GAMING LEGAL GROUP | ARTICLES
A Global Overview on the Evolution of Payment Services
Published in GLG's International Comparative Legal Guides 2020:
Gambling Laws & Regulations
Bas Jongmans & Xavier Rico
Gaming Legal Group
As payment services are key to any gambling solution, we have seen demands by regulators worldwide to increase the legal responsibility and liability for payment service providers, especially when catering to high-risk sectors such as the gambling industry. Since payment services are vital to any gambling operation, what risks, legal or otherwise, may payment service providers expect?
In this chapter we will provide you with a global overview on the evolution of payment services through time. We will touch on challenges payment service providers are facing in modern times, as well as the legal position of those catering to the gaming industry. Last, we shall focus on future developments, such as the effects of new technologies on payment processing. Will it bring additional risk to an already ‘edgy’ market or will payment service providers be able to further mitigate liabilities?
Payment Services in the Early Years
Payments services have been around since early civilization. Prior to the digital age, the ‘middle men’ providing such services used to be much more visible. Merchants would hire a third party to store their product in a warehouse. This party would then issue bearer-demand notes which could then be used by the merchant to trade on the market for other goods and services. Not unlike traditional cash, the value of bearer-demand notes (until 1971) used to be guaranteed by an equivalent of its value in gold. As payments methods started to evolve, so evolved the ways of the service providers. For example, a line of credit, a so-called ‘charge coin’, was introduced. Charge coins were typically used by ventures, such as hotels and department stores, that provided their clients with a personal customer account. In the midst of the last century, services evolved further to include account charges to multiple merchants. This method was first introduced in the aviation industry. The Air Travel Card offered a line of credit that could be used for corporations to purchase tickets with various airlines. 
Prior to the era of electronic payments, account holders of credit cards placed a signature on a carbon copy of a card, holding the account details. After having called the credit card company for authorisation, the merchant would then send the copy to the bank via postal service, after which the merchant would receive the agreed upon payment. With the introduction of electronic payments in the late ’70s, it became possible to make so-called ‘fixed point of sale transactions’, making the manual procedure of verifying the card data with the processor obsolete. It allowed merchants to complete transactions on the spot, in real time, executed via coding by a magnetic strip on the card. It also allowed the introduction of loyalty programs, in which loyalties could be calculated and used per transaction simultaneously.
With the volume of transactions increasing, payment service providers also took on the role of providing insurance against fraud. As this role become ever more diverse, offering payment processing services became more lucrative. As the Internet opened up for commercial use as of 1992, not soon after, in 1994 the first online casinos came into existence. However, these ventures still lacked popularity since payouts were only possible via old-fashioned cheques.
Digital Wallets, ‘Digital Gold’
In the beginning of this century, payment services evolved further, with the introduction of cloud-based services, which started to allow for mobile points of sale. As one of the first, in 2002, a company in Curaçao, Dutch Caribbean, named ePassporte N.V., sold Virtual Visa and Visa Electron cards online in real time for use over the Internet and at point-of-sale merchant locations wherever Visa was accepted. The program, however, was suspended by Visa in 2010. Over time, payment service providers teamed up with merchants on a software-as-a-service basis (or: “SaaS”). Working with SaaS allowed the offering of more advanced payment services via an electronic portal, a payment gateway.
In 2005, the Dutch company Currence iDEAL B.V.  introduced “iDEAL” in the Netherlands, allowing a direct contact, a ‘live’ payment executed between customers, merchants and their banks. It also allowed recurring payments without the necessity of the merchant storing customer-sensitive information, highly increasing protection against identity theft-related fraud. SaaS also allowed for a ‘live’ risk analysis on transactions as well as to make an AML risk calculation on the origins of the payment.
The gambling industry received a big boost in popularity when the electronic processing of payouts to end users was introduced. Combining SaaS with mobile points-of-sale resulted in the offering of the cardless, digital wallet. Combining these technologies with a crypto-based currency eliminated the necessity for customers and merchants to hold a traditional account, connected to any individual or company, eliminating all together the necessity for a bank and even for cash to be involved in a transaction. After all, a crypto-coin holds its own value. Bitcoin, for example, has properties that make it similar to gold. The developers of the core technology limited the production of Bitcoin to a fixed amount, 21 million BTC. Bitcoin therefore resembles not cash, but Digital Gold, so to speak.
