, he automatically forfeits play for that round (for example, for a round of poker, the software must automatically fold the player’s hand during the next round of betting).

   (3)  If a player performs any game action within the game window while in an away from computer status, the status must be removed and the player will be enrolled into the next round of play. Nongame sensitive actions, such as accessing the help menu from the game window do not require this status to be removed.

   (4)  If action has not been taken by the player within the time period specified in the help screens or the terms and conditions, or both, the player must be automatically placed into the away from computer status.

   (5)  If a player has been in the away from computer status for over 30 minutes, the player must be automatically logged out of the game or player account, or both.

 (c)  Interactive gaming systems must employ a mechanism that detects session inactivity and terminates a player session when applicable.

   (1)  If the interactive gaming system fails to receive a response from the interactive gaming device within 30 minutes, whether the player has been in away from computer mode or not, the interactive gaming system must implement a user inactivity timeout and terminate the player session.

   (2)  If a player session is terminated due to player inactivity timeout, the interactive gaming device must display to the player the player session termination (that is, the user inactivity timeout) upon the player’s next attempted action on the interactive gaming system.

   (3)  Further game play is not permitted until the interactive gaming system and the interactive gaming device establish a new session.

 (d)  A player session ends when:

   (1)  The player notifies the interactive gaming system that the session is finished (for example, logs out).

   (2)  A session inactivity timeout is reached.

   (3)  The interactive gaming system terminates the session.

     (i)   When the interactive gaming system terminates a player session, a record must be written to an audit file that includes the termination reason.

     (ii)   The interactive gaming system must attempt to send a session finished message to the interactive gaming device each time a session is terminated by the interactive gaming system.

 (e)  A responsible gaming page must be readily accessible from any screen where game play may occur. The responsible gaming page must contain, at a minimum, all of the following:

   (1)  Information about potential risks associated with gambling and where to get help for a gambling problem.

   (2)  A list of the responsible gaming measures that can be invoked by the player, such as player session time limits and bet limits, and an option to enable the player to invoke those measures.

   (3)  Mechanisms which detect unauthorized use of the player’s account, such as observing the Last Log in Time Display, the IP address of the last login and reviewing financial account information.

   (4)  A link to the terms and conditions that the player agreed to be bound to by entering and playing on the site.

   (5)  A link to the applicable privacy policy.

   (6)  A link to Board’s web site.

 (f)  All links to player protection services (for example, self-exclusion and other player imposed limits) provided by third parties are to be tested by the interactive gaming certificate holder or interactive gaming operator licensee periodically as required by the Board. Game play may not occur when links used to supply information on player protection services are not displayed or are not operational. When the link to player protection services is no longer available, the interactive gaming certificate holder or interactive gaming operator licensee shall provide an alternative support service.

 (g)  Players must be provided with a clear mechanism to impose self-limitations for gaming parameters including deposits, wagers, losses and player session durations as required by the Board. The self-limitation mechanism must provide all of the following functionality:

   (1)  Any decrease to self-limitations for gaming must be effective no later than the player’s next login. Any increase to these limits must become effective only after the time-period of the previous limit has expired and the player reaffirms the requested increase.

   (2)  A deposit limit as determined by the player must be offered on a daily, weekly and monthly basis, and must specify the maximum amount of money a player may deposit into his interactive gaming account during the designated period of time.

   (3)  A spend limit as determined by the player must be offered on a daily, weekly and monthly basis, and must specify the maximum amount of player deposits that may be put at risk during a designated period of time.

   (4)  A time-based limit as determined by the interactive gaming account holder must be offered on a daily basis and must specify the maximum amount of time that a player may spend playing on an interactive gaming system, provided that if the time-based limit is reached a player will be permitted to complete any round of play, or active or prepaid tournament.

     (i)   The self-limitations set by a player may not override any system imposed limitations or contradict information within the game rules.

     (ii)   Once established by a player and implemented by the interactive gaming system, it must only be possible to reduce the self-limitations upon 24-hour notice.

 (h)  The interactive gaming system must be capable of applying system-imposed limits as required by the terms and conditions agreed to by the player upon registration and as required by the Board. System-imposed limits must adhere to all of the following:

   (1)  Players must be notified in advance of any system-imposed limits and their effective dates.

   (2)  Once updated, system-imposed limits must be consistent with what is disclosed to the player.

   (3)  Upon receiving any system-limitation request, the interactive gaming system must ensure that all specified limits are correctly implemented immediately or at a specified time (that is, next login, next day, and the like) that was clearly indicated to the player.

   (4)  In cases when system-imposed limitation values (for example, deposit, wager, loss and player session duration) are greater than self-imposed player limit values, the system-imposed limitations must take priority.

     (i)   Players must be provided with an easy and obvious mechanism to self-exclude from game play. The self-exclusion mechanism must provide all of the following functionality:

   (1)  The player must be provided with the option to self-exclude temporarily for a specified period of time as defined in the terms and conditions, or indefinitely.

   (2)  In the case of temporary self-exclusion, the interactive gaming system must ensure that:

     (i)   Immediately upon receiving the self-exclusion order, new bets or deposits are not accepted from that player until the temporary self-exclusion has expired.

     (ii)   During the temporary self-exclusion period, the player is not prevented from withdrawing any or all of his account balance, provided that the interactive gaming system acknowledges that the funds have cleared.

     (iii)   In the case of indefinite self-exclusion, the interactive gaming system must ensure that:

       (A)   The player is paid in full for his account balance, provided that the interactive gaming system acknowledges that the funds have cleared.

