ATLANTIC CITY — A gambler from Nevada lost $29 on a New Jersey internet gambling site, but the transactions cost a technology company $25,000.
New Jersey regulators fined Gaming Innovation Group $25,000 for a flaw in its geolocation technology, which is designed to make sure people are within the state’s borders before they can gamble.
The state Division of Gaming Enforcement says the Malta-based company, which provides online gambling for Hard Rock Hotel & Casino Atlantic City, had a technical vulnerability last summer.
It allowed a patron trying to access Hard Rock’s gambling site from Nevada to inspect the browser code and change data to falsely indicate that the patron was located in New Jersey.
On July 4, a geolocation company was checking the system at Hard Rock’s request when it found the vulnerability. Patron access to the system was shut down, and a fix was put in place the next day.
The case goes to the heart of the legality of internet gambling in the U.S.
In New Jersey, gamblers must be physically present within the state in order to gamble online. The way companies ensure this is through geolocation, a multilayered series of technologies that determine where a person is at the time he or she is trying to place a bet.
In this case, the gaming enforcement division determined, Gaming Innovation did not take adequate steps to ensure the computer server made the final call on whether a patron was within New Jersey. Instead, the patron was able to trick the system.
The company calls it a one-time incident that was quickly reported and fixed.
“This one-off single incidence of out-of-state gambling was due to a technical vulnerability which was quickly discovered and reported to the regulator in New Jersey in the first week the company went live in New Jersey,” Gaming Innovation said in a statement. “An end user from outside the state of New Jersey with technical knowledge managed to access the front end debugger to change the location and pretend to be from New Jersey.”
The company said it maintains controls to make sure it complies with regulations “at all times.”
It wasn’t the first such mishap. In March, New Jersey gambling regulators ordered a California man to hand over more than $90,000 from online accounts he had funded and gambled with from outside the state.
In a separate enforcement action, the division fined Borgata Hotel Casino & Spa $7,500 for taking prohibited sports bets.
On Dec. 8, the casino accepted bets on two college basketball games, Clemson vs. Mississippi State, and Connecticut vs. Florida State. Both games were played at the Prudential Center in Newark.
State law prohibits betting on New Jersey college teams, or any college games held within the state, even if it involves teams from elsewhere in the country. The casino refunded all wagers on those games.
It declined to comment on the fine.