COMMENT OF ARISTOTLE INTERNATIONAL ON GAMBLING COMMISSIONS PROPOSED EXEMPTION OF CREDIT CARD PAYMENTS FROM AGE VERIFICATION REQUIREMENTS

Many individuals under the age of 17 have legitimate access to, and regular use of, credit cards and debit cards.
VISA Testimony to U.S. Congress1

Merchants may not rely on possession of a Visa card or submission of Visa account information to verify cardholder age.
VISA Business Rules2

We do not propose to require operators licensed in Great Britain to carry out further age verification checks of each individual using a credit card as a form of payment, because it would not seem to be a proportionate response to the level of risk.
UK Gambling Commission, Licence Conditions and Codes of Practice Consultation Document, 5.2.24 (March 2006)

Visa, the largest card company, has testified before the US Congress that access to a credit or debit card proves nothing about a persons age: Access to a credit card or a debit card is not a good proxy for age. The mere fact that a person uses a credit card or a debit card in connection with a transaction does not mean that this person is an adult. Many individuals under the age of 17 have legitimate access to, and regular use of, credit cards and debit card. Moreover, using access to a credit card or debit card as a proxy for age actually could result in an inadvertent commission of criminal acts. Mark McCarthy, Visa VP for Public Policy, Congressional Testimony, June 9, 2000 www.copacommission.org/meetings/hearing1/maccarthy.test.pdf
2

See VISA VBR 020917 (September 17, 2002)

I.

Exempting Credit Card Payments From Age Verification Requirements Is an Abdication of the Commissions Responsibility to Ensure Compliance with Licensing Obligation (c)

By exempting credit cards from age verification requirements, the proposed UK Licence Conditions and/or Code of Practice encourage wholesale disregard for credit company rules, while adopting the same arguments favored by pornographers. Worse still, the proposal unpersuasively argues that although age verification for debit cards will be required, it is too difficult to do the same for credit cards. This is a complete abdication of responsibility one that is both unbecoming and inappropriate for the Commission charged with ensuring compliance with the Licensing Obligation to protect children and other vulnerable people under Section 1(c) of the 2005 Act.

The major credit card company rules and regulations are unanimous in their prohibition on use of credit cards to verify age particularly in high risk transactions such as Internet gambling. For example:

Supplementing the VISA rule cited above prohibiting use of a Visa card to verify age, VISAs operating regulations state the obvious rationale: In the virtual world, the card is not present, yet the requirement to authenticate the individual conducting the transaction has equal, if not greater, importance.3

Discover/NOVUSs rules are equally clear, stating: Merchants may not rely on the possession of a Discover Card or submission of Discover Card account information to verify cardholder age.

MasterCard Regulations underscore the high risk transaction status of Internet gambling: MasterCard Standards require all members to comply with all applicable laws and not to engage in illegal behavior Transactions that present heightened risks of potentially illegal activity include

See VISA Business Rules, Issue 021022, VISA International Operating Regulations Are Revised, Effective November 15, 2002

Internet payments for transactions involving gambling, pornography, and prescription medications.

American Express September 2003 Amendment to Card Acceptance Agreements unambiguously states: The American Express Card shall not be used in any way to verify the age of your customer

Despite these clear prohibitions, the proposed UK Gambling Commission Conditions/Code would allow Internet gambling by minors with a credit card without age verification, under the fiction that few minors have credit cards, so that selfreporting of age plus possession of a credit card adequately verifies age. A 2004 study4 demonstrated the fallacy of this approach, which is sometimes referred to pejoratively as the porn standard, as it is the method of choice for pseudo-age verification by purveyors of online pornography. Another recent study further validated the concerns of child protection advocates who reject the use of a credit card as a proxy for age verification. In that study, fully 82.7% of 18-20 year olds reported that they carry at least one credit or debit card, and 36.1% of those between the ages of 14-17 have a debit card or a credit card in their own names. This finding undercuts the assertions by some in the online gambling, pornography and beverage alcohol industries that anyone entering their websites need only posses a valid credit card in order to prove that they are old enough to enter.5

See, e.g., http://www.guardian.co.uk/uk_news/story/0,3604,1269498,00.html

Call to block child gambling online, by David Batty, Tuesday July 27, 2004: Internet gambling websites should introduce age-verification checks to prevent children from betting online, a children's charity urged today. The call by the charity NCH comes after it found that a 16-year-old girl was able to register with 30 gambling websites after lying about her age. Only seven sites requested verification of her age when she claimed to be 21.

Source: Global INTEGRITY (sm) Identity and Age Verification Survey (2006)

It is beyond peradventure that credit cards are merely payment mechanisms that marketers and card companies wish to have widely used by consumers under the age of 18. They are routinely marketed to minors and issued without independent age verification. They are not reasonable tools for verifying age in transactions that are not face-to-face.

The ineffectiveness of such cards for age verification increases as card companies and online merchants of all kinds increase their marketing efforts to place more cards in the hands of the coveted teenage consumer group. This fact, coupled with the major card companies ban on use to verify age, makes it all the more stunning that the proposed Conditions/Code would endorse a practice that is ineffective and at the same time blatantly violates credit card company rules and agreements.

Children and young people may not legally gamble, as this is prohibited in Section 46 of the 2005 Act. It is therefore both indefensible and irrelevant to suggest that a mere possession of a card entitles one to gamble. A terrestrial casino may not allow children and young people to gamble simply because they present a credit card, and, accordingly, there is no reason for remote gambling providers to be allowed to claim reasonable reliance on such cards as proof of age. Objective standards are needed for credit card age verification, and there is no valid reason to treat them differently from debit cards. Because age verification is difficult, it does not follow that a laissez faire approach to children or young people gambling with credit cards should be countenanced. If political pressure from interest groups or companies is responsible for the disparate treatment proposed for credit cards and debit cards, it must be resisted

II.

