Epic-væddemål mislykkes på grund af KYC-verifikation

Jeg anmoder om en refusion på 2.300.000 CLP. En mindreårig fik adgang til platformen og formåede at kompromittere Know Your Customer (KYC)-verifikationssystemet ved hjælp af finansielle dokumenter og bopælsdokumenter modificeret med kunstig intelligens.

Epicbets sikkerhedssystem kunne ikke registrere digital manipulation af dokumenter, hvilket muliggjorde massive indbetalinger. Jeg har fremlagt bevis for denne tekniske fejl til casinoet, men deres support nævner blot klausuler om fortrolighed med adgangskoder og ignorerer deres objektive ansvar for identitetsbekræftelse og beskyttelse af mindreårige under deres Anjouan-licens. En formel klage er allerede blevet indgivet til tilsynsmyndigheden (Anjouan Gaming Board).

Hello, if you have already informed Anjoan, I guess this request serves more as a word on sharing.

Well, from another perspective, deposits are usually not in direct relation with the KYC; withdrawals usually are. Therefore, falsifying documents could potentially hinder successful withdrawals, but it might not resolve the deposit problem, if I'm not misunderstood. In any case, I understand that this minor broke the rules and I also understand that the situation is very unpleasant. Feel free to add more if that is okay with you.

"Tak for dit svar. Jeg vil gerne tilføje vigtige oplysninger, så denne sag ikke ses som en simpel adgangskodeforsømmelse, men som en systemisk sikkerhedsfejl:"

1. Kontovalidering før indbetalinger: I dette specifikke tilfælde foretog den mindreårige ikke blot en indbetaling, men Epicbet-systemet anmodede også om og accepterede dokumentverifikation (KYC), mens transaktionerne blev behandlet. Det faktum, at casinoets biometriske software accepterede AI-modificerede dokumenter til at validere kontoen, var det, der tillod indbetalingsstrømmen at fortsætte.

2. Manglende opfyldelse af 'omsorgspligten': Hvis et casino accepterer forfalskede dokumenter genereret af kunstig intelligens, viser det, at dets sikkerhedsprotokoller er sårbare over for identitetssvindel. Dette påvirker ikke kun den mindreårige, men bringer også integriteten af ​​Anjouans licens i fare, da operatøren behandler penge fra en syntetisk identitet.

3. Kontraktens ugyldighed: Da brugeren, der "underskrev" kontrakten, er mindreårig, og deres identitet blev forkert valideret af casinoets teknologi, er kontrakten ugyldig fra starten. Casinoet kan ikke tjene på midler, der er opnået gennem et brud på sin egen tekniske sikkerhed.

4. Retspraksis: I tilfælde af 'brud på socialt ansvar', hvor operatøren ikke registrerer en sårbar eller mindreårig spiller på grund af mangelfulde verifikationssystemer, kræver tilsynsmyndigheden normalt fuld tilbagebetaling af indskud (nettotab).

Jeg anmoder Casino Guru om at holde klagen åben og bede Epicbet om en teknisk forklaring på, hvorfor deres Liveness Detection-system ikke markerede AI-dokumenterne som svigagtige.

"I am providing the official response received from Epicbet's Support Team Lead (Andres). In their email, they explicitly refuse the refund by citing the following Terms and Conditions:

• T&C 3.9.2: Regarding the user's responsibility to keep login credentials confidential.

• T&C 3.1.3: Regarding the user's obligation to provide truthful information during registration.

My technical rebuttal to this response is as follows:

1. Irrelevance of Section 3.9.2: The operator is attempting to treat a KYC bypass as a simple 'lost password' or 'shared account' issue. This is not about credentials being leaked; it is about the fact that their security system validated and approved an identity that was synthetically created by a minor using AI.

2. Failure of Duty of Care (3.1.3): While 3.1.3 requires users to be truthful, international gambling regulations (including Anjouan's) require the operator to have competent forensic systems to verify that truth. If an operator’s 'Liveness Detection' and document analysis fail to flag AI-manipulated IDs, the operator is in breach of its AML and Social Responsibility obligations.

3. Invalidity of Contract: A contract with a minor is void from the beginning (void ab initio). The operator cannot claim a violation of T&Cs to retain funds when the contract itself was never legally valid due to the age of the participant and the failure of the casino's verification engine.

4. Bad Faith Communication: I have also attached evidence (Error 550 5.1.1) showing that Epicbet’s official compliance and management email addresses do not exist, leaving players with no path for escalation other than this mediation."

Well, this makes sense, but it still lacks the other perspective. Do you think the individual who intentionally planned to impersonate someone else falls outside the scope of this issue? Is the casino solely responsible for someone else's plan to fake his identity?

If someone breaks those specific rules, the money will be voided in 99% of cases because it is common knowledge that minors are not allowed to register, and forging documents to pretend not to be a minor is against all rules.

