How to Determine if an Offshore Gambling Operator is Taking US Cards: A Compliance Verification Framework

Offshore is not automatically bad. It is automatically higher burden of proof.

‍

When an offshore gambling operator's customers or marketing reach includes the US, the question isn't whether they operate offshore it's whether they can prove they're blocking US transactions. Unlike domestic operators where you verify licenses, offshore operators require you to verify enforcement of prohibition. One policy statement claiming "we block US customers" without testing evidence is worthless. This is a forensic investigation, not a document review.

‍

‍

This guide walks you through the verification framework uses to evaluate offshore operators with US exposure.

‍

‍

‍

Understanding the Offshore-US Risk Landscape

Why Offshore Operations Face Scrutiny

‍

The Unlawful Internet Gambling Enforcement Act (UIGEA, 31 U.S.C. §§ 5361-5367) doesn't prohibit gambling itself, it prohibits payment processors from knowingly accepting payments for unlawful internet gambling. This places liability squarely on payment facilitators.

Source: UIGEA - 31 U.S.C. § 5363

‍

The critical question for offshore operators: Is accepting wagers from US residents unlawful? In most cases without state licenses, yes.

The Wire Act (18 U.S.C. § 1084) prohibits interstate sports betting communications. While the 2011 DOJ opinion narrowed this to sports betting only (opening the door for poker/casino where states permit), offshore operators typically lack state authorization for any vertical.

Source: Wire Act - DOJ 2011 Opinion

‍

The "Marketing Reach" Problem

Many offshore operators claim they block US customers while simultaneously:

• Running US-targeted advertising (Google Ads, Facebook, sports media)
• Using .com domains with English-only content
• Employing US-based affiliates
• Accepting USD as primary currency
• Featuring US sports leagues prominently

This creates a contradiction: Why market to a demographic you prohibit? The answer is often that blocking is performative, not enforced.

‍

‍

Payment Processor Liability

Recent enforcement actions demonstrate that payment processors cannot hide behind "we didn't know":

• 2020: Multiple processors sanctioned for facilitating offshore gambling payments despite operator claims of US blocking
• State AGs: Aggressive cease-and-desist letters to processors, not just operators
• Card networks: Visa/Mastercard increasing scrutiny of gambling MCC usage

Check: FinCEN Advisories on Payment Processor Obligations

‍

‍

‍

What We Verify: The Complete Checklist

1. Geo-Blocking Technical Controls

‍

Why it matters: This is your first line of defense. Policy statements mean nothing, technical enforcement is everything.

‍

Multi-Layer Blocking Requirements

‍

Good operators implement all four layers:

IP-Based Blocking

• Commercial IP geolocation database (MaxMind, IP2Location, Digital Element)
• Real-time blocking at connection level (not just registration)
• VPN/proxy detection integrated
• Regular database updates (weekly minimum)

‍

What to request:

• IP blocking vendor contract
• Configuration showing US IP ranges blocked
• Testing logs demonstrating blocked connection attempts from US IPs
• VPN/proxy detection vendor (IPQualityScore, SEON, IPQS)

‍

How to test:

• Attempt site access from US residential IP
• Attempt access from US commercial/cloud IPs (AWS, Google Cloud)
• Attempt access via popular VPNs (NordVPN, ExpressVPN)
• Result: Should be blocked at all three levels

Payment Method BIN Blocking

• Block US-issued credit/debit cards at transaction level
• BIN database checking (first 6-8 digits identify issuing country)
• Real-time validation before payment processing

‍

What to request:

• Payment gateway configuration showing BIN blocking rules
• Evidence of rejected US card attempts
• List of payment methods accepted (if US-based e-wallets allowed, red flag)

‍

How to test:

• Attempt deposit with US-issued Visa/Mastercard
• Attempt with US-issued prepaid cards
• Result: Should be rejected before payment authorization