       (B)   All player accounts must be closed or deactivated.

 (j)  The interactive gaming system must provide a clear mechanism to advise the player of the right to make a complaint against the interactive gaming certificate holder, interactive gaming operator licensee or another player (that is, when collusion is suspected or when a player is disruptive or abusive).

§ 812.10. Player withdrawals.

 (a)  An interactive gaming certificate holder or interactive gaming operator licensee shall establish protocols for players to withdraw funds, whether an interactive gaming account is open or closed.

 (b)  An interactive gaming certificate holder or interactive gaming operator licensee shall prevent unauthorized withdrawals from an interactive gaming account.

 (c)  Funds may be withdrawn from a player’s interactive gaming account for all of the following:

   (1)  The funding of game play.

   (2)  A cash-out at the cashier’s cage immediately upon player’s request.

   (3)  A cash-out through the issuance of a check from the interactive gaming certificate holder or interactive gaming operator licensee.

   (4)  A cash-out transfer to a player’s reloadable prepaid cash card, which has been verified as being issued to the player and is nontransferable.

   (5)  Adjustments made by the interactive gaming certificate holder or interactive gaming operator licensee following the resolution of disputes provided there is documented notification to the player.

   (6)  Cash-out transfers directly to the player’s individual account with a bank or other financial institution (banking account) provided that the interactive gaming certificate holder or interactive gaming operator licensee verifies the validity of the account with the financial institution.

   (7)  Any other means approved by the Board.

 (d)  An interactive gaming certificate holder or interactive gaming operator licensee may not permit a player to transfer funds to another player.

§ 812.11. Player account statements.

 (a)  At the request of a player, interactive gaming systems must provide an interactive gaming account statement which must include detailed account activity for at least the 6 months preceding the request. In addition, an interactive gaming system must, upon request, be capable of providing a summary statement of all player activity during the past year. Information to be provided on the summary statement must include, at a minimum, all of the following:

   (1)  Deposits to the interactive gaming account.

   (2)  Withdrawals from the interactive gaming account.

   (3)  Win or loss statistics.

   (4)  Beginning and ending account balances.

   (5)  Self-imposed responsible gaming limit history, if applicable.

 (b)  Account statements must be sent to the registered address (e-mail or first class) of the player upon request for the time period specified.

§ 812.12. Suspended accounts.

 (a)  Interactive gaming systems must employ a mechanism to place an interactive gaming account in a suspended mode:

   (1)  When requested by the player for a specified period of time, which may not be less than 72 hours.

   (2)  When required by the Board.

   (3)  When initiated by an interactive gaming certificate holder or interactive gaming operator licensee that has evidence to indicate all of the following:

     (i)   Illegal activity.

     (ii)   A negative player account balance.

     (iii)   A violation of the terms of service has taken place on an authorized registered player’s interactive gaming account.

 (b)  When an interactive gaming account is in a suspended mode, the interactive gaming certificate holder or interactive gaming operator licensee may not remove funds from the account without prior approval from the Board. In addition, the interactive gaming system must do all of the following:

   (1)  Prevent the player from engaging in interactive gaming.

   (2)  Prevent the player from depositing funds.

   (3)  Prevent the player from withdrawing funds from his interactive gaming account, unless the suspended mode was initiated by the player.

   (4)  Prevent the player from making changes to his interactive gaming account.

   (5)  Prevent the removal of the interactive gaming account from the interactive gaming system.

   (6)  Prominently display to the authorized player that the account is in a suspended mode, the restrictions placed on the account and any further course of action needed to remove the suspended mode.

 (c)  An interactive gaming certificate holder or interactive gaming operator licensee shall notify the player by mail (first class or e-mail) whenever his interactive gaming account has been closed or placed in a suspended mode. The notification must include the restrictions placed on the account and any further course of action needed to remove the restriction.

 (d)  A suspended account may be restored:

   (1)  Upon expiration of the time period established by the player.

   (2)  When permission is granted by the Board.

   (3)  When the interactive gaming certificate holder or interactive gaming operator licensee has lifted the suspended status.

§ 812.13. Dormant accounts.

 (a)  An interactive gaming account will be deemed dormant if there is no activity (login, game play, withdrawal, and the like) for 1 year.

 (b)  Interactive gaming certificate holders and interactive gaming operator licensees shall provide notification to the player at the player’s registered address (physical or electronic) if the player’s interactive gaming account remains dormant for 1 year.

 (c)  Funds remaining on deposit in an interactive gaming account which is dormant and for which the player has not requested payment must be abandoned 60 days after the notice in subsection (b) is provided. Interactive gaming certificate holders and interactive gaming operator licensees shall report abandoned funds from dormant accounts in accordance with rules and regulations on abandoned and unclaimed property set forth by the Pennsylvania Treasury, Bureau of Abandoned and Unclaimed Property.

§ 812.14. Use of player data.

 (a)  An interactive gaming certificate holder, interactive gaming operator licensee, or an employee or other person engaged in duties related to the conduct of interactive gaming may not disclose information about the name of a player, or other identifying information.

 (b)  Interactive gaming certificate holders or interactive gaming operator licensees with employees who have direct contact with players by phone, e-mail, electronic chat or other means shall implement training for those employees, at the start of their employment and at regular intervals thereafter, addressing recognition of the nature and symptoms of problem gambling behavior and how to assist players in obtaining information regarding help for a gambling problem and self-exclusion program.



No part of the information on this site may be reproduced for profit or sold for profit.


This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.