Casino KYC Glossary

KYC (Know Your Customer) {#kyc}

The legal duty of a regulated financial or gambling business to identify each customer before, or shortly after, the profile starts handling money. Sources: FATF Recommendation 10, EU AMLD6, UKGC LCCP 17.1. Inside a casino, KYC is the chain of document checks (ID, address, payment method, source of funds) that gates the player from anonymous play to a fully verified profile. Different jurisdictions trigger KYC at different points in the lifecycle. That is exactly what the tiering framework classifies.

AML (Anti-Money Laundering) {#aml}

The full programme a regulated business runs to detect, prevent, and report attempts to clean criminal funds through its services. AML is the umbrella; KYC is one component. Sources: FATF 40 Recommendations, EU AMLD6, US Bank Secrecy Act. Inside a casino, AML adds transaction monitoring, sanctions screening, suspicious-activity reporting, and risk-based extra checks on top of standard KYC.

CDD (Customer Due Diligence) {#cdd}

The baseline KYC procedure: identify the customer, verify the identity against a reliable source, understand the purpose of the business relationship, and monitor the profile thereafter. Sources: FATF Recommendation 10, EU AMLD6 Art. 13. In casino practice, CDD is the standard signup flow at a regulated venue: government ID, proof of address, name on the deposit method, profile on record. A no-KYC venue delays or omits parts of CDD. That is what puts them on KYC Level 0-2 on the ladder used across this site.

EDD (Enhanced Due Diligence) {#edd}

The stricter version of CDD applied to higher-risk customers: PEPs, customers from high-risk jurisdictions, very-high-value players, or transaction patterns that triggered an internal AML flag. Sources: FATF Recommendation 12, EU AMLD6 Art. 18-20. In casino practice, EDD fires when a player wins big, deposits from multiple cards, requests a wire withdrawal above a published trigger, or shows up on a sanctions list. EDD typically pulls the player to KYC Level 3 regardless of where they started.

SDD (Simplified Due Diligence) {#sdd}

A lighter KYC variant allowed for low-risk customers and low-value transactions. Sources: FATF Recommendation 10, EU AMLD6 Art. 15-17. SDD usually means email-and-name registration without document upload, up to a published lifetime or per-cycle cap. SDD is the formal name for what no-KYC sites on KYC Level 1 do. Register on an email. Deposit and withdraw freely below a cumulative ceiling. Full KYC only above the ceiling.

ID verification {#id-verification}

The technical step inside CDD or EDD where the player uploads a government-issued identity document. The brand (or a vendor like Veriff, Sumsub, Jumio) cross-checks it against the photo, the document number format, the issuing-country database, and an MRZ scan. The output is usually an automated approve, an automated reject, or a manual-review queue. ID verification rejection is the most common reason a withdrawal stalls at a regulated venue. That is why the player playbook section covers the document chain in detail.

Liveness check {#liveness-check}

A real-time biometric proof that the person submitting the ID is the actual document holder, not a photo of a photo or a deepfake. The player records a short selfie video with prompted head movements. Vendor software scores the match against the ID portrait. Sources: ISO/IEC 30107-3 (Presentation Attack Detection), FIDO Alliance Face Verification Certification. Liveness is now standard at any venue above KYC Level 1 and is non-negotiable for EDD.

Selfie verification {#selfie-verification}

A still-photo variant of the liveness check, where the player holds the ID next to their face and uploads a single image. Cheaper for the brand and faster for the player. It remains vulnerable to printed-photo and screen-replay attacks. That is why liveness video has largely replaced selfie at regulated sites. Some no-KYC venues on KYC Level 2 still use selfie for the cumulative-trigger event.

Source of Funds (SoF) {#sof}

Documentation that proves where the money being deposited or withdrawn actually came from. Sources: FATF Recommendation 10, UKGC LCCP 17.1.4. In casino practice, SoF means recent payslips for salaried players, dividend statements for investors, sale-of-asset paperwork for one-off windfalls, or business-account statements for self-employed players. SoF is requested at the cumulative deposit triggers defined by the brand (see the withdrawal threshold term below). It is the single most common trigger for a withdrawal hold above $5,000.

Source of Wealth (SoW) {#sow}

The wider picture of how the player accumulated their total net worth, not just the immediate deposit. SoW is requested separately from SoF in EDD and on very-high-value profiles. Sources: FATF Recommendation 10 Interpretive Note, JMLSG Guidance Part II Ch. 14. In casino practice, SoW often includes property valuations, investment portfolios, inheritance documents, or audited business accounts. SoW is rare below KYC Level 3 and almost universal at UKGC and MGA venues above £5,000-£10,000 lifetime deposit.