Appropriate Age Verification Standard: Use of Government-Issued ID

Possession of a credit card clearly is inadequate proof of age. The reasonable solution is use of a government-Issued ID database for age verification.

In the last several years, there has been a significant change in the business and legal requirements for online identity and age verification. The use of government-issued ID databases addresses privacy concerns and now provides a more effective and widelyaccepted solution. These systems, which are used by a minority of the online gambling industry, search governmental records to find evidence that people are registered at the address they claim to be and are over 18. For the UK or anywhere a government-issued ID is everything from an Electoral Roll Registration to a Drivers Licence, Passport, National Identity Card, or any other government-issued form of identification that is considered legal documentation to access official government programmes. The hallmark of government-issued ID is that it contains date of birth provided under confirmation of veracity, and such IDs are typically issued after the individuals presentation of other official documents. Often such records are the only valid sources for date of birth and other personal information. Many laws, such as U.S. tobacco and alcohol purchase restrictions, already require government-issued ID for access to restricted products. Using this standard online does not mandate that the consumer purchase any special technology or hardware. Almost all adults, regardless of income or nationality, hold government-issued IDs. They are issued on the basis of reliable statements by the applicant and presentation of other verified forms of identification. Major institutions, public and private, rely on government-issued ID, not on credit cards, credit reports or consumer databases.

Accordingly, government-issued ID databases should create fewer privacy issues than other types of private data and be more reliable. Using regulated government record databases with a persons age for the enforcement of age verification laws comports with offline behavior and norms. It is far more appropriate for age verification, from a privacy perspective, when compared with using more private information such as compiled consumer profiles or dossiers, or credit data. Real-time ID checks against government-issued ID and other public records are currently available, affordable, and continuously expanding in the scope of countries covered.

In the laws of California6 and other US states, the trend is toward the use of government-issued ID for Internet, mail order or telephone order age verification, because such ID indicates a degree of necessary reliability that is commensurate with the seriousness of preventing access to age-restricted products and services by minors. This protection must be extended to minors of all countries, and there are proven systems within the UK, US, Ireland and abroad, which allow access to official government rolls. While no system will be perfect, this type of verification safeguard is evolving into the preferred standard. In any event, this type of authentication is certainly preferable to alternative, where a site may choose to verify age by comparing the personal information provided by a website visitor with a database of consumer transaction data or credit reports. These are, for the most part, less reliable or unnecessarily create privacy concerns. Consumer transaction databases contain records of credit card transactions, magazine subscriptions, self-reported age, and the like. Children and young people routinely become part of consumer databases by any act of commerce such as using credit or debit cards, subscribing to magazines, registering a cell phone, opening a bank account, joining a book club, or using an ATM card. Permitting the use of consumer transaction databases effectively allows such activities to be improperly relied upon for age verification. These commingled databases also contain implied
6

A number of US state laws mandate a check of government record databases for access to age-

restricted content. For example, California Bus. & Professions Code 22963, a tobacco control statute, provides an example of workable statutory language and structure. Section 22963 (b)(1)(A) states that before enrolling a person as a customer or distributing tobacco to be shipped pursuant to Internet, mail, and telephone order:

The distributor or seller shall attempt to match the name, address, and date of birth provided by the customer to information contained in records in a database of individuals whose age has been verified to be 18 years or older by reference to an appropriate database of government records kept by the distributor, a direct marketing firm, or any other entity. If the merchant is unable to verify age through this procedure, 22963 (b)(1)(B) requires the merchant to obtain an age verification kit from the customer specifically, an attestation from the customer that he or she is at least 18 years old, and a copy of a valid form of the customers government-issued identification.

and inferred information, such as age estimated from the consumer transactions in the database. They are thus particularly inappropriate for age verification

Credit report searches create a unique problem in that searches may be entered into the consumers credit record and recorded as a soft hit. This in turn may prompt two undesirable consequences: 1) It will lower the customers credit score; and 2) A potential employer or bank may be able to see that an individual has opened 10 gaming accounts in the past 6 months and might deny him everything from a job, to a credit card to housing simply because he places some casual wagers.

Finally, a concern related to this form of authentication involves privacy. In a 2006 survey, respondents of all ages showed strong negative reaction to recent disclosures involving credit bureaus and data companies in the US and UK:

o 83% of all respondents said they would be much less likely or less likely to provide personal information to a website if that website shared information with a company implicated in a privacy scandal. o Nearly all respondents in all age groups 98% stated unequivocally that they should be notified before your personal information is give to a company with poor privacy practices o In a clear danger sign to merchants who share information with third party credit bureaus, when asked to which of the following companies would you most likely provide personal information in order to gain access to a web site, only: 23.3% listed credit bureau Experian 12.6% listed credit bureau Equifax7 III. Conclusion

Regulators must resist outside pressure to encourage behavior that violates of credit card company rules and creates a higher risk of privacy intrusion. Allowing credit cards to be used for age verification, and treating such payment instruments differently

Source: Global INTEGRITY (sm) Identity and Age Verification Survey (2006)

from debit cards abdicates chills protection responsibilities. Such an approach to regulation must not be carried forward in the final Gambling Commission rules.

Respectfully submitted,

John Aristotle Phillips For Aristotle International

Apollo House 56 New Bond Street London W1S 1RG