Challenges of Payment Service Providers in Modern Times
As the available payment services became more advanced, so did the methods of money laundering, especially in high-risk industries, such as the gambling sector. Companies offering online gambling typically operate as international, cross-border structures, making it complicated to apply one jurisdiction, hence there were problems maintaining consistency in compliance and in the prevention of money laundering.
A typical money-laundering process takes place in three stages. In the first stage, the placement stage, criminal proceeds are introduced into a financial system. This, for example, happens by depositing a large amount of money into a betting account. In the second stage, the layering stage, the source of the proceeds is disguised by placing bets. These can be small bets, for appearance’s sake, but can quickly turn into larger ones. Dozens of betting accounts may be set up for this purpose, with deposits well below a benchmark likely to attract attention. In the final stage, the integration stage, the laundered money is introduced into a legitimate financial system. The laundering process is then completed by withdrawal. Due to the large volume of betting, laundering efforts may be almost impossible to trace. Laundering schemes become more complicated if the online casino is a deliberately unprofitable co- conspirator. It becomes infinitely more complicated if a ‘white label’ provider is ‘in on it’, providing turnkey casino setups to often unaware investors without any experience, especially in an international, cross-border setting, which is usually the case.
Cryptocurrencies have the potential to introduce an even greater risk to an already potentially vulnerable industry, as transactions, in principle, are anonymous and not controlled or regulated by any central organization. The problem is not limited to gambling environments but also within the regular field of gaming. Criminals spend considerable time converting criminal proceeds to in-game currencies, trading off these currencies in massive multiplayer online role-playing games.
Legal Position of Payment Service Providers
As payment processing is key to any gambling solution, we have seen demands by regulators worldwide to increase the legal responsibility and liability for payment service providers. Since payment services are vital to any gambling operation, is there any risk that payment service providers end up being indicted as co-conspirators in a money-laundering scheme? For now, that seems unlikely, provided that such providers undertake the necessary actions to protect their operations, which they could do by, for example, drafting proper general terms and conditions.
In its ruling of December 27, 2017  in the “CURO” case, the Dutch Council of State (“DCS”) decided that payment service providers may continue processing transactions from internationally licensed gambling websites. The Dutch gambling regulator in the Netherlands took the position that although an operator may be licensed in another EU Member State, it is still deemed to operate illegally if it targets players in the Netherlands. Hence, a payment services provider that facilitates such betting would become a co- conspirator in the view of the gambling regulator.
The DCS did not side with the regulator. The DCS took the position that remedial sanctions can only be applied to actions that have been prohibited by law in a clear and unambiguous fashion. Quoting the the Dutch Lottery Act of 1905 on which the current Dutch Gambling Act has been based, the provision of payment services did not fall under mentioned active forms of promoting participation in gambling. The DCS therefore concluded that the legislative history of the current legislation contains no indications to justify the opinion that the legislator intended to make the scope of the concept of ‘promotion’ wider than the aforementioned active forms of promotion; for example, to include the provision of payment services that do not involve any further activities for the purpose of gambling. This principle has also been upheld in the updated legal framework, which currently is not yet in force, as the online gambling market in the Netherlands is preparing to launch.
We feel that the DCS ruling has been and shall continue to be favorable to other participants also catering to the gaming industry, such as affiliates.
Developments in Legislation
Governments have been aiming to provide for an international framework to combat money laundering. By request of the G20 international forum for the governments and central bank governors (“G20”) in 2013, the Organization for Economic Cooperation and Development (“OECD”) produced its 15 standards (also referred to as: “Actions”) on Base Erosion and Profit Shifting (“BEPS”) in 2015.  These Actions are aimed at enhancing an international ‘level playing field’ by, for example, introducing obligations in legislation to provide for ‘substance’: to have an actual presence and/or establishment as a requirement to claim favorable tax features. Since then, its ‘framework members’ have been in the process of implementing these Actions, which implementations are subject to ‘peer review ’. The Malta regulatory gaming framework already underwent a substantial and ambitious overhaul in 2018, partly inspired by standards in relation to BEPS. That overhaul was aimed at enhancing Malta’s general competitiveness, particularly for the B2B environment, and to furthermore enhance consumer protection, to innovate reporting and to streamline taxation in a two-tier framework.
