KYC for online gaming (iGaming)

Learn about the KYC requirements that impact the online gaming (iGaming) industry, which includes online sports betting, poker betting, video game betting, and casino gaming.

Image of a card table in a digital casino
Last updated:
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Online gaming (iGaming) includes online sports betting, poker betting, video game betting (eSports), and casino gaming.
  • iGaming operators must comply with both federal and state laws — many of which outline strict KYC and AML requirements.
  • KYC requirements for online gaming include verifying the user's identity, source of funds, and location.

In 2018, the Supreme Court overturned the Professional and Amateur Sports Protection Act of 1992 (PASPA), a law which, until then, had effectively criminalized sports betting in the US — except for in a handful of exempt states. With the law overturned, individual states were allowed to decide whether or not to legalize sports betting within their boundaries.

While online gaming (iGaming) and other forms of internet-based gambling have existed in some form for decades in various jurisdictions, the overturning of PASPA is widely credited with its expansion in the United States.

Still, iGaming remains a highly regulated industry. Online gaming operators must comply with both federal and state laws — many of which outline strict Know Your Customer (KYC) and anti-money laundering (AML) requirements.

Below, we define online gaming, discuss the KYC and AML requirements impacting the industry, and highlight the key challenges associated with compliance.

What is iGaming?

iGaming, also called online gaming, is the act of using the internet to place a bet or wager on the outcome of an event. The term is often used synonymously with online gambling, though different jurisdictions may have different legal definitions for each term.

Online sports betting, poker betting, video game betting (eSports), and casino gaming can all be considered different forms of iGaming.

iGaming can take place via websites or mobile apps — sometimes called online casinos, virtual casinos, online sportsbooks, or virtual sportsbooks. Some of the more popular online gaming apps today include DraftKings, FanDuel, and BetMGM, amongst many others.

KYC, AML, and the iGaming industry

The Bank Secrecy Act of 1970 established the first anti-money laundering laws and regulations in the United States. Though it originally applied to traditional financial institutions such as banks, credit unions, lenders, and insurers, the list of organizations considered “financial institutions” has broadened significantly over time. In 1985, casinos made it onto this list — and, by extension, online gaming operators.

In order to remain compliant with the BSA, online gaming operators must monitor user activity and file various reports when particular activities occur. This includes filing currency transaction reports (CTRs) when a user makes transactions totaling at least $10,000 in a single business day, as well as suspicious activity reports (SARs) when any other activity indicates money laundering or other financial crimes.

Additionally, before allowing users to place bets, online gaming operators must perform customer due diligence (CDD) by verifying the user’s identity — a process known as Know Your Customer (KYC).

KYC requirements for online gaming

In order to comply with various state and federal laws, gambling websites and other online gaming operators must collect certain data to establish a profile and understanding of each of their users.

Verifying the user’s identity

In order to verify a user’s identity, online gaming operators typically collect the user’s name, date of birth, address, and identification number, as well as other information as necessary.

Then, they’ll usually ask the user to take a photo of their government-issued ID, such as a driver’s license or passport. In riskier scenarios, the user may also be asked to take selfies, which will be checked against the ID in order to verify that the ID being used to open the account actually belongs to the person.

During this process, the user’s data can be used to crosscheck various databases and lists to ensure that the individual does not pose the gaming operator a significant amount of risk. This often includes:

Note: Self-exclusion lists are commonly used by individuals who are addicted to gambling. By joining these lists, they make it more difficult for themselves to open online gaming accounts.

Additionally, in many states, certain individuals are barred from participating in online gambling. Individuals employed by a casino or lottery commission, for example, may not be allowed to participate in online casino gambling. Meanwhile, professional athletes and coaches may be barred from participating in online (and in-person) sports betting. Data collected during identity verification can help identify these individuals and prevent them from opening an account.

Verifying the user’s source of funds

In order to ensure that money laundering is not taking place, online gaming operators must verify the user’s source of funds (SoF). This verification can also help the operator identify instances of problem gambling, empowering them to cut off an individual once a certain threshold has been passed.

Source of funds can be verified in different ways. Some common options include income statements or pay stubs. Other options may also include various proofs of wealth, such as:

  • Bank statements
  • Dividend statements
  • Pension/401(k) statements

Source of funds verification is typically carried out during account setup, and then any time the user deposits or withdraws a large sum of money or does anything that may indicate money laundering.

Verifying the user’s location

In addition to verifying a user’s identity and source of funds, online gaming operators must also verify the user’s location — both during initial account setup and any time the user is actively using their services.

Because online gaming is treated differently from state to state and country to country, location verification is required to ensure that the user is physically located within a state in which online gambling is legal. Location verification also has AML implications, as it can help an operator understand whether or not money is coming from a jurisdiction where money laundering is common.

