N.J. Admin. Code § 13:69O-1.4

Current through Register Vol. 56, No. 21, November 4, 2024
Section 13:69O-1.4 - Internet or mobile gaming system standards and operational controls
(a) An Internet or mobile gaming system shall utilize sufficient security to ensure patron access is appropriately limited to the account holder. Unless otherwise authorized by the Division, security measures shall include at a minimum:
1. A Username;
2. Password of sufficient length and complexity to ensure its effectiveness;
3. Upon account creation the option for users to choose "strong authentication" log in protection; and
4. Electronic notification to the patron's registered e-mail address, cellular phone or other device each time an Internet or mobile gaming account is accessed provided however that a patron may opt out of such notification.
(b) An Internet or mobile gaming system shall be designed with a methodology approved by the Division to ensure secure communications between a client terminal and the Internet or mobile gaming system.
(c) An Internet or mobile gaming system shall be designed to detect and report:
1. Suspicious behavior, such as cheating, theft, embezzlement, collusion, money laundering, or any other illegal activities; and
2. Excluded persons pursuant to 5:12-71, 5:12-71.2, or any person who is prohibited from entering a casino or a casino simulcasting facility pursuant to 5:12-119(a).
(d) Patron account access information shall not be permanently stored on client terminals used with a mobile gaming system. Such information shall be masked after entry, encrypted immediately after entry is complete, and may be temporarily stored or buffered during patron entry provided that the buffer is automatically cleared as follows:
1. After the patron confirms that the account access entry is complete; or
2. If the patron fails to complete the account access entry within one minute.
(e) Unless otherwise approved by the Division, an Internet and mobile gaming system shall associate a patron's account with a single client terminal during each patron session.
(f) Each patron session shall have a unique identifier assigned by the Internet or mobile gaming system.
(g) The Internet and mobile gaming system shall immediately terminate a patron session whenever:
1. Required by the Division or licensee; or
2. The patron ends a session.
(h) Internet and mobile gaming systems shall prevent any patron from wagering or withdrawal activity when sufficient funds are not present in their Internet or mobile gaming account.
(i) Internet and mobile gaming systems shall disable a patron's account after three failed log in attempts and require strong authentication to recover or reset a password or username.
(j) Internet and mobile gaming systems shall employ a mechanism that places an Internet or mobile gaming account in a suspended mode:
1. When requested by the patron for a specified period of time, which shall not be less than 72 hours;
2. When required by the Division;
3. Upon a determination that a patron is a prohibited person; or
4. When initiated by a licensee that has evidence that indicates:
i. Illegal activity;
ii. A negative patron account balance;
iii. After failed ACH deposit attempts pursuant to N.J.A.C. 13:69O-1.3(e); or
iv. A violation of the terms of service has taken place on an authorized patron's Internet or mobile gaming account.
(k) When an Internet or mobile gaming account is in a suspended mode, the system shall:
1. Prevent the patron from wagering;
2. Prevent the patron from depositing funds, unless the deposit is for the purpose of remedying a negative balance;
3. Prevent the patron from withdrawing funds from his or her Internet or mobile gaming account, unless the suspended mode was initiated by the patron;
4. Prevent the patron from making changes to his or her Internet or mobile gaming account;
5. Prevent the removal of the Internet or mobile gaming account from the gaming system; and
6. Prominently display to the authorized patron that the account is in a suspended mode, the restrictions placed on the account, and any further course of action needed to remove the suspended mode.
(l) Unless the suspension was a result of a patron's self-exclusion, a licensee shall notify the Internet or mobile wagering account holder via electronic mail, regular mail, or other method approved by the Division, whenever his or her account has been closed or placed in a suspended mode. Such notification shall include the restrictions placed on the account and any further course of action needed to remove the restriction.
(m) A suspended account may be restored:
1. Upon expiration of the time period established by the patron;
2. When permission is granted by the Division;
3. When the patron is no longer a prohibited person; or
4. When the licensee has lifted the suspended status.
(n) An Internet or mobile gaming system shall be capable of allowing a patron to establish the following responsible gaming limits. Any decrease to these limits shall be effective no later than the patron's next log in. Any increase to these limits shall become effective only after the time period of the previous limit has expired.
1. A deposit limit shall be offered on a daily, weekly, and monthly basis and shall specify the maximum amount of money a patron may deposit into his or her Internet gaming account during a particular period of time.
2. A spend limit shall be offered on a daily, weekly, and monthly basis and shall specify the maximum amount of patron deposits that may be put at risk during a particular period of time.
3. A time-based limit shall be offered on a daily basis and shall specify the maximum amount of time, measured hourly from the patron's log in to log off, a patron may spend playing on an Internet gaming system, provided, however, that if the time-based limit is reached a patron will be permitted to complete any round of play, or active or prepaid tournament.
(o) A monthly report listing the total sum removed from patron accounts pursuant to this subsection shall be filed with the Division by each Internet gaming operator. An Internet gaming operator shall not confiscate any funds from a patron's Internet gaming account unless:
1. The patron has a confirmed chargeback, limited to the amount of the chargeback;
2. By court order;
3. The patron has engaged in cheating, collusion, chip dumping, or other illegitimate gaming activity; or
4. Otherwise approved by the Division.
(p) An Internet or mobile gaming system shall provide a patron with the ability to view the outcome and subsequent account balance changes for the previous game, including a game completed subsequent to an outage (for example, network disconnection or client terminal malfunction).
(q) Manual adjustments by a casino licensee to Internet or mobile gaming data shall only be made by a software application approved by the Division.
(r) When a patron's lifetime deposits exceed $ 2,500, the Internet or mobile gaming system shall immediately prevent any wagering until the patron acknowledges the following:
1. The patron has met the Division's gaming deposit threshold of $ 2,500;
2. The patron has the capability to establish responsible gaming limits or close his or her account; and
3. The availability of 1-800-GAMBLER.
(s) The acknowledgement prescribed in (s)2 and 3 above shall be required on an annual basis thereafter.
(t) Internet gaming operators may utilize celebrity or other players to participate in peer to peer games for advertising or publicity purposes. Such players may have their accounts funded in whole or in part by an Internet gaming operator. An Internet gaming operator may pay a fee to the celebrity player. If a celebrity player is utilized and the celebrity player generates winnings that the Internet gaming operator does not permit the celebrity player to retain, such winnings shall be included as Internet gaming gross revenue in a manner approved by the Division.
(u) An online operator, including an internet gaming operator and an online sports wagering operator, shall be capable of permitting deposits and withdrawals to or from an online account at the premises of the casino or racetrack with whom the online operator is partnered.
1. Whenever a patron requests a withdrawal of $ 500.00 or more, at the racetrack or casino with whom an online operator is partnered, a still image of the patron shall be captured by surveillance or by camera. In addition, the operator shall require the patron to produce identification that satisfies the requirements at N.J.A.C. 13:69D-1.5A. The operator shall retain a copy of the identification.
2. The operator shall be required to maintain the still image and the identification of the patron. Such identification and still image shall be produced upon the demand of the Division, a law enforcement agency, or upon the order of a court of competent jurisdiction.

N.J. Admin. Code § 13:69O-1.4

Amended by 46 N.J.R. 1817(c), effective 8/18/2014.
Amended by 48 N.J.R. 976(c), effective 6/6/2016
Amended by 50 N.J.R. 617(a), effective 1/16/2018
Amended by 51 N.J.R. 1514(b), effective 10/7/2019
Amended by 56 N.J.R. 1182(b), 56 N.J.R. 1198(a), effective 7/1/2024