Proof of Address (PoA) {#poa}

A document dated within the last three months that shows the player's name and residential address. Sources: UKGC LCCP 17.1.3, MGA Player Protection Directive. Acceptable PoA usually includes utility bills, bank statements, government correspondence, or municipal-tax receipts. Bank-issued cards and mobile-phone bills are accepted at some venues and rejected at others. That is why the documentation walkthroughs publish a per-jurisdiction PoA acceptance table.

Proof of payment method {#proof-of-payment}

A document tying the deposit instrument to the registered profile holder. For cards, a screenshot of the bank-app statement showing the first six and last four digits plus the player name. For wallets, a screenshot of the wallet dashboard. For crypto, a transaction hash plus a signed message from the originating wallet. Sources: VISA AML Programme, MGA Player Protection Directive, FATF Travel Rule (for crypto over $1,000). Proof of payment method is the trigger that catches most "third-party deposit" grievances, where the player deposited from someone else's card without realising it.

Bank statement {#bank-statement}

A full account statement (usually three months) used to combine PoA, proof of payment method, and partial SoF in one document. Sources: UKGC LCCP 17.1.3-17.1.5. Bank statements are the most-requested document at EDD because they consolidate three checks into one upload. Players who use multiple banks (separate salary, savings, and gambling accounts) often hit friction here. The brand asks for the gambling-account statement specifically.

FATF (Financial Action Task Force) {#fatf}

The intergovernmental body that sets global AML and counter-terrorism-financing standards. Member jurisdictions translate FATF Recommendations 1-40 into local law. Source: fatf-gafi.org. Casino regulators (UKGC, MGA, CGA Curaçao, Anjouan AGA) align their licence conditions with FATF. A site licensed outside the FATF perimeter (some Costa Rica and Panama shell licences) is technically gambling-licensed but not AML-supervised. That is the structural problem behind most no-KYC scam cases.

PEP (Politically Exposed Person) {#pep}

A person who holds, or recently held, a prominent public function, along with their immediate family and close associates. Sources: FATF Glossary, EU AMLD6 Art. 3(9). PEP status triggers automatic EDD at any FATF-aligned venue. Most no-KYC sites do not run PEP screening at registration. The check happens later, when the cumulative deposit trigger fires and the profile is upgraded to KYC Level 2 or 3.

Sanctions screening {#sanctions-screening}

Automated cross-check of the player name and country against OFAC (US), UK HM Treasury, EU consolidated, and UN sanctions lists. Sources: OFAC SDN, EU CFSP, UK OFSI consolidated list. Sanctions screening runs at registration on most regulated venues and at withdrawal on most no-KYC sites. A sanctions hit usually means immediate profile freeze, funds held for regulator inquiry, and no recovery path. This is one of the risks covered in the dedicated pillar.

Chain analysis {#chain-analysis}

The forensic tracing of cryptocurrency deposits back through the blockchain. The goal is to identify whether the originating wallet sits on a sanctions list, a mixer, a darknet market, or a known scam address. Vendors: Chainalysis, Elliptic, TRM Labs. Sources: FinCEN BSA virtual-asset guidance, FATF Recommendation 15. Chain analysis is the crypto equivalent of source-of-funds checks. A deposit with a clean wallet trail passes. A deposit with a tainted hop within a few transactions usually triggers an internal review.

Blockchain forensics {#blockchain-forensics}

The broader discipline that chain analysis sits inside. Forensic tools combine on-chain data with off-chain attribution (exchanges, OTC desks, known wallet labels) to produce a risk score on each deposit. Sources: Chainalysis Crypto Crime Report, Elliptic Hidden Risk Report. Brands above KYC Level 2 with crypto rails almost always subscribe to one of the major forensics vendors. Venues on KYC Level 0 by definition rely on the brand's own visual review only.

AML risk score {#aml-risk-score}

The internal numeric (or low-medium-high) classification a regulated venue assigns to each player based on country, payment method, deposit pattern, PEP status, and profile behaviour. Sources: EBA Guidelines on ML/TF risk factors, JMLSG Guidance Part I Ch. 4. The AML risk score drives how often a player gets re-asked for documents, what the per-withdrawal cap is, and how fast a payout clears. No-KYC sites usually do not maintain an explicit AML risk score below the KYC Level 1 cumulative trigger.

SAR (Suspicious Activity Report) {#sar}

A regulatory filing that a brand must submit to the local Financial Intelligence Unit when player behaviour shows AML red flags. Sources: FATF Recommendation 20, UK NCA SAR Online, FinCEN SAR. SAR submission is confidential by law. The brand cannot tell the player a SAR was filed. The profile often remains active while the FIU reviews. SAR is the formal mechanism behind "your withdrawal is under review for compliance reasons" notices that appear in Casino.guru threads.

