Skip to main content
Sign in
Ελληνικά (Ελλάδα)

Account Verification for Card Withdrawals: Purpose, Regulation, and Process

Super
  • Updated

Account verification is a critical safeguard in online gaming and payment ecosystems. It ensures that funds are transferred only between verified players and their own payment instruments, protecting both customers and operators while meeting strict regulatory obligations.

This article explains why card verification is required, the regulatory framework behind it, and how the verification process works, with a focus on security and data protection.

Why Card Verification Is Required

Card verification is used to confirm that a payment card belongs to the same individual who owns the gaming account. This verification serves several essential purposes:

  • Fraud prevention and account protection
    Ensures that deposits and withdrawals are not made using stolen cards or third-party payment methods.

  • Regulatory compliance
    Confirms account ownership in line with mandatory anti-money-laundering (AML) and counter-terrorist-financing (CTF) regulations.

  • Customer protection
    Reduces the risk of unauthorized transactions and financial abuse.

  • Faster future withdrawals
    Once a card is verified, subsequent withdrawals can be processed more smoothly without repeated checks.

In short, verification ensures that funds move only between legitimate, verified player accounts and payment instruments.

Regulatory Framework

Card and payment account verification is mandated under Greek gaming regulations, specifically:

Hellenic Gaming Commission (HGC) Decision No. 554/5/15.04.2021
“Regulation for the implementation of measures to combat money laundering and the financing of terrorism by the Obligated Persons in the gambling market”

Key regulatory requirements include:

  • Funds must be transferred only through payment service providers and only using payment instruments owned by the player.

  • Deposits of €5,000 or more per transaction may only be accepted after confirmation that the declared payment account belongs to the player.

  • Withdrawals of €800 or more per transaction require prior confirmation that the payment account belongs to the player.

  • The use of third-party payment instruments is prohibited. If detected, operators must:

    • Block the payment instrument

    • Return deposited funds to the rightful owner

    • Withhold any winnings derived from the third-party instrument

    • Assess whether regulatory reporting is required

Verification Evidence (Annex I)

Under Annex I of the regulation, operators must verify that the player maintains a payment account in their own name. Indicative verification methods include:

  • Submission of IBAN details during registration

  • Direct verification through a Payment Service Provider

  • Small test payments (e.g. up to €0.30), depending on provider limits

  • Electronic communication and confirmation through secure channels

How the Verification Process Works

Automated Verification (Primary Flow)

The verification process is designed to be secure, automated, and user-friendly:

  1. The player initiates a withdrawal exceeding €800 to a card

  2. The system requests a verification document

  3. The player is redirected to upload a supported document (e.g. card screenshot or proof of card ownership)

  4. Automated checks confirm that:

    • The document is clear and readable (Greek or Latin characters)

    • The cardholder’s last name matches the account holder

    • The masked card number matches the withdrawal card

  5. If all checks pass:

    • The card is marked as Verified

    • The withdrawal is allowed to proceed

Once verified, the card can be reused for future withdrawals without repeating the process, unless otherwise required.

Security and Data Protection

Customer privacy and data security are fundamental to the verification process. Multiple safeguards are in place to protect sensitive information:

  • Data minimisation
    Only essential information (name, masked card number, and relevant dates) is reviewed.

  • Secure transmission and storage
    Documents are uploaded and stored using encrypted systems and channels.

  • Restricted access
    Only authorized systems and personnel can access verification documents.

  • Defined retention policies
    Documents are retained only for as long as required to meet regulatory, compliance, and audit obligations (typically for the lifetime of the player account).

These measures ensure full compliance while maintaining a high standard of customer data protection.

Related articles

Comments

0 comments

Article is closed for comments.