donaghga

Hi Thanks for the welcome, and your response. I'm not sure how you think you can tell that the sending of your documents has been safe; any interception would occur after the email has left your email server and before it hits the casino's. Neither you nor the casino would be aware that it had happened. It is is common for data breaches of any kind to come to light many months, even years after they have occurred. Some never are never made public at all. And remember, rhino.bet themselves acknowledge, in the footer appended to every email that they send out that email is not 100% secure. I'm not sure whether you tried running the NCSC's email checking tool which I referenced in my original post on the domain name of any of your favourite casinos, but I would be very surprised if any of them pass all of checks that would be required of a wholly secure encrypted email channel. The same is likely true for most companies, but most companies are not asking you to send copies of your passport and bank statements & proof of address - exactly the documents any fraudster would require to, for example, open an account in your name. To answer your question, rhino.bet do not have a live chat feature at all, nor do they publish a phone number. Email is the only means of communication that they offer - and it has been more than a month that they haven't responded to my most recent mail to them. With apologies for getting all wonky on you, Article 32 of GDPR requires "1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including [...] (b)the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; [...]" and "2. In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed." The reason that people usually don't need to worry too much about these risks is the sheer volume of email sent every day: literally hundreds of billions by some estimates (only 40% of which is spam!). Those who might want to make illicit gain from intercepting emails are looking for a needle in a haystack. However, if it is known that a single company is receiving a large volume of valuable documents to a single email domain, the hacker/fraudster's is suddenly looking for hay in a haystack - they could be confident of finding what they are looking for every time and it becomes worthwhile to expend the effort. I raised this with the ICO already and they have written to rhino.bet (or will soon be doing so) "regarding their use of email for the purposes of identity and financial verification," but as you rightly point out, the problem is much wider that just rhino.bet. I opened this forum topic about this casino, because of their acknowledgement of the issue in their emails, even as they ask users to email them sensitive documents (and also because they are withholding £180 of my funds until I comply with their request!). I have raised the issue with every casino that has asked me to provide docs by email, and they all consistently claim that there is nothing to worry about; this was the first time I have come across where at least someone at the casino seems to understand the risks of unencrypted email, even if it is just the guy that writes the corporate email footers! It would not be costly for each casino to create a secure facility where documents can be uploaded directly to their servers, without having to pass through an unpredictable set of intermediary mail servers on their way there ; the fact that many casinos have not often results in users being put in the difficult position of having to choose between their personal data security and gaining access to money that is rightfully theirs, but which is being held in their casino account, pending the delivery of documents.

Hi I was wondering whether any other AG members have encountered the following with Rhino,bet. When I got to the stage where they wanted to see some verification documents, they sent me an email , requesting that I reply to the same email address with the documents attached. I do not normally send any sensitive documents via unencrypted email over the open internet, as this is not a sufficiently secure delivery mechanism, so I replied to ask whether they offered the facility to upload my documents directly to the casino's servers. They replied to say that they do not off this, but that I should not worry about it, as they assured me that sending the documents via email was perfectly safe. The funny thing is that both of the emails they sent me contained the following statement after the signature line: "Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us." I wrote again, asking them to explain which of their 2 contradictory statements was correct: is email completely safe, or is it not, and they replied to say that it is perfectly safe, but... you guessed it! ... that email also contained the same Security Warning in its footer. The Security Warning in the footer of every email sent by rhino.bet is the correct statement, of course. Unencrypted email over the internet can easily be intercepted and therefore risks with using email to send sensitive documents such as bank statements, or photos of your passport, etc. Anyone can check the level of encryption implemented by any email domain by using the National Cyber Security Centre's (NCSC) email checking service (https://emailsecuritycheck.service.ncsc.gov.uk/check) and I provided their report to rhino.bet support. Have any other users noticed this inconsistency in directions from Rhino.bet? If so, how have you handled it?