‍

Document Verification at KYC

• Identity verification requiring government ID
• Automated rejection of US IDs (driver's licenses, passports)
• Address verification cross-referenced against US addresses

‍

What to request:

• KYC vendor contract (Jumio, Onfido, Trulioo)
• KYC configuration showing US document rejection rules
• Statistics on US ID submissions and rejection rates

Red flag: KYC performed after deposits accepted (money already at risk)

1. GPS/Device Location Verification

• Mobile app geo-verification using device GPS
• Mandatory location services enabled
• Periodic re-verification during session

‍

What to request:

• Geolocation vendor contract (GeoComply, GeoGuard)
• Mobile app geofencing configuration
• Evidence of blocked sessions from US GPS coordinates

Note: This primarily applies to mobile apps. Web-only operators can't reliably verify GPS.

‍

‍

What Good Looks Like

✅ Multi-layered blocking: IP + BIN + document + GPS (where applicable), not just one

✅ Proactive, not reactive: Blocking at connection/registration, not after deposits

✅ Documented testing: Regular penetration testing with US-based testers, results showing blocks work

✅ Third-party audits: Independent verification of geo-blocking effectiveness (eCOGRA, iTech Labs)

✅ Automatic, not manual: No human review required to block US users (eliminates judgment calls)

‍

‍

Common Misses

❌ IP blocking only: VPNs easily bypass, provides false sense of security

❌ Terms & Conditions blocking: Checkbox "I'm not in US" is not enforcement

❌ Reactive blocking: Only blocking after chargebacks/complaints from US users emerge

❌ Inconsistent enforcement: Blocking some US users while allowing others (suggests selective enforcement based on value)

❌ No testing evidence: Claims of blocking without penetration testing results

‍

‍

‍

2. KYC Procedures and Timing

Why it matters: KYC timing reveals intent. Before deposits = compliance priority. After deposits = revenue priority.

‍

Required KYC Components

‍

Identity Verification:

• Government-issued ID upload and verification
• Automated document authentication (not just visual review)
• Liveness detection (selfie matching ID photo)

‍

Address Verification:

• Cross-reference against US address databases
• Utility bill/bank statement upload for high-value accounts
• Automated rejection of US addresses

‍

Ongoing Monitoring:

• Periodic re-verification (annually or after account changes)
• Address change monitoring (US relocation attempts)
• Payment method changes (adding US cards)

‍

‍

KYC Timing: The Critical Test

‍

Acceptable models:

‍

Pre-deposit KYC (best practice):

• Full verification before any deposit accepted
• US documents = automatic rejection
• Cannot fund account until KYC passed

‍

Limited deposit pending KYC (acceptable):

• Small deposit allowed (e.g., €50 max)
• Full KYC required before withdrawal or additional deposits
• US documents = account closure, deposit returned

‍

Unacceptable models:

‍

Post-deposit KYC (red flag):

• Full deposits accepted without verification
• KYC only triggered at withdrawal
• Risk: US users deposit, play, lose - operator keeps funds without ever verifying jurisdiction

‍

Withdrawal-only KYC (major red flag):

• Only verify winners
• Losers never go through KYC
• This is deliberate: verify US users only when forced to pay out

‍

‍

What to Request

1. KYC policy document: Written procedures showing when KYC is triggered
2. KYC vendor contract: Proof of third-party verification service
3. KYC statistics:

• What % of accounts complete KYC?
• At what stage (registration, deposit, withdrawal)?
• How many US documents submitted and rejected?

4. Sample account flow: Screenshots showing KYC prompts in user journey
5. US rejection protocols: What happens when US ID submitted?

• Account closure?
• Deposit return?
• Immediate or delayed?

