A Carbon Neutral Company
Aspire Global is a carbon-neutral company that is determined to clean up the plant and promote sustainability. Having achieved carbon-neutral ...
Providing a safe digital environment is alongside responsible gambling one of the most important aspects when it comes to the user experience. If players don’t feel safe on the platform, they simply won’t return. Providing a safe digital environment is about ensuring the highest standard of system and data security as well as a reliable, fair and transparent gambling product free from betting-related corruption.
Aspire Global’s entertainment products are offered via state-of-the-art technology, which gives us the flexibility and scalability to grow. Given the scope and quantity of transactions we handle, cybersecurity is one of our top focus areas. Our security team is committed to implementing a certified information security (“InfoSec”) management system that meets the International Organization for Standardization (“ISO”) ISO27001:2013 framework and complies with all federal, state and international regulatory standards. Aspire Global’s information security strategy is built on industry- known frameworks such as ISO 27001, focused on the optimization of security processes across all our operations and protecting the most critical processes and information. The company’s holistic controls framework includes mechanisms to protect, detect, react to and monitor any threats and attacks to the business.
The main areas to ensure a safe digital environment from a player perspective are integrity, payment solutions, cybersecurity and fraud prevention. Regulations in these areas are very strict and the main focus is to comply with the complex framework and keep partners up to date on changes. When it comes to detecting internal problems, there is a whistleblower function, where employees can directly and anonymously inform the CEO.
To proactively strengthen our information security, we:
In addition to compliance with ISO frameworks, the company abides by PCI DSS (Payment Card Industry Data Security Standard), an information security standard that handles branded credit cards from major card companies and recognised as the industry’s higher level of payment card information security.
Aspire Global maintains a culture of security pervasive throughout the organization, aligning people and practices with the security strategy. The efficiency of various technical information security controls is based on the people who interact with the information every day. Aspire Global’s information security culture aims to protect information assets through best practices in the organization to influence employees’ security behavior.
All employees participate in annual virtual or in-person formal information security training on the topics of data sharing, GDPR and data privacy, strong authentication, phishing and social engineering. Developers receive additional training on OWASP top 10 and SSLDC. In 2020, extra virtual training was provided on the topics of information security when working from home and secure internet access. In addition, the Information Security Manager has a regular phishing campaign to test user awareness. Aspire Global maintains a role base access control (RABC) method to restrict network or system access based on the role of individual users within the company. RBAC gives employees access rights only to the information they need to perform their jobs and prevents them from accessing information that does not pertain to them, enforcing the principles of “least privilege” and “need to know.” Using granular permission management gives complete control over what a user (or group) can see, change or delete.
Data protection is managed by a designated Data Protection Officer (DPO) responsible for compliance. This work is based on an extensive review of operations, current contracts and other arrangements for sharing data with partners, suppliers and partners, as well as internal procedures to safeguard protections before sharing personal data. Aspire Global was compliant with the European General Data Protection Regulation (GDPR) when it entered into force in May 2018 and monitors any changes in GDPR regulations to ensure that we remain compliant. All employees attend GDPR training annually.
Cybersecurity is about protecting the platform from potential attacks, viruses or espionage. Aspire Global regularly conducts controls, analyses tests and implements innovative tools to further increase security. Aspire Global also engages test labs, which conduct penetration tests of various brands to identify potential vulnerabilities before they are exposed and abused. Aspire Global materially invested in the tech department located in Kiev to ensure capacity for future growth. Two types of tests are conducted on web applications, integrations with other platforms (APIs) and core infrastructure to expose risks: vulnerability tests and penetration tests. Vulnerability tests search the systems for known vulnerabilities through automatic scans. Regulators require them, as do various certification bodies. Penetration tests on the other hand attempt to actively exploit weaknesses in an environment. They are performed manually and require various levels of external expertise.
Aspire Global has a strict policy on AML (Anti-Money Laundering). We are committed to allocate and use our resources to detect, report and block any activity which may be considered as money laundering as well as in combating the financing of any criminal or terrorist act or the use of proceeds of crime. This complies with all applicable obligations in relation to AML and CTF (Counter terrorism financing) rules. End users are identified through various automated KYC (Know Your Customer) processes at the point of registration (depending on the country of registration). Aspire Global interacts with players on an ongoing basis to monitor the account, transactional activity and understand the player profile, tailoring appropriate controls by using a risk-based approach. All active players are screened on an ongoing basis against a sanctions and PEP database. Aspire Global monitors ML and TF indicators alongside investigating any instances where the perpetrator may be seeking to shift the ownership of funds to a third party rather than engaging in legitimate gameplay. Where we suspect, or have reasonable grounds to suspect, that funds are the proceeds of criminal activity, we will disclose the information to the FIAU in Malta, the NCA in the UK or the FIPO in Sweden, as applicable. We have escalation channels set up for employees to report any unusual activity, which may give rise to any knowledge or suspicion of money laundering and/ or the funding of terrorism, to the MLRO.
Detection via automated rules within the management system
Verification in conjunction with the pay-out section and customer service department
Investigation by Aspire Global’s fraud section
Actions and sanctions to quickly and accurately detect suspicious and fraudulent behavioural patterns
Aspire Global has a highly secure fraud prevention scheme with constant payment analysis. All transactional and player betting activity is screened against a transaction monitoring database to ensure that we maintain oversight of suspicious activity that could be diluted with the daily game flow conducted by legitimate players who gamble for fun. While we focus on protecting our operation from fraudulent transactions, our main driver is to prevent that proceeds of crime or terrorist financing are channeled through our gambling platforms. Fraud and risk management are handled according to an established and efficient protocol that includes four main processes.
Aspire Global operates a regular training program for employees on how to identify a money laundering or terrorist financing attempt, including our responsibilities and actions towards its prevention. This to ensure that all employees understand the company’s internal reporting procedure. In case of a suspected money laundering or terrorist financing activity, a report is lodged to the MLRO.
Aspire has a number of external suppliers that provide products or services related to various aspects of operations. This includes the offering, such as game content, payment solutions or digital campaigns, or could relate to operations, such as office maintenance, server capacity or advisory. In either case, the sourcing of these services and products is regulated by various principles and requirements to protect the interests of the stakeholders in question, whether it is the environment, local communities, the gaming industry as a whole or individuals who are accidentally exposed to the offering. Choosing reliable suppliers requires building and maintaining trust in the company – as a provider of safe entertainment, as a professional employer, as a sustainable investment and a reliable license holder. Objective criteria such as quantitative key performance indicators (KPIs), transparent contractual conditions, long-term relationships aimed at short-term cost savings, and regular evaluations based on measurable indicators and active dialogue are the four principles that ensure a sound and sustainable sourcing process. Suppliers pledge to abide by the contract and related policies, and in the event that Aspire Global becomes aware of any intentional breach of contract, the cooperation is immediately discontinued. It is up to each department to ensure that sourced products and services comply with the relevant frameworks.
Implement a certified information security management system (ISO 27001) for all Aspire Global entitles, operating under a single user of governing security policies, procedures and guidelines.
Enhance SOC service to remediate advanced cyber threats across on-premises networks, public cloud environments, Sass applications and endpoints.
Ensure the highest standard of system and data security as well as a reliable, fair and transparent gambling product free from betting -related corruption.