C.M.R. 16, 633, ch. 60 - SPORTS WAGERING ACCOUNTS

1. The following applies only to mobile sports wagering conducted via an individual's sports wagering account:

All sports wagering systems authorized by this chapter shall be designed to ensure the integrity and confidentiality of all patron communications and ensure the proper identification of the sender and receiver of all communications. If communications are performed across a public or third-party network, the system shall either encrypt the data packets or utilize a secure communications protocol to ensure the integrity and confidentiality of the transmission.

2. A sports wagering system shall provide a mechanism for the Director to query and export all sports wagering system data in a format required by the Director.

3. System specifications and sports wagering system logging requirements shall include all information required by the internal controls.

4. Mobile sports wagering shall be made by patrons who have established a sports wagering account.

5. In order to establish a sports wagering account, an operator or management services provider shall:

A. Create an electronic patron file, which shall include at a minimum:

(1) Patron's legal name;

(2) Patron's date of birth;

(3) Entire or last four digits of the patron's social security number or equivalent for a foreign patron such as a passport number or taxpayer identification number;

(4) Patron's mobile sports wagering account number;

(5) Patron's residential address (a post office box is not acceptable);

(6) Patron's electronic mail address;

(7) Patron's telephone number;

(8) Any other information collected from the patron used to verify his or her identity;

(9) The method used to verify the patron's identity; and

(10) Date of verification.

B. Encrypt all of the following information contained in an electronic patron file:

(1) Patron's social security number or equivalent for a foreign patron such as a passport number or taxpayer identification number;

(2) Patron's passwords and/or PINs; and

(3) Credit or debit card numbers, bank account numbers, or other personal financial information.

C. Verify the patron's identity in accordance with the document number of the government issued credential examined or other methodology for remote multi-sourced authentication, which may include third-party and governmental databases, as approved by the Director.

D. Require the patron to establish a password and multi-factor authentication or other access security feature as approved by the Director and advise the patron of the ability to utilize "strong authentication" login protection;

E. Verify that the patron is 21 years old or older, not on the unauthorized list, or otherwise prohibited from participation in sports wagering;

F. Record the patron's acceptance of the operator's terms and conditions to participate in wagering through the mobile application or any authorized digital system accepting wagers online;

G. Record the patron's certification that the information provided to the operator by the individual who registered is accurate;

H. Record the patron's acknowledgement that the legal age for sports wagering is 21, and that he or she is prohibited from allowing any other person to access or use his or her sports wagering account and will be placed on the involuntary list of excluded patrons, if found in violation of this paragraph; and

I. Notify the patron of the establishment of the account via electronic mail or regular mail.

6. A patron shall have only one sports wagering account for each operator or management services provider. Each sports wagering account shall be:

A. Non-transferable;

B. Unique to the patron who establishes the account; and

C. Distinct from any other account number that the patron may have established with the operator.

D. The operator shall implement procedures to terminate all accounts of any patron that establishes or seeks to establish more than one account, whether directly or by use of another person as proxy. The operator shall also implement capabilities to detect and prevent proxy wagering from occurring on the sports wagering system.

7. A patron's sports wagering account for mobile sports wagers may be funded using:

A. A patron's deposit account;

B. A patron's deposit of cash or gaming chips at a facility lounge;

C. Promotional or bonus credit;

D. Winnings;

E. Adjustments made by the operator with documented notification to the patron; or

F. Any other means approved by the Director.

8. An operator or management services provider shall not permit a patron to transfer funds to another patron.

9. Sports wagering operators shall establish the minimum and maximum wager a patron may make on a single sports bet.

10. All adjustments to sports wagering accounts for amounts of $250.00 or under shall be periodically reviewed by audit personnel. All adjustments over $250.00 shall be authorized by supervisory personnel prior to being entered and such activity shall be reported to the Director monthly.

11. An operator's sports wagering system must employ a mechanism that can detect and prevent any wagering or withdrawal activity by a patron that would result in a negative balance in that patron's account.

12. A process to provide patrons with information about their play. This includes history, money spent, games played, net wins/losses, limits history, and any other relevant information.

13. A process to provide patrons with updates during play about time and money spent and account balances in cash.

14. Providing credit to patron sports wagering accounts is strictly prohibited.

15. Sports wagering systems shall require a patron after fifteen minutes of user inactivity, as measured by the electronic wagering system, to re-enter his or her username and password manually or through biometric authentication, or any other method approved by the Department.

16. An operator's sports wagering system shall provide an account statement with account details to a patron on demand, which shall include detailed account activity for at least the six months preceding 24 hours prior to the request. In addition, an operator's sports wagering system shall, upon request, be capable of providing a summary statement of all patron activity during the past year.

17. The operator shall have specific measures in place to protect their patrons during certain "high risk transactions" on their account, where there is an increased susceptibility to fraud schemes such as bonus abuse, account takeover, payment fraud, or friendly fraud / first party fraud. These high-risk transactions shall be mitigated using biometrics, device fingerprinting, location intelligence and/or other fraud detection techniques. These "high risk transactions" include:

A. Modification of contact information;

B. Addition of a new funding method or modification of an existing funding method;

C. Addition or modification of a withdrawal method;

D. Withdrawal of a certain amount, however this threshold can be raised for specific patrons, provided the operator utilizes analytical tools determining an individual patron's transactional behavior and establish "high-risk" threshold on an individual basis based on historical activity; and

E. Activity from an OFAC restricted region.

18. An operator shall maintain a segregated account separate from all other operating accounts to ensure the security of funds held in patron sports wagering accounts. The balance maintained in the segregated account shall be greater than or equal to the sum of the daily ending cashable balance of all patron sports wagering accounts, funds on game, and pending withdrawals. An operator shall have unfettered access to all patron sports wagering account and transaction data to ensure the amount held in its independent account is sufficient. The operator shall file a monthly attestation with the Director that the funds have been safeguarded pursuant to this subsection.