‍

‍

Red Flags

• "We verify everyone eventually": Translation: after they've already deposited
• High % of accounts never completing KYC: Suggests KYC not enforced pre-deposit
• Cannot provide US rejection statistics: Not tracking = not enforcing
• Manual KYC review: Slow, inconsistent, subject to override
• Outsourced KYC with no oversight: No quality control

‍

‍

Testing Protocol

Conduct mystery shopping:

1. Create account with US-sounding name
2. Provide US phone number (Google Voice)
3. Attempt to upload US driver's license
4. Expected result: Immediate rejection with explanation
5. Red flag result: Account remains active, prompts for deposit

‍

‍

‍

3. Risk Controls and Transaction Monitoring

Why it matters: Even with geo-blocking and KYC, some US users slip through. Risk controls are your safety net.

‍

Transaction-Level Monitoring

‍

US-Specific Indicators:

• IP-Payment Mismatch: IP shows Europe, but card is US-issued (VPN usage)
• Time Zone Anomalies: Login times consistent with US time zones despite claimed location
• Language Settings: Browser/device language set to English-US
• Shipping Addresses: If operator sells merchandise, US shipping attempts
• Phone Verification: US phone numbers (+1 country code)

‍

What to request:

1. Transaction monitoring rules: Specific triggers for US indicators
2. Automated blocks: Do US indicators automatically block transactions or just flag for review?
3. Review queue statistics: How many accounts flagged for US indicators monthly?
4. Resolution process: What happens to flagged accounts?

‍

What good looks like:

• Automated blocking of 3+ US indicators (not just flagging)
• Daily review of flagged accounts
• Immediate account closure upon confirmation of US location
• Deposit return protocol for mistakenly accepted US users

‍

‍

Chargeback Pattern Analysis

‍

Why US chargebacks are telling:

If geo-blocking works, you should see zero chargebacks from US-issued cards.

One US chargeback might be an edge case (US citizen abroad). Multiple US chargebacks indicate systemic blocking failure.

‍

What to request:

1. Chargeback data by card country: Last 12 months

• Volume from US-issued cards
• Reason codes (fraud vs dispute)
• Resolution outcomes

2. Chargeback response procedures: How do they handle US chargebacks?
3. Remediation actions: What changed after US chargebacks occurred?

‍

Red flags:

• Any US chargebacks without explanation
• Dismissing US chargebacks as "VPN users we couldn't detect"
• No remediation after US chargebacks (suggests acceptance of US users)

‍

‍

Affiliate and Marketing Audits

‍

The problem: Operators claim they block US users, but affiliates actively recruit them.

‍

What to verify:

1. Affiliate agreements: Do they prohibit US-targeted marketing?
2. Affiliate monitoring: How often do they audit affiliate sites/ads?
3. Affiliate terminations: Have they terminated affiliates for US targeting?
4. Marketing materials review:

• Request samples of affiliate creatives
• Check for US sports, USD pricing, "available in all 50 states" language

5. Traffic source analysis:

• What % of traffic from US-based affiliate sites?
• Google Analytics geo data showing visitor countries

‍

How to test:

• Search "[Operator name] + USA" or "[Operator name] + sportsbook USA"
• Check affiliate review sites (often reveal US targeting)
• Look for Reddit/forum posts from US users claiming to use the site

‍

Red flag findings:

• Affiliates running US-targeted Google Ads
• Affiliate sites with ".us" domains or "USA" in content
• Forums with US users sharing deposit methods that work

‍

‍

‍

4. License Validity and Jurisdiction Scope

‍

Why it matters: Offshore licenses (Curaçao, Malta, Kahnawake) authorize operation in licensed territory only. They do not authorize serving prohibited markets.