Gaming operators can verify location by collecting digital signals such as the user’s IP address and geolocational data from the user’s device. Likewise, it can be helpful to screen for VPN usage, which may indicate that a user is attempting to access the platform from a location where online gambling may not be legal. Additional documents, such as a utility bill (with the user’s name and address on it), may also be required to establish proof of residence.

Free white paper
See how experts evaluate KYC solutions

Challenges of KYC in the iGaming industry

The primary challenge that the iGaming industry faces in implementing KYC requirements is the same issue all other industries must face: doing so introduces friction to the account creation process. This friction may frustrate some users or cause them to reconsider whether they truly wish to open an account. Therefore, it’s imperative to strike a balance between user experience and KYC/AML compliance.

Additionally, online gaming operators must abide by a patchwork of laws depending on the different jurisdictions in which they operate. This patchwork of state, federal, and international laws and regulations increases the chances that something may go wrong, making it very important to have clear compliance processes in place.

Here at Persona, we understand just how important it is to manage friction. That’s why we’ve designed our verification solution with the end user experience in mind. By using progressive risk segmentation to dynamically adjust friction based on risk signals you observe, your users only have to submit the minimum information required at any one time — whether that be personal data, IDs and supplementary documentation, digital signals, or biometric data. The result is a robust identity verification process that allows you to build a true profile of who your user is, without scaring them away.

Likewise, we’ve designed our identity flows to be flexible and customizable, making it easier for you to adjust by jurisdiction.

Interested in learning more? Start for free or get a demo today.

Published on:

Frequently asked questions

What is gaming compliance?

Gaming compliance is a term used to describe any activities or processes that a gaming operator takes in order to comply with regulations. Usually, the term refers to identity verification (KYC) and anti-money laundering regulations.

Who regulates online gaming?

In the United States, online gambling (along with all other forms of gambling) is largely regulated by individual states. Because of this, there is no single set of laws or regulations that applies to all US states. Individual state legislatures decide:

  • Whether online gambling is allowed
  • The minimum gambling age allowed for online gambling
  • How online gambling will be regulated in the state

In states where online gambling is legal, it is most commonly regulated by the same regulatory body that regulates other forms of gambling within that state, such as the state’s lottery commission or the regulatory body that oversees commercial casinos.

Additionally, though the federal government does not directly regulate gambling, online gambling operators are still subject to certain federal regulations — such as AML regulations, which are overseen by FinCEN.

How do gambling sites verify?

Gambling sites and apps verify their user’s identity, location, and source of funds by collecting a combination of personal information, documents, digital signals, and geolocational data as necessary.

What states allow online gambling?

As of 2022, the following states allow online sports betting in one form or another: Arizona, Arkansas, Colorado, Connecticut, Delaware, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Maryland, Michigan, Mississippi, Montana, Nevada, New Hampshire, New Jersey, New Mexico, New York, Oregon, Pennsylvania, Rhode Island, Tennessee, Virginia, Washington, Washington DC, West Virginia, and Wyoming

As of 2022, online casino gambling is legal in the following states: Connecticut, Delaware, Michigan, Nevada, New Jersey, Pennsylvania, and West Virginia

Continue reading

Continue reading

Minimizing referral fraud while growing your online marketplace
Minimizing referral fraud while growing your online marketplace

Minimizing referral fraud while growing your online marketplace

Learn about common referral fraud schemes and how they can impact your marketplace. Discover strategies for protecting your buyers, sellers, and business.

From fraud to fairness: Leveraging KYC and age verification for online gaming
From fraud to fairness: Leveraging KYC and age verification for online gaming

From fraud to fairness: Leveraging KYC and age verification for online gaming

KYC can help keep online gamers of all ages safe and reduce fraud. Learn how KYC and age verification can benefit your gaming platform.

How to fight ID fraud in a world of generative AI
How to fight ID fraud in a world of generative AI

How to fight ID fraud in a world of generative AI

Learn how generative AI is changing the game when it comes to fake IDs and what you should be mindful of when enhancing your fraud strategy.

The importance of KYC for online gambling

The importance of KYC for online gambling

Learn more about the growing risks for online casinos and gambling apps, the evolving regulatory landscape, and what companies can do to stay compliant.

What is eKYC?

What is eKYC?

Take a look at the different signals that eKYC can take advantage of and review the benefits that eKYC offers both businesses and their customers.

Buyer’s guide to identity verification solutions

Buyer’s guide to identity verification solutions

Learn what to look for in identity verification solutions, how to assess effectiveness and cost, and more.

Ready to get started?

Get in touch or start exploring Persona today.