Ensuring maximum cybersecurity is key in providing a reliable service and gaining the trust of customers, regulators and society. By protecting our operating platform and safeguarding customer data, we provide a safe and secure commercial offering to all our markets. We look to continue down that road, with our goal set on providing a digital infrastructure with no exploitable vulnerabilities or compromised player accounts resulting from cyber-attacks to our platform by 2025.
By 2025, we aim to achieve no unmitigated exploitable vulnerabilities and no compromised player accounts.
Inviting external testing to ensure the highest standards
To ensure our cybersecurity meets the highest standards, our key information teams are certified by an accredited third party. More so, our security measures are certified in accordance with international standards across all our main markets. Through our in-house hacking and security system, 25 vulnerabilities was revealed in 2022, two of a critical nature (2021: 77, seven; 2020: 61, two), which we have resolved.
What we set out to achieve
We want to prevent all malicious activities against our platform and our players’ accounts to be able to offer enjoyable products with built-in integrity and fairness, maximise trust in our secure platform, and demonstrate resilience and leadership. Our Group Security department implements relevant cybersecurity and information-security policies and strategies in line with external regulations wherever we operate. We maintain our ISO 27001 certification, our CSIRT certification, and comply with all e-commerce account management regulations specific to our markets.
Management that serves our business
Our Computer Security Incident Response Team (CSIRT), Network Intrusion Detection System, and Security Operation Centre, has been externally acknowledged, much due to having worked with others in information-security communities, such as trusted-introducer.org and the EGBA Security Expert Group.
Our production infrastructure continues to develop a way of working that essentially treats all users and resources as potentially suspicious, thereby demanding constant validation of entities or groups for each activity or computing task. We are currently monitoring the latest release of a component of this, ready to implement improvements.
Customer data integrity
To provide security and privacy of data for our millions of customers, we have several controls in place in player account security, authentication, validation and protection as well as in e-commerce account management. We ensure that our customers can feel confident in that their accounts on our platform are as secure as their bank accounts. A variety of player-account controls are available to customers, some of which are mandatory, depending on the market. These consist of virtual fingerprinting, Captcha or reused password detection. To further strengthen the security of our customers we will continue to apply multi-factor authentication (MFA) across all brands.
Anti-money laundering (AML)
Our ongoing work against money laundering helps safeguard our licences and combat criminal activity. Customers who try to exploit our platform for processing illicitly gained funds, laundering money or funding terrorism are tracked down and suspicious transaction reports are filed with the relevant authority. To mitigate the risk of money laundering we apply customer-identification processes and, where necessary, enhanced investigations to establish the origin of funds. We process tens of millions of online transactions each day but monitor each one to determine any risk and initiate relevant control measure when necessary.
During 2022 we launched a new AML and responsible gambling compliance framework that has significantly increased the numbers detected and reported to relevant authorities. In 2022, we reported 1537 cases. We also restructured our AML governance arrangements and installed a new monitoring and detection system. The changes allow for stronger connectivity to our responsible gambling programmes, and greater use of a wider range of behavioural and financial triggers.