‍

‍

Common Offshore Licenses

Curaçao eGaming:

• Most common for operators claiming "we block US"
• Licenses issued by Curaçao government via master license holders
• Critical: Curaçao licenses explicitly prohibit serving restricted jurisdictions
• License terms require geo-blocking of prohibited territories

‍

Verification:

• Curaçao license validation (limited public registry)
• Request master license holder confirmation
• Review license terms regarding prohibited territories

‍

Malta Gaming Authority (MGA):

• More stringent than Curaçao
• Requires proof of geo-blocking for restricted markets
• Regular compliance audits

Verification:

• MGA Public Register
• Check license status and any sanctions/warnings
• MGA licenses list "targeted countries" -US should NOT be listed

Kahnawake Gaming Commission:

• Canadian First Nation jurisdiction
• Requires blocking of jurisdictions where gambling is illegal
• Interactive Gaming Regulations specify geo-blocking requirements

Verification:

• Kahnawake Licensee List
• Confirm active license status

License Terms on Prohibited Territories

‍

What to request:

1. Full license certificate: Not just the seal image on their website
2. License terms and conditions: Full regulatory requirements
3. Compliance reports: Submissions to regulator showing geo-blocking
4. Regulatory correspondence: Any warnings or inquiries from regulator

‍

Key questions:

• Does your license permit serving US customers? (Answer should be "No")
• What are your license obligations regarding restricted territories?
• Has your regulator ever inquired about US customer blocking?
• Have you received any warnings or sanctions?

‍

‍

Red Flags

• Cannot produce full license certificate (only website badge)
• License expired or suspended (check registry)
• License holder name doesn't match operator entity
• Regulator has issued warnings about US market service
• License terms are vague on restricted territories
• Operating under someone else's license without proper sub-license

‍

‍

Regulatory Actions Check

Search for enforcement actions:

• Google: "[Operator name] + cease and desist"
• Google: "[Operator name] + attorney general"
• Check StopPredatoryGambling.org for watchlist
• Review gambling forums for regulatory news

‍

‍

‍

5. Processor History and Payment Integrity

‍

Why it matters: Payment processor relationships signal compliance health. Frequent changes indicate problems.

‍

‍

Payment Processor Stability

‍

What good looks like:

• Long-term relationships (2+ years) with established processors
• Tier-1 processors (Paysafe, Trustly, etc.) who conduct own due diligence
• Payment methods from reputable providers

‍

Red flags:

• Frequent processor changes (every 6-12 months)
• Using obscure/unrecognized payment processors
• Processors with poor reputations or regulatory issues
• Relying on cryptocurrency primarily (may indicate difficulty getting traditional processors)

‍

What to request:

1. Current processor list: All active payment integrations
2. Processor tenure: How long each relationship has existed
3. Terminated relationships: Any processors who terminated them? Why?
4. MATCH list status: Have they been placed on Visa/Mastercard MATCH list?

‍

How to verify:

• Contact processors directly (if you have relationships) to verify partnership
• Check processor websites for client lists
• Review payment options on operator's site (do logos match claimed processors?)

‍

‍

OFAC and Sanctions Compliance

‍

Even offshore operators processing international payments must comply with OFAC if:

• Touching US financial system (USD transactions, US banks)
• Accepting payments from US persons (if any slip through)

‍

What to request:

1. OFAC screening procedures: Real-time sanctions list checking
2. Screening vendor: Who provides OFAC data? (Dow Jones, World-Check, etc.)
3. Blocked transactions: Any OFAC hits? How handled?
4. Sanctioned countries blocking: Do they block transactions from sanctioned territories?

‍

Red flags:

• No OFAC screening program
• Manual screening only (not real-time)
• Cannot describe OFAC compliance procedures
• Process payments in USD without OFAC compliance (huge risk)

‍

‍

Shell Companies and Opacity

‍

The problem: Some operators use complex corporate structures to obscure ownership and avoid accountability.

‍

What to verify:

1. Corporate structure: Request org chart showing parent/subsidiary relationships
2. Ultimate beneficial owners (UBOs): Who ultimately owns/controls the business?
3. Payment entities: Legal name appearing on bank/card statements

• Does it match operator brand?
• Is it a generic name ("Global Entertainment Ltd")?
• Multiple entities used for different payment types?

