Shaun McCallaghan, eCOGRA CEO, on Safeguarding Online Gaming: 'It's All About Trust and Integrity'
In this exclusive new instalment of our interview series, we engage with Shaun McCallaghan, CEO of eCOGRA, the independent online gaming testing and certification agency whose role-model operations hardly need any introduction. We journey through eCOGRA's remarkable 20-year history, punctuating its notable milestones and unwavering dedication to player safety. We delve into the rigorous process of obtaining the prestigious eCOGRA seal, providing insights for companies aiming to achieve this standard. As the company expands into the US market, we'll explore their expansion plans and finish by emphasizing the importance of Information Security Management Systems (ISMS) in their gold-standard approach to industry trust and integrity. Let's dive in.
eCOGRA has been a leading figure in the online gaming industry for over two decades, setting high standards for player protection, fair gaming, and responsible operator conduct. Could you provide an overview of the company's journey and its core mission? What specific milestones have played a significant role in eCOGRA's success and reputation during its 20-year history?
eCOGRA was established in 2003 as a self-regulatory body, with the aim of creating operational industry standards and player protection measures for online gambling companies which could be responsibly maintained through regular auditing. At a time when the industry was largely unregulated, several prominent stakeholders recognised a need to implement a best practice framework for operational standards that ensured ongoing player safety. This resulted in the establishment of eGAP (eCOGRA’s Generally Accepted Practices).
eCOGRA’s core mission revolved around maintaining integrity and transparency while providing the highest levels of service to our clients. This ethos of impartiality and independence remains a key aspect contributing to the success of eCOGRA today.
There are many significant milestones throughout the history of the company, for example, each of our new jurisdictional approvals is celebrated in equal measure. We are now approved in 36 geographical locations across 4 continents. Some of our most memorable moments include awarding the industry’s first ever mobile gambling provider accreditation to Spin3 in 2009, being approved as an Alternative Dispute Resolution service provider by the Great Britain Gambling Commission in 2015 and becoming the first independent online gambling test house to be awarded ISO/IEC 17021-1:2015 by UKAS to offer accredited ISO/IEC 27001 certifications. In 2022, eCOGRA became the first non-American based test house to be authorised to offer testing, inspection, and certification services in the United States.
Considering the wide range of services eCOGRA offers, from change management, games testing, information systems security, to return to player assessments and more, could you elaborate on how these services collectively contribute to ensuring a fair and secure online gambling environment?
Each service line that eCOGRA offers aligns with our goal, regulator objectives and our client’s goals to ensure a regulatory compliant, fair and secure online gambling environment for players. From our change management services which help online gambling companies implement updates, modifications, and improvements to their systems and processes, to our ISO 27001 audit which examines an organisation’s Information Security Management System, evaluating the security infrastructure, encryption protocols, data storage practices, and overall protection of player information, these services are vital in safeguarding the credibility of the industry. eCOGRA also conducts independent testing and certification of online casino, poker and bingo games to ensure their fairness and integrity. This includes assessing the Random Number Generators (RNGs) to verify that outcomes are truly random and not manipulated, and Return to Player (RTP) assessments to determine whether the advertised RTP values are accurate and within acceptable ranges compared to the actual RTP values.
You mentioned return to player (RTP) assessments and testing of random number generators (RNGs). How do these processes ensure that the games offered by online casinos are fair, and what measures are in place to maintain the integrity of these tests?
eCOGRA have tested and certified thousands of games for online gambling jurisdictions across the globe. Our comprehensive approach includes testing functionality, performance, compatibility, integration and security, to ensure the game mechanics, features, and gameplay work as stipulated by the certifiable technical standards of various regulated jurisdictions and as described to players.
eCOGRA’s RTP assessments involve verifying the accuracy of the advertised payout percentages by analysing a data set of game results, game mathematics and the source code to calculate the average percentage of wagered money that players can expect to receive back over time.
Through RNG testing, eCOGRA verifies that the RNG algorithms are genuinely random and not biased or manipulated to favour the casino. During RNG testing, eCOGRA examines the algorithms and seed values used in the RNG, analyses large data sets of generated numbers, and performs statistical tests to ensure randomness.
