N.J. Admin. Code § 17:20-12.12 - Website and/or mobile courier service system standards and operational controls

(a) A courier service system shall utilize sufficient security to ensure courier customer access to the courier service system through the courier system's website and mobile application is appropriately limited to the courier customer account holder. Unless otherwise authorized by the Division, security measures shall include at a minimum:

1. A username;

2. Password of sufficient length and complexity to ensure its effectiveness;

3. At a minimum, the option for users to choose "strong authentication" login protection; and

4. Electronic notification to the courier customer's registered e-mail address, cellular phone, or other device each time a website or mobile courier customer account is accessed provided, however, that a courier customer may opt out of such notification.

(b) A courier service system shall be designed with a methodology approved by the Division to ensure there shall be no communications directly between a lottery terminal and the website or mobile courier service.

(c) The courier service system shall be designed to detect and report suspicious behavior by courier customers and courier service employees, such as cheating, theft, embezzlement, collusion, money laundering, or any other illegal activities.

(d) The courier service system shall immediately terminate a courier customer session whenever:

1. Required by the Division;

2. The courier customer ends a session;

3. The courier customer fails any authentication during a courier customer session; or

4. A system error impacts purchasing/transactions.

(e) The courier service system shall employ a mechanism that can detect and prevent any courier customer initiated ticket orders or withdrawal activity that would result in a negative balance of a courier customer account.

(f) The courier service system shall disable a courier customer's account after three failed login attempts and require strong authentication to recover or reset a password or username.

(g) The courier service system shall employ a mechanism that places the courier service customer in a suspended mode:

1. When requested by the courier customer for a specified period of time, which shall not be less than 72 hours;

2. When required by the Division; or

3. When a courier service has evidence that indicates:

i. Illegal activity;

ii. A negative courier customer account balance; or

iii. A courier customer has violated the terms of service of the courier customer's account.

(h) When the courier customer account is in a suspended mode the courier service system shall:

1. Prevent the courier customer from placing orders for tickets;

2. Prevent the courier customer from depositing funds;

3. Prevent the courier customer from withdrawing funds from his or her courier customer account, unless the suspended mode was initiated by the courier customer;

4. Prevent the courier customer from making changes to his or her courier customer account;

5. Prevent the removal of the courier customer account from the courier service system; and

6. Prominently display to the courier customer that the courier customer account is in a suspended mode, the restrictions placed on the account, and any further action that the courier customer may take to remove the suspended mode.

(i) A courier service shall notify the courier customer account holder via electronic mail, regular mail, or other method approved by the Division, whenever his or her account has been closed or placed in a suspended mode. Such notification shall include the restrictions placed on the account and any further course of action needed to remove the restriction.

(j) A suspended account may be restored:

1. Upon expiration of the time period established by the courier customer;

2. When permission is granted by the Division; or

3. When the courier service has lifted the suspended status. A courier service may lift the suspended status only when the suspended status is initially imposed by the courier service. See (g)3 above.

(k) The courier website and mobile application system shall be capable of allowing a courier customer to establish the following responsible gaming limits. Any decrease to these limits shall be effective no later than the courier customer's next login. Any increase to these limits shall become effective only after the time period of the previous limit has expired and the courier customer reaffirms the requested increase.

1. A deposit limit shall be offered on a daily, weekly, and monthly basis and shall specify the maximum amount of money a courier customer may deposit into his or her courier customer account during a particular period of time. Once a courier customer sets his or her daily deposit limit that amount is locked for seven days at that dollar amount.

2. A spend limit shall be offered on a daily, weekly, and monthly basis and shall specify the maximum amount of money a courier customer may spend from the courier customer's account during a particular period of time. Once a courier customer sets his or her daily spend limit that amount is locked for seven days at that dollar amount.

Notes

N.J. Admin. Code § 17:20-12.12

Adopted by 50 N.J.R. 1826(b), effective 8/6/2018