Latest Cases - October 2011

Good afternoon, friends,

In this issue of Punters' Verdict....

  • Do bookmakers actually want customers?
  • 50,000 reasons to find a customer guilty....
  • The difference between words and actions at Betfair....
  • Key staff leaving and controls not in place....

Do bookmakers actually want customers?

When I look at some of the evidence I come across I really do begin
to wonder.

The way bookmakers behave these days a punter could very easily form
the impression that they are doing everything within their power to
alienate him completely.

Yes, they all like to air their cheeky-chappy advertisements on the
TV - the ones that suggest they're only too happy to strike a bet
with you; the ones that suggest they can't wait to pay you out; the
ones that suggest you'll be treated like an old buddy.

But the reality is somewhat different. Give it a week or two of
betting with a bookie and there's a strong chance - if you've won a
few quid - that he won't want to touch you with a bargepole and will
be taking steps to get rid of you.

And even if a bookie is happy to keep on playing you can expect -
nay depend - on being treated in pretty lousy or low fashion at some
point down the line. That seems to be how things work in the betting
industry.

Look at Betfair. Last week I highlighted just how badly they
performed and how shoddily they treated a group of long-time
customers in relation to the recent record-breaking Jackpot pool.

But that's just the tip of the iceberg with Betfair - a betting
exchange that seems to have lost its moral compass in recent
times....

50,000 reasons to find a customer guilty....

If you were shocked by last week's column then try this.... the
company's annual general meeting held last month
(journalists were
banned from attending in true Stalinist tradition) was picketed by a
Betfair customer who has had more than £50,000 simply taken from his
account by Betfair's 'pricing team'.

Betfair say they have taken the money - and suspended the customer's
account - because he has opened and operated multiple accounts to
avoid the company's 'premium charges' which are applied to
successful high-roll customers who have played in more than 250
markets and are more than £250,000 in profit.

The trouble is the customer denies playing in 250 markets, denies
being so much in profit and denies being the holder of the
'multiple' accounts. He says: 'I do not recognise any of the other
four accounts named by Betfair, and have never operated any account
other than my own.'

Meanwhile Betfair have swiped the funds from his account anyway and
say: 'We thoroughly investigated this matter and we determined that
the customer was evading payment of the required fees.'

Oh! That's okay then. No worries. You've investigated and come to a
judgment that suits your own ends. The customer - whilst protesting
his innocence outside your AGM - is more than £50k down. Does that
sound fair?

Whether Betfair's or the customer's claims turn out to be true is
not the issue. The issue is whether or not we want a situation where
a bookmaker - representing his own interests - decides who is guilty
or not and then applies punishments and pecuniary remedies at his
own discretion?

Surely, in a situation like this there needs to be some kind of
independent arbitration? Or at least some kind of independent input?

Anything less looks like something less than good justice. But try
telling that to Betfair.

The difference between words and actions at Betfair....

In their Customer Commitment document Betfair promise to 'ensure the
security of our site and the safety of our customers and their
data'. They also promise to 'always act with integrity to build
trusted relationships with our clients.'

So imagine our surprise last week when it was revealed that
Betfair's security systems had been breached by a gang of Cambodian-
based hackers back in March 2010.

Not only did the hackers manage to copy the entire Sportex database
(containing all customer payment card details) but they also
filched:

  • 2.28m encrypted payment card account numbers and related
    details;
  • 3.16m account user names with encrypted security questions;
  • 89,744 account usernames with bank account details.

That's quite a haul. Nice work on the security front, Betfair! Your
security team was so on top of its game it took them two months to
even find out the breach of security had taken place! Folk have been
to the moon and back quicker! Maybe you could change your working
practises and make it a rule that at least two of your security team have to
be awake at some point during their shifts? 

So serious was the data theft that Betfair had no alternative but to
inform the UK's Serious Organised Crime Agency (SOCA), the
Australian Federal Police and German law enforcement officials.
The
Royal Bank of Scotland - the lender responsible for accepting credit
and debit card payments made via Betfair - was also informed. Sounds
pretty serious doesn't it?

So, given that seriousness, and given Betfair's commitment to
'always act with integrity', it will come as yet another shock when
I reveal that Betfair took precisely NO STEPS WHATSOEVER to inform
customers about the breach of security and the possible compromise
to their personal data. How's that for building trust with your
clients?

When the story emerged last week Betfair insisted that the data were
'unusable for fraudulent activity' and 'there was no risk to
customers'.
They also say they took advice from SOCA who told them
that 'public disclosure would be detrimental to any intelligence
operation or investigation'.
 

That all sounds like bullshine to me. Betfair's real reason for
keeping silent is that coming clean might have damaged, devalued or
even derailed Betfair's flotation on the stock exchange just a few
short months further down the line.

This is nothing short of an absolute scandal. That Betfair's systems
were inadequate to deal with such a security threat is bad enough in
itself. That the management hierarchy then failed to inform
customers to protect the reputation - and subsequent float price -
of the company is an outrage of the first order and reveals a
contempt for integrity and customer-service that fair takes away the
breath.

Key staff leaving and controls not in place....

No wonder current Chief Executive (previously Chief Technology
officer) David Yu has decided not to embarrass himself and attempt
to renew his contract when it expires in October 2012.

Were he not prepared to leap unassisted from the nose-diving
airliner that Betfair has become in recent times then it is likely
he would be picked up and thrown bodily from the doors of the plane
by fellow managers, shareholders, customers or representatives from
each of the three groups.

Betfair Security Chief, Sean Catlett, is another recent casualty of
the breach. It was announced last week that he will be leaving the
company at the end of this month.

More than 20 security staff have left the company since the breach
occurred
. With all these recent disappearances of key security staff
we wonder whether there is any secure hand on the tiller? Because
there certainly needs to be.

Betfair were provided with a Forensic Investigation Report on the
data theft 12 months ago from security consultants Information Risk
Management
(IRM).

IRM concluded that: 'Appropriate information security governance is
not in place within Betfair and as a consequence the business has
been exposed to significant risks....  appropriate technical
controls relating to such elements as network segregation and file
integrity monitoring that would provide Betfair the ability to
deter, prevent and detect such an incident are not in place'.

Customers were not informed of this. Nor were prospective
shareholders. It's very clear that Betfair have been working hard
over the last 18 months to keep the facts hidden from the market and
from their customers.
We wonder if they've been working similarly
hard to strengthen the obvious weaknesses in their data security
systems?

We certainly hope so. Last time Betfair got lucky. They lost
customer data but the thieves were not able to use what they got to
defraud Betfair customers. Next time we might not get so lucky.

Betfair need to up their game and start treating their customers and
their customer's data with a little more respect than has been shown
previously. A little less greed and self-interest and a little more
focus on service would go at least some way toward rebuilding a
brand that is in serious danger of blowing it.

I'll be back with the Verdict next week.

'The Judge'

FREE SIGN-UP
To start receiving The Judge's free weekly email, please enter your details below...
We take your privacy very seriously and will never pass your details on to anyone else
Use of cookies in this website
We use cookies to give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive all cookies from this website