Hence, I believe this is quite a one-sided communication. But as I said, I understand this must be challenging to deal with. Best of luck to you.

"I completely understand the perspective that the minor acted in bad faith. However, this mediation should not focus on the moral behavior of a minor, but on the technical liability of a licensed operator.

1. The Casino as a 'Gatekeeper': The common knowledge that minors are prohibited from gambling is exactly why regulators mandate that casinos invest in sophisticated forensic verification software. If a minor can bypass these rules using AI, it reveals a critical security breach in the operator's infrastructure.

2. Technical Failure: The minor's plan only succeeded because the casino's software validated and approved the documents. Had the casino's system fulfilled its technical duty to detect digital tampering, the account would have been flagged immediately, and no deposits would have occurred.

3. Duty of Care: Responsible gambling laws dictate that the burden of prevention lies with the professional operator. By accepting a synthetic identity, the casino acted as an inadvertent facilitator.

The contract is void ab initio because the verification engine failed to perform its core function. I am asking for the casino to be held accountable for its technological negligence, which is a requirement of their Anjouan license."

Well, I understand why this situation raises strong reactions, but it’s important to separate technical expectations from actual regulatory practice.

First, the fact that a minor was involved does not automatically shift full responsibility to the casino. Online gambling rules are built on shared responsibility. Operators must implement age verification and KYC checks, but users are also required to provide truthful information. When an account is created using falsified or AI-manipulated documents, this is considered deliberate circumvention of safeguards, not a standard verification failure.

Second, while contracts with minors are generally considered void, this does not automatically create a right to a refund of losses. Regulators are careful about setting precedents that could encourage abuse, such as using a minor’s identity to gamble and then requesting refunds after losses. In most jurisdictions, the typical outcome in such cases is account closure and forfeiture of funds, not reimbursement.

Third, KYC and liveness detection systems are risk-based controls, not guarantees of perfect detection. The existence of increasingly sophisticated document manipulation does not by itself establish operator negligence. What regulators usually assess is whether the operator had reasonable verification measures in place and whether they acted appropriately once the issue was identified.

Finally, licensing authorities do not mediate disputes in the sense of negotiating outcomes. Their role is to determine whether the operator complied with applicable rules. A failure to detect a sophisticated fake identity does not automatically mean the operator breached its obligations or becomes liable for losses incurred through deliberate misrepresentation.

Protecting minors is a critical goal, but presenting intentional rule-bypassing as operator liability risks creating misleading expectations and potentially encouraging further misuse of the system.

"I appreciate the mediator's perspective on shared responsibility. However, I must clarify a fundamental distinction in this case that moves it from 'user fraud' to 'operator negligence':

1. Active Validation vs. Passive Failure: This was not a case of a minor simply typing a false birthdate. The casino's system actively requested, processed, and officially approved the uploaded documents. When a licensed operator’s software flags a document as 'Verified,' it grants the user a legal expectation of security. If their 'Reasonable Measures' cannot distinguish an AI-altered ID, the measure is, by definition, not reasonable for a high-risk financial industry.

2. The 'Incentive' Argument: I understand the concern about creating incentives for refund abuse. However, there is an even more dangerous precedent: allowing operators to profit from unverified and illegal deposits. If an operator can keep $2,300,000 CLP deposited by a minor because their own security failed to catch it, the operator has no financial incentive to improve their KYC technology.

3. The 'Void ab Initio' Principle: Under international contract law, a contract with a minor is not just 'voidable,' it is void from the beginning. Therefore, the casino has no legal title to these funds. Confiscating the funds (as the mediator suggests) would be appropriate if the money were 'winnings,' but these are original deposits that should never have been accepted.

4. Regulatory Non-Compliance: The Anjouan Gaming Board’s standards require operators to prevent underage gambling. If the software 'Approved' the minor, the operator failed the regulator’s primary objective.

I request that Casino Guru asks the operator to provide the Audit Trail of the KYC process for this account. We need to see why their system gave an 'Approved' status to a fraudulent document."

"I appreciate the mediator's perspective, but we must address a critical technical fact: the casino’s system provided an 'APPROVED' status to the documents. This was not a passive entry; it was an active validation by their forensic software. If a licensed operator cannot distinguish AI-generated documents, they are operating with a critical vulnerability that compromises the integrity of their Anjouan license. I am not requesting a refund of 'winnings,' but the return of deposits made under a contract that is legally void."

Hello, I get that right from the start. However, Casino Guru does not ask casinos to do Audit trails.

As I was trying to explain to you, Casino Guru resolves issues in line with our Fair Gambling Codex 👈. You have not submitted a complaint, so no mediator has spoken to you yet. You are welcome to submit your request; my colleagues will then explain the rest to you.

As far as I concluded, you already contacted the licensing authority. is that so? In that scenario, you are in an official position, and it makes sense to defer to the authority's decision.