EN / SV
Strategy

A secure platform

Ensuring maximum cybersecurity is key in providing a reliable service and gaining the trust of customers, regulators and society. By protecting our operating platform and safeguarding customer data, we provide a safe and secure commercial offering to all our markets. We look to continue down that road, with our goal set on providing a digital infrastructure with no exploitable vulnerabilities or compromised player accounts resulting from cyber-attacks to our platform by 2025.  

Target 

By 2025, we aim to achieve no unmitigated exploitable vulnerabilities and no compromised player accounts.

Our 2022 accomplishments
Increased focus on improving our customers’ security
To guarantee the security of our customers’ accounts, a red-team in-house hacking and penetration testing was conducted and the Bug Bounty programme – which incentivises external examination of vulnerabilities in our online platforms – was expanded.
Roll-out of MFA
Customer data integrity measures included the preparation for Multi Factor Authentication (MFA) to establish a roadmap for roll out on several markets in 2023.
Enhanced efforts to prevent ALM
We performed a complete overhaul of anti-money laundering procedures to ensure full compliance and high robustness in of our way of working.

Inviting external testing to ensure the highest standards 

To ensure our cybersecurity meets the highest standards, our key information teams are certified by an accredited third party. More so, our security measures are certified in accordance with international standards across all our main markets. Through our in-house hacking and security system, 25 vulnerabilities was revealed in 2022, two of a critical nature (2021: 77, seven; 2020: 61, two), which we have resolved. 

What we set out to achieve  

We want to prevent all malicious activities against our platform and our players’ accounts to be able to offer enjoyable products with built-in integrity and fairness, maximise trust in our secure platform, and demonstrate resilience and leadership. Our Group Security department implements relevant cybersecurity and information-security policies and strategies in line with external regulations wherever we operate. We maintain our ISO 27001 certification, our CSIRT certification, and comply with all e-commerce account management regulations specific to our markets. 

Management that serves our business 

Our Computer Security Incident Response Team (CSIRT), Network Intrusion Detection System, and Security Operation Centre, has been externally acknowledged, much due to having worked with others in information-security communities, such as trusted-introducer.org and the EGBA Security Expert Group.  

Our production infrastructure continues to develop a way of working that essentially treats all users and resources as potentially suspicious, thereby demanding constant validation of entities or groups for each activity or computing task. We are currently monitoring the latest release of a component of this, ready to implement improvements. 

Customer data integrity 

To provide security and privacy of data for our millions of customers, we have several controls in place in player account security, authentication, validation and protection as well as in e-commerce account management. We ensure that our customers can feel confident in that their accounts on our platform are as secure as their bank accounts. A variety of player-account controls are available to customers, some of which are mandatory, depending on the market. These consist of virtual fingerprinting, Captcha or reused password detection. To further strengthen the security of our customers we will continue to apply multi-factor authentication (MFA) across all brands. 

Anti-money laundering (AML) 

Our ongoing work against money laundering helps safeguard our licences and combat criminal activity. Customers who try to exploit our platform for processing illicitly gained funds, laundering money or funding terrorism are tracked down and suspicious transaction reports are filed with the relevant authority. To mitigate the risk of money laundering we apply customer-identification processes and, where necessary, enhanced investigations to establish the origin of funds. We process tens of millions of online transactions each day but monitor each one to determine any risk and initiate relevant control measure when necessary. 

During 2022 we launched a new AML and responsible gambling compliance framework that has significantly increased the numbers detected and reported to relevant authorities. In 2022, we reported 1537 cases. We also restructured our AML governance arrangements and installed a new monitoring and detection system. The changes allow for stronger connectivity to our responsible gambling programmes, and greater use of a wider range of behavioural and financial triggers.  

Share
https://www.kindredgroup.com/prgkq
COPY
You may also be interested in
Player Safety Early Detection System

Responsible Gambling
Kindred Group office Stockholm lobby

Product Integrity

We use cookies.

Kindred Group uses cookies and related technologies to improve the way our site functions for you as a visitor. A cookie is a text file that is stored on your device. We use these text files for functionality such as to analyse our traffic or to personalised content.
To change your settings or for more details on cookies click on Open settings.

Accept all Open settings Privacy policy

Cookie settings.

Cookies are small text files that are placed on your computer to help us provide you with the best user experience. These cookies contain information which provides anonymised tracking data to third-party applications such as Google Analytics.

Necessary, site experience

These cookies are important to the underlaying operations of the website. Supporting important functionality such as closing and opening the menu and the technical operations of the website to ensure it performs how you would expect. 

Cookie Expiry Purpose Company
.EPiForm_BID 90 days Functionality EpiServer
.EPiForm_VisitorIdentifier 90 days Functionality EpiServer
ARRAffinity  1 session Load balancing  Azure
ASP.NET_SessionId 1 session Functionality Microsoft
ShowMenu  1 session Functionality Local
TiPMix  1 session A/B testing Azure
__RequestVerificationToken 1 session Security Microsoft
__epiXSRF 1 session Security EpiServer
webcast_xxxx 1 week Functionality Local
newsinsights_xxxx 1 week Functionality Local
pressrelease_xxxx 1 week Functionality Local

Statistics, anonymous data collection

These cookies are used to track our visitors across our website. They can be used to build up a profile of search and/or browsing history for every visitor, or to better understand how the user uses the website so that we can improve it. Identifiable or unique data may be collected. Anonymized data may be shared with third parties.

Cookie Expiry Purpose Company
ai_session 1 hour Telemetry  Azure
ai_user 1 year Telemetry  Azure
__cfduid 30 days Security  Cloudflare
_ga 2 years Statistic Google
_gid 24 hours Statistic Google
_gat 1 minute Statistic Google

Marketing, targeted advertisement

These cookies are used by third party to track and collect data to be used in advertisment. They can be used to build up asearch and/or browsing history for every visitor. Identifiable or unique data may be collected.

Cookie Expiry Purpose Company
DSID (.doubleclick.net) 10 years Targeted advertisement Google
Id (.doubleclick.net) 1 session Targeted advertisement Google
Accept all Save settings Privacy policy
Prod