KYC trigger {#kyc-trigger}

The specific event in profile lifecycle that escalates verification from the current level to the next. Triggers fall into four categories. Cumulative (deposit total above $X over a period). Per-transaction (single withdrawal above $X). Behavioural (sudden change in deposit pattern). Or regulatory (the brand's risk team flagged the profile). Each level on the tier ladder has its own published or implied trigger. The interactive estimator maps which trigger your own pattern is closest to.

Withdrawal threshold

The cash-out amount at which a brand imposes additional KYC or SoF documentation. Published triggers vary widely: from $0 at full-KYC venues, through $2,000 at typical Curaçao sites, up to $10,000 or more at some Anjouan and Tobique brands. The trigger is the single most informative number to know before depositing. It is the line above which "no KYC" stops being literally true.

Cumulative limit {#cumulative-limit}

The lifetime or rolling-window total above which the brand forces KYC, regardless of any single withdrawal amount. Common windows are 30 days, 90 days, 365 days, or lifetime. Cumulative limits are the most-litigated number in player complaints. Brands sometimes publish the per-withdrawal trigger but omit the cumulative limit from the cashier page. Where brands on our curated list are tested on this site, the cumulative limit goes in the per-brand trust file before the review is published.

Reset window {#reset-window}

The rolling period after which a cumulative limit "resets to zero". On most sites the reset window is 30 days from the first deposit in the window. On others, it is a calendar month, a quarter, or a lifetime (no reset). Reset windows matter because a player can structure deposits to stay below the cumulative limit indefinitely. That is exactly what some no-KYC sites are designed for and what FATF Recommendation 22 calls "structuring".

First-method rule {#first-method-rule}

The cashier policy that says the first withdrawal must return to the deposit method that funded the profile. Sources: VISA Scheme Rules, Mastercard Anti-Fraud Programme. The first-method rule prevents card-deposit-to-crypto-withdrawal money flows that often show up in fraud cases. Most brands enforce the first-method rule below a $1,000-$2,000 first withdrawal, then allow method-switching above that with extra KYC. Most no-KYC sites on KYC Level 0-1 either skip the first-method rule or apply it only above the cumulative trigger.

Dormant account {#dormant-account}

A profile with no login, deposit, or withdrawal activity for a defined period (commonly 90, 180, or 365 days). Brands are usually allowed to apply a monthly dormancy fee against the balance, in some jurisdictions to escheat the balance to the regulator. Sources: UKGC LCCP 4.1.1, MGA Directive on the Conduct of Players. Dormant-profile terms matter because a small left-over balance at a no-KYC site can disappear over six to twelve months of inactivity, which several Casino.guru complaint threads document.

Verification queue {#verification-queue}

The pending-document pile inside the brand compliance team. Players see this as "your documents are under review", with no estimated time. Typical processing time at regulated venues is 24-72 hours. At some no-KYC sites with small compliance teams, it can stretch to 5-7 working days. Time-in-queue is one of the metrics tracked per brand in the reviews section because it predicts how long the first withdrawal will take.

Document upload {#document-upload}

The cashier or KYC-portal action where a player attaches an ID, PoA, or SoF file. Common upload limits: 5-10 MB per file, accepted formats JPG/PNG/PDF. Document upload is the most common failure point because mobile-camera photos exceed the 10 MB limit. The verification help section publishes the per-document file specs the major sites on our curated list accept.

Document rejection {#document-rejection}

The automated or manual decision that an uploaded document does not meet KYC standards. Common reasons: expired ID, glare or blur, document edges cropped, PoA older than three months, name mismatch with profile name, address mismatch with country of registration. Document rejection rates of 20-30 percent on the first attempt are normal at regulated venues. The playbook for re-submission is on the document rejection page.

Account locked {#account-locked}

The state in which the profile exists but the player cannot log in, deposit, or withdraw. Lock reasons range from KYC pending, to AML investigation, to responsible-gambling self-exclusion, to fraud-team review. Brands rarely give a specific reason in the lock notice, because of SAR confidentiality rules. The emergency playbook for a locked profile is on the account locked page.

Dispute resolution {#dispute-resolution}

The escalation chain when a player and a brand disagree about a withdrawal, a bonus, or a closure. Escalation tiers at most venues: support, compliance team, internal complaints officer, third-party mediator (Casino.guru or AskGamblers), regulator complaint, civil action. Sources: UKGC Alternative Dispute Resolution rules, MGA Player Complaints Directive. The mediator step is the one that produces actually-useful published outcomes. That is why brand reviews on this site weight Casino.guru complaint history into the scoring layers.

Account closure {#account-closure}

The final-state action where the brand terminates the profile. Closure can be player-requested (responsible gambling, fatigue, found a better site) or operator-imposed (AML breach, fraud finding, regulator order). Operator-imposed closure with funds held is the worst-case scenario in this segment. The risks pillar documents the patterns and the large withdrawal risk page covers the financial-harm angle in detail.