Το στοίχημα Epic αποτυγχάνει λόγω της επαλήθευσης KYC

Ζητώ επιστροφή χρημάτων ύψους 2.300.000 δολαρίων Λιανικής (CLP). Ένας ανήλικος απέκτησε πρόσβαση στην πλατφόρμα και κατάφερε να παραβιάσει το σύστημα επαλήθευσης "Γνωρίστε τον Πελάτη σας" (KYC) χρησιμοποιώντας οικονομικά έγγραφα και έγγραφα κατοικίας που τροποποιήθηκαν με τεχνητή νοημοσύνη.

Το σύστημα ασφαλείας της Epicbet δεν κατάφερε να εντοπίσει την ψηφιακή χειραγώγηση εγγράφων, επιτρέποντας μαζικές καταθέσεις. Έχω παρουσιάσει στο καζίνο αποδεικτικά στοιχεία για αυτό το τεχνικό ελάττωμα, αλλά η υποστήριξή τους απλώς επικαλείται ρήτρες εμπιστευτικότητας κωδικών πρόσβασης, αγνοώντας την αντικειμενική τους ευθύνη για την επαλήθευση ταυτότητας και την προστασία των ανηλίκων βάσει της άδειάς τους στο Anjouan. Έχει ήδη υποβληθεί επίσημη καταγγελία στη ρυθμιστική αρχή (Anjouan Gaming Board).

Hello, if you have already informed Anjoan, I guess this request serves more as a word on sharing.

Well, from another perspective, deposits are usually not in direct relation with the KYC; withdrawals usually are. Therefore, falsifying documents could potentially hinder successful withdrawals, but it might not resolve the deposit problem, if I'm not misunderstood. In any case, I understand that this minor broke the rules and I also understand that the situation is very unpleasant. Feel free to add more if that is okay with you.

«Σας ευχαριστώ για την απάντησή σας. Θα ήθελα να προσθέσω κρίσιμες πληροφορίες, ώστε η υπόθεση αυτή να μην θεωρηθεί ως απλή παράβλεψη κωδικού πρόσβασης, αλλά ως συστημική αποτυχία ασφάλειας:»

1. Επικύρωση λογαριασμού πριν από τις καταθέσεις: Σε αυτήν την συγκεκριμένη περίπτωση, ο ανήλικος όχι μόνο πραγματοποίησε κατάθεση, αλλά το σύστημα της Epicbet ζήτησε και αποδέχτηκε επίσης την επαλήθευση εγγράφων (KYC) κατά την επεξεργασία των συναλλαγών. Το γεγονός ότι το βιομετρικό λογισμικό του καζίνο αποδέχτηκε τροποποιημένα από τεχνητή νοημοσύνη έγγραφα για την επικύρωση του λογαριασμού επέτρεψε τη συνέχιση της ροής των καταθέσεων.

2. Μη εκπλήρωση του «Καθήκοντος Επιμέλειας»: Εάν ένα καζίνο δέχεται πλαστά έγγραφα που δημιουργούνται από τεχνητή νοημοσύνη, αποδεικνύει ότι τα πρωτόκολλα ασφαλείας του είναι ευάλωτα σε απάτη ταυτότητας. Αυτό όχι μόνο επηρεάζει τον ανήλικο, αλλά θέτει σε κίνδυνο και την ακεραιότητα της άδειας του Anjouan, καθώς ο φορέας εκμετάλλευσης επεξεργάζεται κεφάλαια από συνθετική ταυτότητα.

3. Ακυρότητα σύμβασης: Δεδομένου ότι ο χρήστης που «υπέγραψε» τη σύμβαση είναι ανήλικος και η ταυτότητά του επικυρώθηκε εσφαλμένα από την τεχνολογία του καζίνο, η σύμβαση είναι άκυρη εξαρχής. Το καζίνο δεν μπορεί να επωφεληθεί από κεφάλαια που αποκτήθηκαν μέσω παραβίασης της δικής του τεχνικής ασφάλειας.

4. Νομολογία: Σε περιπτώσεις «Παραβίασης Κοινωνικής Ευθύνης», όταν ο φορέας εκμετάλλευσης δεν εντοπίζει έναν ευάλωτο ή ανήλικο παίκτη λόγω ελλιπών συστημάτων επαλήθευσης, η ρυθμιστική αρχή συνήθως απαιτεί την πλήρη επιστροφή των καταθέσεων (Καθαρές Ζημίες).

Ζητώ από την Casino Guru να κρατήσει ανοιχτή την καταγγελία και να ζητήσει από την Epicbet μια τεχνική εξήγηση σχετικά με το γιατί το σύστημα ανίχνευσης Liveness δεν επισήμανε τα έγγραφα τεχνητής νοημοσύνης ως δόλια.

"I am providing the official response received from Epicbet's Support Team Lead (Andres). In their email, they explicitly refuse the refund by citing the following Terms and Conditions:

• T&C 3.9.2: Regarding the user's responsibility to keep login credentials confidential.

• T&C 3.1.3: Regarding the user's obligation to provide truthful information during registration.

My technical rebuttal to this response is as follows:

1. Irrelevance of Section 3.9.2: The operator is attempting to treat a KYC bypass as a simple 'lost password' or 'shared account' issue. This is not about credentials being leaked; it is about the fact that their security system validated and approved an identity that was synthetically created by a minor using AI.

2. Failure of Duty of Care (3.1.3): While 3.1.3 requires users to be truthful, international gambling regulations (including Anjouan's) require the operator to have competent forensic systems to verify that truth. If an operator’s 'Liveness Detection' and document analysis fail to flag AI-manipulated IDs, the operator is in breach of its AML and Social Responsibility obligations.

