Security and Game Integrity

Scroll

The measures that we take to safeguard our players combined with the security we build into our games make The Stars Group brands among the most trusted in the industry. Millions of players choose us because we provide the very best online experience available in a fair and honest environment. This is a real passion for everyone at The Stars Group.

All our games and the technology that supports them are regularly and independently assessed by the most robust international gaming regulators in the world, and are backed by our team of more than 300 Security and Game Integrity professionals. These teams use proprietary fraud management systems 24 hours a day seven days a week to prevent malicious activity, track game play and reduce financial risk.


Security Highlights

Software download

Ensuring that our desktop software is downloaded in its intended and unmodified form is the first critical step in protecting the integrity of our games. The installer executable file is signed using an RSA 2048-bit code-signing certificate that was issued to The Stars Group by VeriSign. This is a public certificate authority, which can be validated using your web-browser and ensures that the desktop client came from the software publisher. It protects the desktop client installer from alteration between the point of publication and later installation on your machine.

Registration, Verification and Validation

The registration process is central to preventing players who are not of legal age from being able to participate in any real-money activity on any of our products. It is also the first opportunity to identify any intent to abuse our systems. Players are required to be over the applicable legal age to play real-money games in their respective jurisdiction. The exact requirements for how a player completes account validation varies by license and market. The Stars Group strives to maintain full compliance in every jurisdiction.

AML and Fraud

The Stars Group employs stringent rules, alerts and limits to review and reduce risks of fraud, money laundering or terrorist financing, making money-laundering very hard to achieve. These include game protocols and screening processes at onboarding, KYC processes and rigorous analysis of fund movement. All real-money players across the group are screened within 24-hours of registration using World Check to ensure we have no player on a global sanction or terrorist watch-list.

Transaction Analysis

Every one of the millions of daily transactions that occur on our platforms is parsed through our Global Security systems. Those that are flagged based on pre-formulated rulesets are manually reviewed by dedicated investigators. Those rules draw upon the attributes of the individual transaction as well as past transactions, account history, technical account attributes, player profile and behavior.

Play Screening

The Security teams use other in-house rule engines that analyze the movement of funds, post-deposit, to search for inconsistencies with normal playing patterns. This analysis will consider possible chip dumping, bonus abuse, compromised accounts, big winners and losers, and other items to maintain the integrity of our platforms and games. The source of funds for all transactions is also reviewed to protect potentially vulnerable players. Protecting our players is always a key objective for us.

PROHIBITION ON ACCOUNT SHARING

Account Sharing, or multi-accounting, is a form of cheating where a player uses more than one account to deceive other players either to gain an anonymity advantage, misuse the Late Registration feature in tournaments or bypass restrictions placed on accounts. This is unique to online gaming and something we counter using state-of-the-art tools and detection methods. These protect honest players and safeguard the integrity of our platforms without compromising the player experience.

Third Party Tool Policy

We have an in-depth policy designed to clearly outline our rules pertaining to third-party tools as well as set a balance between fairness, enforceability and clarity. We created these rules in consultation with players, staff and software developers, and they have been adapted over time to suit the changing gaming and software environments. If a tool is detected on our system, we will typically seek to first educate and warn players against its use. In rare cases, if players persist, we may go as far as banning them and confiscating their funds for redistribution to victims of unfair play, as is permitted under our terms of service.

Collusion

Collusion is a form of cheating in which two or more players signal their holdings or otherwise form a partnership to the detriment of other players within a game. Every single hand dealt on PokerStars is recorded and can be examined after play using our sophisticated detection methods that run 24/7. Every unusual play pattern and player report is thoroughly and manually investigated by our expert security personnel. If any player is found to be colluding with others, his or her account may be permanently closed and funds redistributed to affected players.

Bot Prevention

We take pride in ensuring that the brains behind an account belong to a human and not a computer, analyzing every one of our accounts in three main areas: interaction with our software, detection of computer set-ups, and the way our players play poker. We also cross reference our database of billions of hands to determine how individual accounts play in comparison to known bot profiles. Every potential risk is investigated. Flagged accounts are quarantined and subjected to a series of sophisticated Turing tests to ensure a safe and level playing field for every player.

Play-time security

Our desktop client software uses the certificates issued by our own Certificate Authority (CA) to authenticate our servers. Our desktop client software uses the industry standard TLS 1.2 protocol. We are currently using a 2048-bit RSA key, which according to RSA is sufficient until 2030. We support the following ciphers: AES128-GCM-SHA256 (128bit). No private data, such as pocket cards, is ever transferred to other players except in accordance with the game rules and all client input is validated server-side.

Shuffling the deck

A fair and unpredictable shuffle algorithm is critical to our software. Two independent hardware sources of truly random data work together to keep our poker games fair.

  • Quantis: a true hardware random number generator developed by Swiss-based company ID Quantique, which uses quantum randomness as an entropy source.
  • User input: thousands of random variables generated by human interaction with our desktop client software, including mouse-movement and events timing.

Our Random Number Generator has successfully been tested to generally-accepted industry standards for highly-regulated jurisdictions by Gaming Laboratories International. Click here to read the Certification of Integrity. To read more about the PokerStars shuffle and Random Number Generator here.