4. Jurisdiction of incorporation: Where is the company registered?

• Reputable: UK, Malta, Gibraltar
• Red flag: Seychelles, Belize, Panama (known for opacity)

‍

Red flags:

• Unwilling to disclose ownership
• Complex multi-layer structure with no clear business reason
• Payment entity name different from operator brand without explanation
• Frequently changing corporate entities
• Incorporated in secrecy jurisdictions

‍

‍

‍

6. Complaint Patterns and Reputational Signals

‍

Why it matters: Past behavior predicts future behavior. Complaint patterns reveal whether blocking is enforced.

‍

‍

US-Specific Complaint Research

‍

Where to check:

1. State Attorney General consumer protection divisions:

• Search for complaints filed against operator
• Look for patterns: "accepted deposit then blocked account claiming US location"
  ‍

2. Better Business Bureau (BBB):

• Filter complaints by location
• Search for US-based complainants
• Look for: "won't pay out," "closed account," "didn't know US was blocked"
  ‍

3. Reddit gambling communities:

• r/sportsbook, r/gambling, r/poker
• Search "[Operator name] + USA"
• US users discussing whether site "works" in US
• Complaints about confiscated winnings
  ‍

4. Trustpilot and review sites:

• Filter reviews by country (US)
• Look for US reviewers claiming to use the site
• Or US reviewers complaining about blocks (which is actually good - shows blocking works)
  ‍

5. AskGamblers, Casinomeister, ThePogg:

• Gambling-specific complaint forums
• Search operator name + "USA" or "United States"
• Review complaint resolutions

‍

What good looks like:

• Few or no complaints from US users
• Complaints that exist are "they blocked me" (enforcement proof)
• Quick, fair resolution of mistaken US account closures (deposit returns)

‍

Red flags:

• Many US user reviews (positive or negative) - proves blocking doesn't work
• Complaints about accepting deposits then confiscating when US location discovered
• Ignoring or denying legitimate US user complaints
• Pattern of "selective enforcement" (blocking winners, keeping losers)

‍

‍

Specific Complaint Patterns to Flag

‍

"They took my winnings":

• User deposited, won, tried to withdraw
• Operator conducted KYC, discovered US location, confiscated winnings
• Analysis: This proves post-deposit KYC and selective enforcement

‍

"I've been using them for months":

• US user discussing ongoing use without issues
• Analysis: Blocking is not enforced or easily bypassed

‍

"They blocked my account randomly":

• User claims account closed without explanation
• Investigation reveals US location was discovered
• Analysis: Could be good (enforcement) or bad (inconsistent enforcement)
• Question: Why did blocking fail initially?

‍

"They offered me bonuses to stay":

• US user reported, operator offered incentives instead of closing account
• Analysis: Knowingly accepting US customers

‍

‍

Testing Public Forums

Conduct your own research:

1. Search Reddit: "[Operator] USA works" or "[Operator] VPN"
2. Check Twitter: US users discussing the site
3. Google: "[Operator] USA players"
4. YouTube: Reviews from US-based content creators

If you find US users openly discussing use of the site, blocking is not effective.

‍

‍

‍

What Good Looks Like: The Complete Compliance Profile

When an offshore operator truly blocks US customers, you'll see:

‍

‍

‍

‍

Common Misses: Red Flags That Disqualify

‍

1. "We block US" without testing evidence

‍

The claim: "We have robust geo-blocking and do not accept US customers."

The problem: Every offshore operator says this. It's table stakes, not proof.

What's really happening:

• Geo-blocking exists but is easily bypassed
• Blocking is inconsistent (some US users get through)
• They rely on Terms & Conditions checkbox, not technical enforcement
• They block known US IPs but not VPNs
• KYC happens after deposits (keeping lost bets from US users)

‍

How to catch it:

Ask: "Can you provide evidence of your geo-blocking effectiveness?"

