Taking the Audit Trai

Although Internet gambling keeps growing, some issues that scare away even more customers are yet to be resolved. The customers' main concerns: Are Net gambling sites safe? Honest? Reliable? Are the odds fair? To address such apprehensions, gaming site operators need to reassure players that their sites are legitimate, that the play is honest and that payouts are handled in a timely manner. Among the ways an online gaming site can establish credibility is by having its software tested or audited.

Many new casino operators enter the auditing process with little idea of what to expect. To make matters more confusing, online gambling jurisdictions have varied testing requirements; some have none at all. For example, Global Gaming Services (GGS) Managing Director Steve Toneguzzo points out that some Australian regulators think there's no difference between testing pokies (the Australian term for video poker machines) and Internet betting sites. If regulators are confused, pity the operator launching his first site. So, what should an operator expect to happen during the testing process?

First of all, Toneguzzo encourages his clients to come in during the early stages of development. Although the company doesn't design sites or do development of the sites, GGS, says Toneguzzo, "can do interim audits to prevent them (the client) from going in a costly direction or making a mistake." He terms the process a "pre-compliance audit, which gives the customer an early assurance of the level of compliance with regulation and world's best practice," he added.

Additionally, GGS works with clients to do a risk assessment that checks for vulnerabilities. "We then put together a test plan that is structured and based upon the risk assessment," Toneguzzo said. Typically, the regulator needs to sign-off on the plan.

John Cargnello, CEO of Technical Systems Testing (TST), outlines four steps for testing, although he points out that the approach varies among testing firms. The first step is the submission of the gaming software for evaluation. This is followed by the evaluation of the random number generator (RNG) by a mathematician with expertise in gaming. Since the same RNG is used for all games on the site, it only needs to be evaluated once.

Third, the Internet Gaming System or "back end" that covers all e-commerce applications, such as firewalls, authentication, encryption, account management, financial transaction handling and reporting, is evaluated both in the laboratory and usually on a test site.

Finally, the actual operational website is evaluated. "Obviously, the best logical security in the world can be compromised by poor physical and operational security configuration," Cargnello pointed out.

Once a site passes through the testing and evaluation stage, it's ready for players. Toneguzzo, however, cautions that it's an ongoing process. Even though some regulators don't require subsequent testing, he suggests that a site undergo an evaluation every three months, at the very least to protect the site from vulnerabilities.

Regardless of whether your licensing jurisdiction requires having your site and software audited, it's smart step to take. As many consumer sites warn Net gamblers, it's important to determine where a site is licensed, whether the site has been audited and many other pointers. As Toneguzzo and Cargnello both said, undergoing auditing gives your customers an extra level of comfort.