We maintain the integrity of our testing and certification processes through established methodologies, statistical analysis, highly experienced personnel, and transparency throughout all our processes
In the industry, having an eCOGRA stamp of approval on their platform is a source of pride for everyone. But what does it take to be granted this esteemed recognition? Could you provide valuable pro tips for companies aiming to obtain eCOGRA approval?
It is a source of immense pride to the company that obtaining eCOGRA approval and earning our Safe and Fair, Certified Software, Certified Live Dealer or Affiliate Trust Seal is regarded as a significant achievement for online gambling companies.
For companies looking to obtain our approval we would recommend familiarising themselves with our standards and guidelines. They could also carefully review their existing policies and procedures to ensure they meet eCOGRA's Standards, available on our website for download, and to identify any gaps or areas that require improvement.
When applying for eCOGRA approval, companies undergo a rigorous onsite review to assess compliance with elements of corporate governance, legal compliance, financial controls, system controls, and operational controls. High-risk areas covering anti-money laundering procedures, control over advertising and promotions and probity requirements are also included.
How does eCOGRA maintain its commitment to independence and integrity throughout its operations? What measures does the company implement to guarantee its autonomy from operators and providers in the online gaming industry?
eCOGRA maintains its commitment to independence and integrity and ensures that the work conducted by our team demonstrates the highest possible standard of professionalism by having sufficient controls and structures in place. eCOGRA operates and reports to an Impartiality Committee chaired by an independent industry professional with over ten years’ industry experience and also has an independent governing board of directors responsible for overseeing the organisation's strategic decision-making processes. The board comprises individuals with expertise and experience in various fields, including law, finance, gambling, and technology. This independent governance structure helps ensure that eCOGRA's decisions are made impartially and without influence from external parties or undue pressure from internal stakeholders.
eCOGRA maintains a clear separation between its testing and certification services and any commercial interests in the online gambling industry. The organisation is regularly required to demonstrate its operational independence from operators and providers in the online gambling industry to jurisdictional regulators and its two accreditation bodies, UKAS and INAB.
eCOGRA places great importance on confidentiality and data protection, including strict protocols for handling sensitive data and restrictions on sharing information with third parties without proper authorisation. The company also provides regular reports and updates to regulatory bodies on our activities, findings, and certifications.
As the sole non-American test lab authorised to provide testing, inspection, and certification services in the United States, eCOGRA recently obtained authorisation from the Connecticut State Department of Consumer Protection Gaming Division to operate within the state. Considering the dynamic landscape of gambling in the US, do you have plans to expand your services to other states in the future?
The United States finds itself at a momentous juncture as individual states begin to recognise the immense potential of the online gambling industry as a lucrative source of tax revenue. As legislation unfolds, the American market is flourishing with both operators and developers seizing the opportunity to expand into this new market, however companies must prioritise compliance with regulations to ensure their success.
As global jurisdictions, including the US continue to legalise and regulate online gambling we remain dedicated to expanding our reach and acquiring approval in these evolving markets.
Our goal is to provide unmatched testing, inspection, and certification services to support the growth and success of online gambling operators and software developers worldwide.
During a recent interview, you highlighted the significant opportunities for software developers in the rapidly evolving US gambling market. With that in mind, what guidance or advice do you have for other stakeholders in the industry in terms of meeting regulation standards?
As the US online gambling landscape evolves, it is imperative for businesses to navigate the intricacies of the regulatory framework while prioritising the delivery of exceptional user experiences. By combining industry expertise, technological prowess, and a commitment to responsible gaming, stakeholders can position themselves as key players in this burgeoning market. To achieve this however, it is crucial for operators and developers alike to navigate the American regulatory landscape with confidence, knowing that their products are tested and certified against certifiable regulatory requirements by a trusted independent testing agency such as eCOGRA.
In addition to the United States, what are the upcoming areas of focus for eCOGRA's expansion plans? Could you provide insights into the progress of any ongoing processes and the current stage of development in these targeted regions?
Although there is much focus on the rapid growth of the North American market, there are several other jurisdictions which are in the process of, or considering the process of, legalising and regulating online gambling. As a dynamic, vibrant and forward-thinking organisation, we are constantly monitoring global jurisdictions, both regulated and unregulated, for opportunities for expansion and to develop new and ground-breaking services for our clients, pushing the boundaries of excellence in service delivery.