‍

What good looks like:

• Penetration testing report showing attempted access from US was blocked
• Third-party audit certification
• Logs of blocked connection attempts from US IPs
• Statistics: X US IDs submitted, 100% rejected

‍

Red flags:

• "Our policy prohibits US customers" (policy ≠ enforcement)
• "We use geo-blocking technology" (which one? show configuration)
• "We've never had issues" (absence of evidence ≠ evidence of absence)
• Defensive response when asked for proof

‍

Real-world example: An operator claimed "robust geo-blocking" but investigation revealed:

• No VPN detection
• No BIN blocking
• KYC only at withdrawal
• 15% of chargebacks from US-issued cards
• Reddit posts from US users sharing VPN workarounds

‍

‍

2. Marketing-operations gap

‍

The claim: "We block US customers."

The evidence: US-targeted marketing running simultaneously.

The contradiction: Why advertise to a demographic you prohibit?

‍

Common patterns:

‍

Affiliate marketing:

• Affiliates running US-targeted Google Ads for the brand
• Affiliate sites with "USA" in domain or content
• Operator claims "we don't control affiliates" (legally insufficient)

‍

Content strategy:

• Website features US sports prominently (NFL, NBA, MLB)
• English-only content with USD as primary currency
• No prominent "US customers prohibited" messaging
• US-friendly payment methods highlighted

‍

SEO and SEM:

• Google Ads targeting US keywords
• SEO content targeting "best sportsbook USA" keywords
• US-based traffic as significant % of visitors

‍

Social media:

• Twitter/X content discussing US sports extensively
• Responding to US-based users
• Influencer partnerships with US-based content creators

‍

How to catch it:

1. Google: "[Operator name] + USA" - do ads appear?
2. Check their blog/content for US-targeted keywords
3. Review social media followers - what % are US-based?
4. Request Google Analytics geo data - if 20%+ traffic from US, why?
5. Search affiliate sites - are they US-focused?

‍

What they'll say:

• "We can't control where Google shows our ads" (yes, you can geo-targeting)
• "US sports are popular globally" (true, but emphasis indicates US focus)
• "Affiliates act independently" (you're responsible for affiliate compliance)

‍

Real-world example: Offshore operator claimed US blocking while:

• 30% of site traffic from US (Google Analytics)
• Affiliates running Google Ads targeting "best USA sportsbook"
• Twitter account engaging daily with US sports fans
• Payment processor investigation found numerous US transactions

Verdict: Marketing strategy contradicted compliance claims. Operator clearly wanted US customers despite policy claims.

‍

‍

3. Reactive rather than preventive blocking

‍

The claim: "We block US customers."

The timing: Blocking occurs after deposits are made, often only at withdrawal.

The problem: If a US user can deposit and lose without ever being verified, that's accepting US customers.

‍

How this manifests:

‍

Scenario 1: Withdrawal-triggered KYC

• US user deposits $500, plays, loses $300
• Attempts to withdraw $200
• KYC triggered, US ID submitted
• Account closed, no refund ("violated Terms")
• Operator keeps the $500 deposit

Analysis: This is deliberate. Blocking only winners, keeping losers.

‍

Scenario 2: Chargeback-triggered investigation

• US user deposits, plays, loses
• Files chargeback claiming "unauthorized"
• Operator discovers US location during chargeback defense
• Uses US location to deny chargeback ("customer violated Terms")
• Bank sides with merchant

Analysis: Profiting from US transactions while using US status to avoid chargeback liability.

‍

Scenario 3: Random enforcement

• Some US users play for months without issue
• Others blocked immediately
• No clear pattern for why some get through

Analysis: Inconsistent enforcement suggests manual override capability (blocking based on value/profitability).