On July 4, 2018, Malta became the first and only country to officially pass  three new crypto bills into law, establishing a regulatory framework  for cryptocurrencies, blockchain, and Distributed Ledger Technology (“DLT”) in general. The legislative package includes a ‘Virtual Financial Assets Bill ’  in which rules are outlined that new companies must follow when launching their Initial Coin Offerings (“ICOs”), which the bill refers to as ‘Initial Virtual Financial Asset-offerings’(“VFA-offerings”). Under these new laws, companies will first have to produce a white paper outlining their future plans and execution of those plans in accordance with Maltese laws. This bill also lays out regulations for advertisements by VFA issuers and requires each issuer to appoint an independent, registered VFA agent to oversee and advise the project. The agent would also act as a liaison between the issuer and the (yet to be specified) ‘competent authority’ regarding the registration, white paper, and trading of the issuer’s VFA on a DLT exchange. With this first step, Malta is creating awareness for new technologies. It is taking steps to implement these technologies in all layers of society.
Decentralization of Payment Solutions May Help to Further Prevent Money Laundering
Measures, even if properly implemented, such as has been the case in Malta, may however prove not to be sufficient for complicated gaming structures that typically consist of many services working together (affiliates and marketing, payment services, gaming providers) to produce the gaming experience to its (also cross-border located) end users. For example, due to the many complicated aspects of the structure, it may prove very difficult to properly price services at market value. Although cryptocurrencies are still mostly seen as risk-enhancing elements in the fight against money laundering, they could also offer real solutions to this same problem, as new technologies can also be used to convert from a centralized to a decentralized setup of online casinos.
Blockchain technology, which is a species of DLT, may prove useful in combatting money laundering. Its (optionally) decentralized, distributed and public digital ledger can be used to record transactions across many computers so that any involved records cannot be altered retroactively, without the alteration of all subsequent blocks.  This allows the participants to verify and audit transactions independently and relatively inexpensively.  A decentralized blockchain database is managed autonomously using a peer-to-peer network and a distributed time-stamping server.
As said, blockchain is just one example of DLT. Although blockchain is a sequence of blocks, distributed ledgers do not require such a chain. Furthermore, distributed ledgers do not need proof of work and offer – theoretically – better scaling options. In a centralized setup of an online casino, end users shall have to invest trust in the integrity of the gambling platform operator, as these operators tend to have complete control over the gambling platform. The legal position of the end user in this setup is weak, as they have to rely on the software (for example, the random number generator) to be fair and trustworthy. Having a strict regulator monitoring this setup provides some relief, although the system shall never be provably fair. 
Using smart contract technology, a decentralized gambling platform does provide such independent level of confidence, as the end user retains independent, unalterable ownership of the deposit. The code cannot be altered to the disadvantage of the end user. After all, its systems are running on a public distributed ledger. Without third parties involved, computer protocols digitally enforce and verify contract rules and regulations and its governed transactions are trackable and irreversible. In the decentralized setup, the smart contract technology is key, as it is required to run without any centralized authority. Since human checks and balances are no longer involved, and with the use of open source algorithms, it makes fraudulent behavior virtually impossible, qualifying as a provably fair gambling system, rendering the need for any third-party verification obsolete.
We expect and also advise the payment services industry to pivot from custodial to non-custodial SaaS setups, in which regular transactions shall no longer be (mainly) controlled by a human factor. New technologies, although potentially harmful, may prove highly beneficial when applied in a responsible manner. Further automation of the payment process shall help operators to maintain low fees and high transaction speeds to account for the low amount/high frequency type betters. After all, in combination with low fees, high transaction speeds need to be maintained, or else the casino would not be able to maintain profitability.
Eliminating the human factor may benefit Payment Service Providers even more as AML-related risks are mitigated while at the same time cutting costs, improving efficiency and boosting the prevention of fraudulent behavior.
A pivot of the payment services industry towards new technologies seems inevitable. Although the development of case law does not yet seem to have forced payment service providers into a position of more liability, regulators do expect the industry to be more involved. Further automation of the industry seems the way to go forward, as it shall allow payment service providers to significantly cut costs, while at the same time enhance its vigilance in a digital world that seems to evolve ever faster.
 Council of State, December 27, 2017, 201609890/1/A3, ECLI:NL:RVS:2017:3571.
 Armstrong, Stephen (7 November 2016). “Move over Bitcoin, the blockchain is only just getting started.”
 Catalini, Christian; Gans, Joshua S. (23 November 2016), “Some Simple Economics of the Blockchain.” DOI:10.2139/ssrn.2874598. SSRN 2874598.