Why player protection remains essential beyond Safer Gambling Week
Our Sustainability Manager, Liesbeth Oost, highlights why Aspire Global is eager to build momentum in promoting safer gambling to players worldwide f...
Providing a safe digital environment is alongside responsible gambling one of the most important aspects when it comes to the user experience. If players don’t feel safe on the platform, they simply won’t return. Providing a safe digital environment is about ensuring the highest standard of system and data security as well as a reliable, fair and transparent gambling product free from betting-related corruption.
Aspire Global’s entertainment products are offered via state-of-the-art technology, which gives us the flexibility and scalability to grow. Given the scope and quantity of transactions we handle, cybersecurity is one of our top focus areas. Our security team is committed to implementing a certified information security (“InfoSec”) management system that meets the International Organization for Standardization (“ISO”) ISO27001:2013 framework and complies with all federal, state and international regulatory standards. Aspire Global’s information security strategy is built on industry- known frameworks such as ISO 27001, focused on the optimization of security processes across all our operations and protecting the most critical processes and information. The company’s holistic controls framework includes mechanisms to protect, detect, react to and monitor any threats and attacks to the business.
The main areas to ensure a safe digital environment from a player perspective are integrity, payment solutions, cybersecurity and fraud prevention. Regulations in these areas are very strict and the main focus is to comply with the complex framework and keep partners up to date on changes. When it comes to detecting internal problems, there is a whistleblower function, where employees can directly and anonymously inform the CEO.
To proactively strengthen our information security, we:
In addition to compliance with ISO frameworks, the company abides by PCI DSS (Payment Card Industry Data Security Standard), an information security standard that handles branded credit cards from major card companies and recognised as the industry’s higher level of payment card information security.
Aspire Global maintains a culture of security pervasive throughout the organization, aligning people and practices with the security strategy. The efficiency of various technical information security controls is based on the people who interact with the information every day. Aspire Global’s information security culture aims to protect information assets through best practices in the organization to influence employees’ security behavior. All employees participate in annual virtual or in-person formal information security training on the topics of data sharing, GDPR and data privacy, strong authentication, phishing and social engineering. Developers receive additional training on OWASP top 10 and SSLDC. In 2020 and 2021, extra virtual training was provided on the topics of information security when working from home and secure internet access. In addition, the Information Security Manager performs regular phishing campaigns to test user awareness. Aspire Global maintains a role base access control (RABC) method to restrict network or system access based on the role of individual users within the Company. RBAC gives employees access rights only to the information they need to perform their jobs and prevents them from accessing information that does not pertain to them, enforcing the principles of “least privilege” and “need to know.”
Data protection is managed by a designated Data Protection Officer (DPO) responsible for compliance. This work is based on an extensive review of operations, current contracts and other arrangements for sharing data with partners, suppliers and partners, as well as internal procedures to safeguard protections before sharing personal data. Aspire Global complies with the European General Data Protection Regulation (GDPR) and annual GDPR training is mandatory for all employees.
Cybersecurity is about protecting the platform from potential attacks, viruses or espionage. Aspire Global regularly conducts controls, analyses tests and implements innovative tools to further increase security. Aspire Global also engages test labs, which conduct penetration tests of various brands to identify potential vulnerabilities before they are exposed and abused. Aspire Global materially invested in the security of our tech department located in Kiev to ensure capacity for future growth.
Aspire Global has a strict policy on Anti-Money Laundering (AML). The Company is committed to allocate and use resources to detect, report and block any activity which may be considered as money laundering as well as to combat the financing of any criminal or terrorist act or the use of proceeds of crime. This complies with all applicable obligations in relation to AML and Counter Terrorism Financing (CTF) rules. End users are identified through various automated Know Your Customer (KYC) processes at the point of registration (depending on the country of registration). We interact with end users on an ongoing basis to monitor the
account, transactional activity and understand the player profile, tailoring appropriate controls by using a risk-based approach. All active players are screened on an ongoing basis against a sanctions and PEP database. Aspire Global monitors AML and CTF indicators alongside investigating any instances where the perpetrator may be seeking to shift the ownership of funds to a third party rather than engaging in legitimate gameplay. Where we suspect, or have reasonable grounds to suspect, that funds are the proceeds of criminal activity, we will disclose the information to the Financial Authority, as applicable per jurisdiction. We have escalation channels set up for employees to report any unusual activity, which may give rise to any knowledge or suspicion of money laundering and/or the funding of terrorism, to the Money Laundering Reporting Officer (MLRO).
Detection via automated rules within the management system
Verification in conjunction with the pay-out section and customer service department
Investigation by Aspire Global’s fraud section
Actions and sanctions to quickly and accurately detect suspicious and fraudulent behavioural patterns
Aspire Global has a highly secure fraud prevention scheme with constant payment analysis. All transactional and player betting activity is screened against a transaction monitoring database to ensure that we maintain oversight of suspicious activity that could be diluted with the daily game flow conducted by legitimate players who gamble for fun. While we focus on protecting our operation from fraudulent transactions, our main driver is to prevent that proceeds of crime or terrorist financing are channeled through our gambling platforms. Fraud and risk management are handled according to an established and efficient protocol that includes four main processes.
Aspire Global operates a regular training program for employees on how to identify a money laundering or terrorist financing attempt, including our responsibilities and actions towards its prevention. This to ensure that all employees understand the company’s internal reporting procedure. In case of a suspected money laundering or terrorist financing activity, a report is lodged to the MLRO.
The sourcing of services and products is regulated by various principles and requirements to protect the interests of the stakeholders in question, whether it is the environment, local communities, the gaming industry as a whole or individuals who are accidentally exposed to the offering. Choosing reliable suppliers requires building and maintaining trust in the Company – as a provider of safe entertainment, as a professional employer, as a sustainable investment and as a reliable license holder. Suppliers pledge to abide by the contract and related policies, and in the event that Aspire Global becomes aware of any intentional breach of contract, the cooperation is immediately discontinued.
Integrate and create further synergies in Group level Information and Cybersecurity.
Focus to align Group security culture and information security awareness.
Ensure the highest standard of system and data security as well as a reliable, fair and transparent gambling product free from betting -related corruption.