‍

What good looks like:

• Pre-deposit KYC catches US users before funds at risk
• IP blocking prevents access entirely
• BIN blocking rejects US cards at payment authorization
• No US user ever successfully deposits

‍

Red flags:

• Complaints about "they took my winnings when I tried to withdraw"
• High % of accounts never completing KYC (suggests optional enforcement)
• Chargebacks from US-issued cards (proves blocking failed)
• Operator has stats on "US accounts closed" (proves they were open first)

‍

What to request:

• Account closure statistics: How many accounts closed for US location?
• Timing: At what stage were they closed? (Registration, deposit, withdrawal?)
• Refund policy: Were deposits refunded when US location discovered?

If closure happens post-deposit without refunds, that's revenue from US customers, not blocking.

‍

‍

4. Additional Red Flags

‍

Financial:

• Reluctance to provide chargeback data segmented by card country
• High overall chargeback rates (>2%) suggesting fraud/dispute issues
• Frequent payment processor changes (every 6-12 months)
• Using cryptocurrency primarily (difficulty getting traditional processors)

‍

Operational:

• No named compliance officer
• Compliance outsourced offshore with no oversight
• Cannot produce recent third-party audit
• Generic responses to specific technical questions

‍

Reputational:

• On MATCH list (Visa/Mastercard terminated merchant file)
• Regulatory warnings or sanctions from license issuer
• Pattern of complaints about confiscated winnings
• Known for "slow pay" or withdrawal issues

‍

License:

• License expired or suspended
• Operating under license meant for different entity
• License issuer has poor reputation (unlicensed sublicensing)
• Cannot produce full license certificate (only website badge)

‍

‍

‍

Your Closing Question: The Critical Test

After reviewing all the above, the single most important question to ask is:

"Do you require proof of geo enforcement or just a policy statement?"

This question forces clarity on burden of proof.

‍

If you accept policy statements:

• You're trusting their word
• You assume blocking works without verification
• You accept risk that US transactions are occurring
• You may face UIGEA liability if blocking fails

‍

If you require proof, You need to see:

✅ Penetration testing reports: Dated within last 6 months, showing US access blocked

✅ Third-party audit certification: eCOGRA, iTech Labs, or similar verifying geo-blocking

✅ Transaction data: Zero US-issued card transactions in last 12 months

✅ KYC rejection statistics: X US IDs submitted, 100% rejected pre-deposit

✅ Payment processor confirmation: Processors verify no US transactions

✅ Compliance officer attestation: Named individual certifying with personal liability

✅ Data extract: Customer database export showing zero US addresses, phone numbers, or IPs

‍

‍

The proof standard:

• Not "we have controls" but "here's evidence controls work"
• Not "we comply with our license" but "here's third-party verification"
• Not "we've never had issues" but "here's testing showing issues are prevented"

‍

Real-world application: When you ask this question, compliant operators will immediately offer proof packets. Non-compliant operators will:

• Push back: "That's excessive"
• Deflect: "Our license requires blocking, so we do it"
• Delay: "We can get that information later"
• Question: "Why do you need this level of detail?"

These responses reveal they cannot meet the proof standard.

‍

‍

‍

Conclusion: Offshore Requires Higher Burden of Proof

Offshore gambling operators serving international markets must demonstrate they're NOT serving US customers through:

1. Technical enforcement: Multi-layer blocking at IP, payment, document, and device levels
2. Timing: Pre-deposit blocking, not post-deposit selective enforcement
3. Testing verification: Independent proof that blocking works, not just policy claims
4. Operational consistency: Zero US chargebacks, complaints, or transaction patterns
5. Documentation transparency: Full disclosure of controls, configurations, and audit results

The fundamental principle is straightforward: offshore operations are not inherently problematic, but they do carry a higher burden of proof.
Domestic operators typically demonstrate compliance through licenses, while offshore operators must demonstrate compliance through verifiable enforcement.
When an offshore operator cannot provide testing evidence, transaction level verification, and third party audits confirming effective US blocking, they are not adequately controlling US exposure, and processing their payments creates UIGEA liability for you.

The guide provides the specific artifacts to request, the tests to conduct, and the red flags that disqualify operators, helping you distinguish genuine US blocking from performative policies.

‍