As reported by IGamingNews on Nov. 18, 2008, the New Hampshire and North Dakota Lotteries have suffered losses of sales
due to the major credit card companies' recoding of transactions involving purchases of lottery subscription sales. More specifically, Visa Inc. and MasterCard Inc. have changed those lotteries’ merchant codes from the code designating “government services” to the code for “betting and wagering.” As a result, lottery subscription sales which were available to residents of those states via the Internet have been blocked or, in some cases, assessed bank-handling fees. (See “Online Payment Blocking Hits to U.S. Lotteries,” by Emily D. Swoboda, IGamingNews, Tuesday, Nov. 18, 2008 and “N.H. Lottery: Sales Blocked, Law Blamed,” by Dan Tuohy, New Hampshire Union Leader, Tuesday, Jan. 22, 2009.) The code changes appear to have been made in September or October of 2008.
The change in the coding of Internet lottery subscription sales transactions appears to be based, in part, on the regulations promulgated under the Unlawful Internet Gambling Enforcement Act (Title VIII of the SAFE Port Act, codified at 31 U.S.C. §§5361-5367, and hereinafter, the “UIGEA”), although the regulations existed only in draft form at the time the coding change occurred. The executive director of the New Hampshire Lottery stated that the coding change resulted from the UIGEA. (See the Tuohy article, cited above. The final UIGEA regulations -- hereinafter, the “Regulations” -- were issued on Nov. 12, 2008 and became effective Jan. 19, 2009. However, compliance by non-exempt participants in designated payment systems is not required until Dec. 1, 2009. The Regulations are codified at 12 C.F.R. part 233 and 31 C.F.R. part 132.)
As shown below, the UIGEA and the Regulations do not require Visa and MasterCard to code lottery subscription sales transactions effected over the Internet differently from state government sales of other goods and services, such as drivers' license renewals and automobile registration renewals. Indeed, the UIGEA does not require that such transactions be coded at all. Other methods could be used that would be compliant with the UIGEA and the Regulations. However, if for business reasons Visa and MasterCard must code lottery subscription sales transactions effected over the Internet, it would be appropriate under the Regulations for them to be coded merely as “government services.”
The Regulations are designed to implement the UIGEA requirement that “each designated payment system, and all participants therein, . . . identify and block or otherwise prevent or prohibit restricted transactions through the establishment of policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit the acceptance of restricted transactions . . .” (31 U.S.C. §5364(a)) Under the UIGEA, a “restricted transaction” is defined, generally, as a transaction involving credit (including credit extended through the use of a credit card), funds (including funds in the form of an electronic funds transfer or a money-transmitting service), checks or other instruments, sent to a business engaged in betting or wagering in connection with another person’s participation in unlawful Internet gambling. (31 U.S.C. §5362(7)) Subject to certain exceptions, “unlawful Internet gambling” means “to place, receive, or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the Internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received, or otherwise made.” (31 U.S.C. §5362(10)(A))
The UIGEA excludes from “unlawful Internet gambling” (and thus excludes from the scope of the UIGEA overall), intrastate betting or wagering provided certain conditions are met. Specifically, the UIGEA excludes from unlawful Internet gambling “the placing, receiving or otherwise transmitting a bet or wager” where each of the following is true:
(i) the bet or wager is initiated and received or otherwise made exclusively within a single state;
(ii) the bet or wager and the method by which the bet or wager is initiated and received or otherwise made is expressly authorized by and placed in accordance with the laws of such state, and the state law or regulations include:
(I) age and location verification requirements reasonably designed to block access to minors and persons located out of such state; and
(iii) the bet or wager does not violate any provision of:
(II) appropriate data security standards to prevent unauthorized access by any person whose age and current location has not been verified in accordance with such state’s law or regulations; and
(I) the Interstate Horseracing Act of 1978 (15 U.S.C. 3001 et seq.);
(II) chapter 178 of title 28 (commonly known as the “Professional and Amateur Sports Protection Act”);
(III) the Gambling Devices Transportation Act (15 U.S.C. 1171 et seq.); or
(IV) the Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.).
(31 U.S.C. §5362(10)(B)) Thus, bets and wagers initiated and received in the same state, where such bets and wagers are expressly authorized by and placed in accordance with that state’s laws or regulations, and where such bets and wagers meet the other requirements set forth above, do not constitute unlawful Internet betting or wagering under the UIGEA. A state lottery therefore would not be prohibited under the UIGEA from accepting credit (including credit extended through credit cards), electronic fund transfers, checks or other payments in connection with the sale of lottery products (which constitute bets or wagers by the purchasers), if such bets and wagers were expressly authorized by the lottery state’s laws (as presumably they would be), and provided that the state had promulgated regulations meeting the UIGEA’s age, intrastate-location and data-security requirements described above.
Although state lotteries can thus conduct intrastate Internet gambling in compliance with the UIGEA, the conduct of such gambling might be impractical (or at least less attractive) if the lotteries could not accept payment for their products via credit card. Accordingly, the policies and procedures that card-system participants must adopt in order to comply with the UIGEA and the Regulations are important to the lotteries as well as to the card-system participants themselves. The UIGEA provides that such policies and procedures can be designed to identify and block or otherwise prevent or prohibit the acceptance of restricted transactions in any of the following ways:
(31 U.S.C. §5364(a), emphasis added) Thus, the use of codes assigned to transactions is one method, but by no means the exclusive method, of complying with the UIGEA.