Additionally, when it comes to expansion in terms of service offering, do you have plans for introducing new services to cater to the evolving needs of the industry?
Yes, of course. As the industry evolves rapidly, so too does the demand for more streamlined and efficient methodologies and independent test houses that can keep up with changes. With eCOGRA’s multi-jurisdictional approach, highly qualified staff and energetic leadership team we typically save clients time and money getting to market while maintaining the highest standards and work ethics. An area where this is particularly significant is ISMS (Information Security Management Systems).
As the online gambling industry continues to grow and cyber threats become increasingly sophisticated, there has been a significant uplift to our service lines dedicated to bolstering Information Security Management Systems. As already mentioned, we were the first independent online gambling test house to be awarded ISO/IEC 17021-1:2015 by UKAS to offer accredited ISO/IEC 27001 certifications. We identified a gap in the market for this service offering and have seen an explosion of requests for this service, and not specifically only from the gambling industry. We are experts in this field after all, and our reputation speaks for itself.
Can you elaborate on the significance of ISMS in the context of eCOGRA's work and the online gambling industry?
A robust Information Security Management Systems play a significant role in the online gambling industry. ISMS is a framework of policies, processes, and controls designed to protect the confidentiality, integrity, and availability of information assets within an organisation.
Online gambling platforms handle vast amounts of sensitive player information, including personal details, financial data, and transaction records. ISMS help ensure the secure storage, transmission, and processing of this information, and helps identify and address vulnerabilities, safeguarding information from unauthorised access, breaches, or misuse. ISMS also assist in achieving compliance with regulatory requirements by implementing necessary controls, conducting risk assessments, and ensuring the confidentiality, integrity, and availability of data. Compliance with regulatory standards is crucial for online gambling operators to maintain licenses, meet legal obligations, and demonstrate their commitment to responsible data handling, which in turn can protect player privacy and maintain the trust of their customers.
There has been a recently published study on Healthcare Cybersecurity Benchmarking which gives some insights on the current state of a number of companies, as well as potential areas for improvement. One of the main highlights is the long road ahead from reactive to proactive approach when it comes to cybersecurity. Although we are familiar with the common saying "prevention is better than cure," some companies may still be unaware of the importance of cybersecurity, particularly in the online gambling sector. How crucial do you believe it is for organizations to prioritize a proactive approach in safeguarding their systems and data?
The success of the online gambling industry rests in its ability to ensure it establishes a reputation of impeccable safety and trust, for consumer, regulator, operator and service provider. Recently the industry has seen a rise in cyber-attacks, and these can be costly for companies to remedy and make good on as well as damaging consumer trust. Gambling regulators in many jurisdictions are urging companies to take precautions and some highly regulated jurisdictions have made cyber security controls a mandatory certifiable component to the overall certification process.
Taking a proactive stance allows organisations to identify and address vulnerabilities so that action can be taken before these vulnerabilities can be exploited by cyber attackers.
Prevention is not only more effective but also more cost-efficient than dealing with the aftermath of a breach.
Some of the negative outcomes of a cyber-attack include disruptions in service, loss of player trust, financial losses, reputational damage, and severe impact to business operations. By implementing robust security measures, conducting regular risk assessments, and staying up to date with the latest threats, organisations can effectively safeguard their systems and data, mitigating risks and protecting their reputation in the industry and the industry as whole.
Our team at CasinoReviews thanks Shaun McCallaghan for granting us insights into the impactful work at eCOGRA. Their unwavering commitment to fair, efficient, and safe online gaming practices, combined with a thorough certification process, has set new industry benchmarks. We trust this conversation illuminated the importance of player safety in the online gaming industry, and the critical role eCOGRA plays in achieving this through its gold-standard ISMS approach.
For more details about the company and their initiatives, visit their website at ecogra.org.
More Interviews
When Helping Others Is a Life-Long Mission - An Interview with Gordon Moody CEO, Monica Shafaq
Dec 17, 2024Charting a Path to Success: An Interview with Christina Muratkina, CEO of Onlyplay
Aug 21, 2024RELATED TOPICS: Interviews
Review this New Post
Leave a Comment
User Comments
Comments for Shaun McCallaghan, eCOGRA CEO, on Safeguarding Online Gaming: 'It's All About Trust and Integrity'