19. An operator or management services provider shall periodically re-verify a patron's identification upon reasonable suspicion that the patron's identification has been compromised.

20. A mobile sports wagering system shall provide a conspicuous and readily accessible method for a patron to close his or her account through the account management or similar page. Any balance remaining in a patron's sports wagering account closed by a patron shall be refunded pursuant to the operator's approved internal controls.

21. Operators shall obtain a bond in the amount of Five Hundred Thousand Dollars ($500,000.00) in order to conduct sports wagering in the State of Maine. The bond will be used to fund the reserve. The company issuing the bond shall be financially rated "A" or better by a nationally recognized rating agency and duly licensed, admitted, and authorized to transact business in the State of Maine. Operators shall provide the original bond to the Director. The bond shall be renewable annually and shall list the Director as oblige of the bond. The bond may not be cancelled without prior approval from the Director.

22. Operators shall also maintain a reserve in the form of cash, cash equivalents, irrevocable letter of credit, in addition to the above-referenced bond, of not less than the amount necessary to ensure the ability to cover the outstanding liability related to the sports wagering accounts.

23. The outstanding liability of sports wagering accounts shall be the sum of the following amounts:

A. Amounts held by the operator for sports wagering accounts:

B. Aggregate amounts accepted by the operator as wagers on sports events with outcomes that have not been determined; and

C. Amounts owed but unpaid by the operator on winning wagers.

24. Operators must receive Director approval to remove, release, or withdraw funds that are held in the reserve account that are in excess of the operator's reserve requirement.

25. Operators shall calculate their reserve requirements each day. In the event an operator determines that its reserve is not sufficient to cover the calculated requirement, the operator, within twenty-four (24) hours, must notify the Unit auditor assigned to sports wagering activity of this occurrence and indicate the steps the operator has taken to remedy any deficiency. All reserve funds must be held with a financial institution that is federally insured by the FDIC or NCUA and lawfully operating in Maine.

26. The sports wagering system shall have access to reporting, analytics, and automation capabilities to ensure ongoing prevention and reporting of fraudulent activities, including but not limited to:

A. Real time monitoring tools and recurring reports detecting all fraud types including bonus abuse, identity theft, account takeover, bot abuse, fraudulent chargebacks, payment fraud and collusion;

B. Recurring reports focused on patron analytics at the following levels: device, account, and location;

C. Detection and cessation of organized fraud groups, fraud rings;

D. Provide link analysis between locations, accounts and devices;

E. Prevent the victimization of genuine individuals;

F. Identify and mitigate locations that are deemed high risk, eg. and/or where rapid account creation is identified and occurring; suspicious activity, fraud rings, etc.;

G. Suspend devices and accounts when deemed highly suspicious;

H. Suspicious Activity Report (SARs);

I. Prior to conducting internet/mobile gaming, internet/mobile sports wagering or establishing an account, the operator shall develop and implement a policy for the handling of patrons discovered to be using an account in a fraudulent manner, that includes but is not limited to:

(1) The maintenance of information about any patron's activity, such that if fraudulent activity is detected the regulatory authority and/or law enforcement has all of the necessary information to investigate and take appropriate action;

(2) The suspension process for any account discovered to be providing access to fraudulent patrons; and

(3) The treatment of deposits, wagers, and wins associated with a fraudulent account.

27. A sports wagering account shall be suspended under the following conditions:

A. When requested by the patron for a specified period of time, which must not be less than seventy-two hours;

B. When required by the Director;

C. When an operator determines that the patron is a prohibited sports wagering participant; or

D. When an operator has evidence that indicates that the account has been used for illegal activity; that the account has a negative balance; or that the patron has violated the account's terms and conditions.

28. When a sports wagering account is suspended, the operator must do all of the following:

A. Prevent the patron from placing sports wagers;

B. Prevent the patron from depositing funds unless the account is suspended due to having a negative balance, but only to the extent the account balance is brought back to zero dollars;

C. Prevent the patron from withdrawing funds from their account, unless the operator determines that the funds have cleared, and that the reason(s) for suspension would not prohibit a withdrawal;

D. Prevent the patron from making changes to their account;

E. Prevent the patron from permanently closing their account; and

F. Prominently display to the patron that their account is suspended, the restrictions placed on their account, and any further course of action needed to lift the suspension.

29. An account suspension may be lifted for any of the following reasons:

A. Upon expiration of the time period established by the patron;

B. If authorized by the Director;

C. When the patron is no longer a prohibited sports wagering participant; or

D. When the operator has investigated the evidence of illegal activity, a negative account balance, or a violation of the account's terms and conditions, and determined that the suspension should be lifted.

Notes

C.M.R. 16, 633, ch. 60

EFFECTIVE DATE:
10/29/2023 - filing 2023-207