3. Invalidity of Contract: A contract with a minor is void from the beginning (void ab initio). The operator cannot claim a violation of T&Cs to retain funds when the contract itself was never legally valid due to the age of the participant and the failure of the casino's verification engine.

4. Bad Faith Communication: I have also attached evidence (Error 550 5.1.1) showing that Epicbet’s official compliance and management email addresses do not exist, leaving players with no path for escalation other than this mediation."

Well, this makes sense, but it still lacks the other perspective. Do you think the individual who intentionally planned to impersonate someone else falls outside the scope of this issue? Is the casino solely responsible for someone else's plan to fake his identity?

If someone breaks those specific rules, the money will be voided in 99% of cases because it is common knowledge that minors are not allowed to register, and forging documents to pretend not to be a minor is against all rules.

Hence, I believe this is quite a one-sided communication. But as I said, I understand this must be challenging to deal with. Best of luck to you.

"I completely understand the perspective that the minor acted in bad faith. However, this mediation should not focus on the moral behavior of a minor, but on the technical liability of a licensed operator.

1. The Casino as a 'Gatekeeper': The common knowledge that minors are prohibited from gambling is exactly why regulators mandate that casinos invest in sophisticated forensic verification software. If a minor can bypass these rules using AI, it reveals a critical security breach in the operator's infrastructure.

2. Technical Failure: The minor's plan only succeeded because the casino's software validated and approved the documents. Had the casino's system fulfilled its technical duty to detect digital tampering, the account would have been flagged immediately, and no deposits would have occurred.

3. Duty of Care: Responsible gambling laws dictate that the burden of prevention lies with the professional operator. By accepting a synthetic identity, the casino acted as an inadvertent facilitator.

The contract is void ab initio because the verification engine failed to perform its core function. I am asking for the casino to be held accountable for its technological negligence, which is a requirement of their Anjouan license."

Well, I understand why this situation raises strong reactions, but it’s important to separate technical expectations from actual regulatory practice.

First, the fact that a minor was involved does not automatically shift full responsibility to the casino. Online gambling rules are built on shared responsibility. Operators must implement age verification and KYC checks, but users are also required to provide truthful information. When an account is created using falsified or AI-manipulated documents, this is considered deliberate circumvention of safeguards, not a standard verification failure.

Second, while contracts with minors are generally considered void, this does not automatically create a right to a refund of losses. Regulators are careful about setting precedents that could encourage abuse, such as using a minor’s identity to gamble and then requesting refunds after losses. In most jurisdictions, the typical outcome in such cases is account closure and forfeiture of funds, not reimbursement.

Third, KYC and liveness detection systems are risk-based controls, not guarantees of perfect detection. The existence of increasingly sophisticated document manipulation does not by itself establish operator negligence. What regulators usually assess is whether the operator had reasonable verification measures in place and whether they acted appropriately once the issue was identified.

Finally, licensing authorities do not mediate disputes in the sense of negotiating outcomes. Their role is to determine whether the operator complied with applicable rules. A failure to detect a sophisticated fake identity does not automatically mean the operator breached its obligations or becomes liable for losses incurred through deliberate misrepresentation.

Protecting minors is a critical goal, but presenting intentional rule-bypassing as operator liability risks creating misleading expectations and potentially encouraging further misuse of the system.

"I appreciate the mediator's perspective on shared responsibility. However, I must clarify a fundamental distinction in this case that moves it from 'user fraud' to 'operator negligence':

1. Active Validation vs. Passive Failure: This was not a case of a minor simply typing a false birthdate. The casino's system actively requested, processed, and officially approved the uploaded documents. When a licensed operator’s software flags a document as 'Verified,' it grants the user a legal expectation of security. If their 'Reasonable Measures' cannot distinguish an AI-altered ID, the measure is, by definition, not reasonable for a high-risk financial industry.

2. The 'Incentive' Argument: I understand the concern about creating incentives for refund abuse. However, there is an even more dangerous precedent: allowing operators to profit from unverified and illegal deposits. If an operator can keep $2,300,000 CLP deposited by a minor because their own security failed to catch it, the operator has no financial incentive to improve their KYC technology.

3. The 'Void ab Initio' Principle: Under international contract law, a contract with a minor is not just 'voidable,' it is void from the beginning. Therefore, the casino has no legal title to these funds. Confiscating the funds (as the mediator suggests) would be appropriate if the money were 'winnings,' but these are original deposits that should never have been accepted.

4. Regulatory Non-Compliance: The Anjouan Gaming Board’s standards require operators to prevent underage gambling. If the software 'Approved' the minor, the operator failed the regulator’s primary objective.

I request that Casino Guru asks the operator to provide the Audit Trail of the KYC process for this account. We need to see why their system gave an 'Approved' status to a fraudulent document."

"I appreciate the mediator's perspective, but we must address a critical technical fact: the casino’s system provided an 'APPROVED' status to the documents. This was not a passive entry; it was an active validation by their forensic software. If a licensed operator cannot distinguish AI-generated documents, they are operating with a critical vulnerability that compromises the integrity of their Anjouan license. I am not requesting a refund of 'winnings,' but the return of deposits made under a contract that is legally void."

Hello, I get that right from the start. However, Casino Guru does not ask casinos to do Audit trails.

As I was trying to explain to you, Casino Guru resolves issues in line with our Fair Gambling Codex 👈. You have not submitted a complaint, so no mediator has spoken to you yet. You are welcome to submit your request; my colleagues will then explain the rest to you.

As far as I concluded, you already contacted the licensing authority. is that so? In that scenario, you are in an official position, and it makes sense to defer to the authority's decision.