Tiltproof Incorporated

Communicating With Third Party Security Teams

Document No. Effective Date Revision Date Approval

1/17/2008 1/24/2008 SM

1.0 Purpose:

This document establishes how to communicate with third party security teams and the information that can be released.

2.0 Persons Affected:

1) Fraud Analysts

3.0 Forms, Checklists, Flowchart:

1) Printable version: \\tpfs1nw\workflow$\HANDBOOK-FRAUD\Print Versions\Fraud Handbook\Communicating With Third Party Security Teams.doc

4.0 Policy:

1) Only communicate with third party security teams through the fraud operations email box at <fraudoperations@fulltiltpoker.com>. The fraud operations email box is managed by Fraud Analysts on all shifts. 2) Always email <fraudmgmt@tiltproof.ca> a synopsis of all communication with a third party security team. 3) Only communicate with approved third party security teams. If contacted by or contact is required with a third party security team that is not preapproved, contact <fraudmgmt@tiltproof.ca> for approval before any communication occurs. The level of communication and information that can be released to other external security teams is decided on a case by case basis. 4) When contacting or contacted by an external security team for the first time, only release the player ID, email address and a brief summary of the case. 5) When contacting or contacted by an external security team for the second time, the players real name and IP address can be released.

Tiltproof Incorporated 6) If an external security team needs to be contacted or contacts us a third time, contact <fraudmgmt@tiltproof.ca> for approval before any communication occurs. The level of information that can be released is decided on a case by case basis. 7) The following third party security teams are preapproved for communication: a) Bodog Email: <security@bodoglife.com> b) CakePoker Email: <security@cakepoker.com> c) PokerStars Email: <security@pokerstars.com> d) UltimateBet Email: <security@ultimatebet.com>

5.0 Procedure:

A) Initiating Email Correspondence With Third Party Security Teams 1) If you need to initiate correspondence with a third party security team that is not preapproved, contact <fraudmgmt@tiltproof.ca> for approval before any communication occurs. 2) Go to the fraud operations mailbox located at: <http://mail.fulltiltpoker.com/login.php> and log in. 3) Create a new email. a) First email regarding the case: i) To: Email address of appropriate security team. ii) Subject: Security Issue (brief summary). iii) Content: Player ID. Player email address. Brief summary of the security issue. b) Second email regarding the case: i) To: Email address of appropriate security team. ii) Subject: Security Issue (brief summary). iii) Content: Players real name. IP Address of player. Brief summary of the security issue. 4) If a third email is required, email <fraudmgmt@tiltproof.ca> a detailed summary of the situation including all information that has been released. a) Subject: Security Issue (brief summary). b) Content: Player ID. Player email address.

Tiltproof Incorporated Brief summary of the security issue. Summary of all information previously released. Reason why third contact is required.

B) Responding to Emails From Third Party Security Teams 1) Go to the fraud operations mailbox located at: <http://mail.fulltiltpoker.com/login.php> and log in. 2) If there is an email from a third party security team, ensure the external security team is preapproved for communication. If you need to reply to an email from a third party security team that is not preapproved, contact <fraudmgmt@tiltproof.ca> for approval before any communication occurs 3) Create a reply to the email. a) First response regarding the case: i) Subject: The subject line will automatically populate. ii) Content: Player ID. Player email address. Brief summary of the security issue. b) Second response regarding the case: i) Subject: The subject line will automatically populate. ii) Content: Players real name. IP Address of player. Brief summary of the security issue. 4) If a third response is required, email <fraudmgmt@tiltproof.ca> a detailed summary of the situation including all information that has been released. a) Subject: The subject line will automatically populate. b) Content: Player ID. Player email address. Brief summary of the security issue. Summary of all information previously released. Reason why third contact is required. Sending a Synopsis to Fraud Management 1) After emailing a third party security team, create a new email in the fraud operations mailbox located at: <http://mail.fulltiltpoker.com/login.php>. a) To: <fraudmgmt@tiltproof.ca>. b) Subject: Communication with Third Party Security Team. c) Content: Name of Third Party Security Team.

Tiltproof Incorporated PokerStars Reason for contact. Brief synopsis of the correspondence.

6.0 Definitions:

7.0 Revision History:

Jan 24/08 Policy Updated Bodogs security email address