Hello, fellow AG members, I have just had an odd experience at TonyBet.co.uk which I am surprised not to have seen reported by any other player and so I thought I would run it by everyone here to see if my experience was unusual. It is not a complaint about the casino: I think that they have a great platform, but they do seem to have a unique and interesting way of applying loss limits. I opened an account at tonybet.co.uk a few days ago and set a monthly loss limit of £1000 and a monthly deposit limit of £1500. I made a cautious initial deposit of £15, so I could have a low-risk poke around at their games. I played this through on a few slot titles and lost it. The next day, I deposited £200 and began playing on some of my favourite slots. Before long I had got my balance up to £1200. Yay for me! I submitted a withdrawal request for £1,000 and carried on playing with the remaining £200. After another couple of hours, my balance had reached over £615. I tried to play a £4 spin on a game from Elk Studios and received a message saying that the bet could not be placed, because I had reached one of my limits. I checked their the Responsible Gambling tab on my account page. This does not show the value of the limit that is currently set, but it does show the remaining amount I could lose before hitting each limit and, sure enough, under the loss limit tab it said that I had just £3.77 remaining before I would hit my limit, which would reset in just under 1 month's time. The description of Loss Limit on that same tab states: “"Loss limit is calculated by taking all your spends on gambling minus the winnings,” which I consider to be pretty accurate description of what most people would think of as “loss”. Under that description, however, I was £1400 in profit after these 2 sessions of play and I would have to lose £2,400 before I would hit my loss limit, not just the £3.77 that the casino had calculated. I contacted their live chat support to report the issue. In that initial support contact, and in further communications over the next couple of days with 3 further support staff at TonyBet.co.uk by chat or email, I received the same explanation: that the "loss limit on our platform is calculated as wagering,” and if you have “a loss limit of 100 GBP and will place bets of a total of 100 GBP, you would hit the loss limits threshold”; they maintained that the casino’s calculation of my loss is therefore correct, since I had wagered £3.77 less than my £1000 limit. This means that 4 different support representatives have each confirmed that TonyBet calculate loss simply by totalling the amounts that you have wagered; any winnings/returns from those wagers are not considered. Wagered = Lost, irrespective of the actual outcome. Things got even stranger than that. Tonybet.co.uk also has a tab in the RG pages of my account titled “Spend (Wagering) Limit”. The definition given there says “This option allows you to set the limit on the amount you can wager per selected time period.” Again, this sounds like a pretty good description of a spend or wagering limit. It also matches the description that 4 support representatives just gave me for loss limit. I asked a couple of the agents to explain the difference between loss limits and spend limits. Both of them replied giving the exact descriptions I quoted above from the RG page, even though this contradicted the explanation of loss limit that they had each given me moments before. Believing that I was making some progress, I asked each of these 2 representatives to confirm the total value of my deposits (£215), the total amount I had withdrawn (£1000) and my current balance (£615) and the level of my loss limit (£1000). Both agents confirmed all 4 numbers. I then asked that they use those number to calculate how much I had lost and they both responded in the same bizarre way: they said that they are not able to give out such personal information via chat and if I wanted to see those numbers, I would have to raise a Data Subject Access Request under GDPR and wait until up to 1 month for the casino to deliver the data, as prescribed by the legislation. They each then appeared to be in a rush to end the chat. At this point, I daresay that I have stretched the credulity of the AG moderators, who assume that I must be mistaken or lying, but I have the chat transcripts & emails for each interaction, which proceeded exactly as I have describe above. I will happily provide these. I emphasise again that I did not really want to raise this as a complaint, because I have otherwise had a very positive experience on this casino: they have a pretty great offering, and I am obviously delighted to have such a win on my first real session of play on their site. I also appreciated their insistence on up-front ID verification before I was able to gamble, as it meant that there were less hoops to jump through when i came to make my first withdrawal. It just struck me as odd that I could find no mention of this bizarre treatment of losses/loss limits anywhere online and I wanted to see whether my experience was typical. I also thought that other new users to Tonybet.co.uk should be made aware of the unusual methodology for calculating loss and should take this into account when deciding what loss limits to set for themselves.