The Regulations further clarify what must be done regarding the required policies and procedures. With respect to card-system operators, card issuers, third-party processors and merchant acquirers, the Regulations provide non-exclusive examples of policies and procedures that will be “deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions” (Regulations, §6(d)). One such example involves the
implementation of a code system, such as transaction codes and merchant/business category codes, that are required to accompany the authorization request for a transaction, including [t]he operational functionality to enable the card-system operator or the card issuer to reasonably identify and deny authorization for a transaction that the coding procedure indicates may be a restricted transaction; and [p]rocedures for ongoing monitoring or testing by the card system operator to detect potential restricted transactions, . . .
(Regulations, §6(d)(1)(ii)) This is what Visa and MasterCard appear to have done, as described in the media reports cited above.
However, the Regulations describe an alternate (again, non-exclusive) method that card-system operators, card issuers, third-party processors and merchant acquirers can follow to ensure that their policies and procedures will be “deemed to be reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions.” (Regulations, §6(d)) The alternate method involves creating policies and procedures that (1) provide for the carrying out of certain specified due diligence actions in connection with establishing commercial customer accounts or relationships, and (2) require certain additional specified due diligence actions with respect to commercial customers known or discovered to be engaged in an Internet gambling business. (Regulations, §6(d)(1)(ii))
Regarding the due diligence required in connection with establishing commercial accounts or relationships, if a card-system participant conducts due diligence “commensurate with the participant’s judgment of the risk of restricted transactions presented by the customer’s business” (Regulations, §6(b)(1)) and determines based on that due diligence that the customer presents a “minimal risk of engaging in an Internet gambling business” (Regulations, §6(b)(2)(i)), then no further action is required. However, the Regulations provide that “[a]n agency, department, or division of the Federal government or a State government” is deemed “to present a minimal risk of engaging in an Internet gambling business” (Regulations, §6(b)(4)), and therefore no due diligence investigation at all need be conducted by card-system participants in connection with establishing an account or relationship with governmental entities (other than to confirm that they are, in fact, agencies, departments or divisions of the Federal government or a State government). (Supplementary Information regarding the Regulations, page 41.) Thus, in regard to establishing a customer account or relationship with a state lottery, a card-system participant’s policies and procedures need only require confirmation that the lottery is an agency, department or division of the State government. The policies and procedures need require no further due diligence if such confirmation is obtained.
However, a card-system participant implementing this alternate, non-exclusive method of complying with the Regulations must also, in its policies and procedures, mandate additional actions if it has or acquires actual knowledge that a commercial customer -- including, presumably, a government agency, department or division (although this is not clear from the Regulations) -- is engaged in an Internet gambling business. (“Actual knowledge” means “when a particular fact . . . is known by or brought to the attention of [a]n individual in the organization responsible for the organization's compliance function . . . ; or [a]n officer of the organization." (Regulations, §2(a)) Under circumstances where such actual knowledge exists, the Regulations provide that the card-system participant’s policies and procedures should require that it obtain each of the following:
(Regulations, §6(b)(2)(ii)(B)) A state lottery could satisfy easily the requirement under section (1)(i) above by having its legal counsel (or the state attorney general) provide copies of the state laws and regulations establishing the state lottery and its Internet gambling games together with an opinion that the lottery’s Internet gambling business does not involve restricted transactions (assuming the lottery’s Internet gambling games are conducted in compliance with the intrastate exception to “unlawful Internet gambling” contained in the UIGEA). The commitment required under section (1)(ii) above clearly would present no burden to the state lottery, and this would also be true as to the certification required under section (2) above. As to the latter, the lottery would likely require such certification from the vendor of the computerized Internet wagering system operated by the lottery or, if the lottery so chose, from a third-party auditor of such system. Thus, a card-system participant’s actual knowledge that a state lottery is engaged in an Internet gambling business would not hinder the implementation of policies and procedures that would be deemed reasonably designed to identify and block or otherwise prevent or prohibit restricted transactions (and thus compliant with the UIGEA and the Regulations), even though they did not involve coding the state lottery’s Internet transactions.
In summary, under the UIGEA and the Regulations, Visa, MasterCard and other card-system participants are entitled to develop policies and procedures that contemplate different treatment for state lotteries that are agencies, departments or divisions of a state government, than that accorded commercial customers generally. Policies and procedures could be developed that would be deemed compliant with the UIGEA and the Regulations that did not involve coding of state lottery Internet transactions or that coded all such transactions as transactions involving “governmental services” (as opposed to for “betting and wagering”). As stated above, upon forming a customer account or customer relationship with a state lottery, a card system’s policies and procedures could deem the lottery to present a minimal risk of engaging in an Internet gambling business (provided the lottery was an agency, department or division of the state government), and if the card-system participant had or later acquired actual knowledge that the state lottery was engaged in an Internet gambling business, the additional due diligence actions that would be required in order for the policies and procedures to be deemed complaint would be of little burden to the card-system participant or the state lottery (provided the state lottery conducted its Internet gambling business on an intrastate basis and otherwise in accordance with the UIGEA intrastate gambling exception to “unlawful Internet gambling”).
Indeed, one would expect Visa, MasterCard and other card-system participants would be encouraged to accommodate state lotteries conducting intrastate wagering in compliance with the UIGEA, because the UIGEA required the agencies responsible for issuing the Regulations to “ensure [via the regulations] that transactions in connection with any activity excluded from the definition of unlawful Internet gambling [e.g., by reason of the intrastate wagering exceptions to that term] are not blocked or otherwise prevented or prohibited by the prescribed regulations.” (31 U.S.C. §5364(b)(4)) Although the implementation in the Regulations of this “overblocking” prevention requirement is extremely weak (the Regulations provide merely that nothing therein “requires or is intended to suggest that designated payment systems or participants therein must or should block or otherwise or prevent or prohibit any transaction in connection with any activity that is excluded from the definition of ‘unlawful internet gambling’ . . .” (Regulations, §5(f))), one would hope that the spirit of the “overblocking” prevention requirement in the UIGEA would be followed.