Security Policy

Volcano Casino is committed to providing a safe, secure and fair gaming environment. This Security Policy outlines the key measures we implement to protect our players, their funds, personal information and gameplay integrity.

1. Account Security

  • Strong Password Requirements All accounts must use passwords of at least 8 characters including uppercase letters, lowercase letters, numbers and special characters.
  • Two-Factor Authentication (2FA) We strongly recommend (and in some jurisdictions require) enabling 2FA via authenticator app (TOTP), SMS or email. 2FA is mandatory for:
    • First withdrawal from a new payment method
    • Changing email, password or linked phone number
    • Accessing account from a new device or unusual location
  • Session Management
    • Automatic logout after 30 minutes of inactivity
    • Single active session per account (new login terminates previous session)
    • Visible login history with date, time, IP address and device information
  • Account Monitoring We continuously monitor for suspicious activity including:
    • Multiple failed login attempts
    • Logins from geographically distant locations in short time
    • Unusual betting patterns that may indicate account compromise

2. Data Transmission & Storage Security

  • All pages and services use TLS 1.3 encryption (HTTPS) with strong cipher suites
  • Certificate issued by a recognized Certificate Authority and regularly renewed
  • End-to-end encryption for sensitive data in transit (payment details, personal documents)
  • Payment card data is never stored on our servers — processed exclusively by PCI DSS Level 1 certified payment providers
  • Sensitive documents uploaded for KYC are stored encrypted at rest (AES-256)
  • Database backups are encrypted and access-controlled

3. Financial Transactions Security

  • We work only with licensed and PCI DSS compliant payment providers
  • No direct storage of full card numbers, CVV or payment tokens on our infrastructure
  • All withdrawals are subject to multi-layer verification: – KYC / AML checks – Ownership verification of payment method – Anti-fraud scoring – Manual review for first withdrawal or high-risk transactions
  • Maximum withdrawal limits per transaction/day/week are enforced to prevent fraud
  • Deposits and withdrawals are monitored in real-time by automated fraud detection systems

4. Game Fairness & RNG Security

  • All games use certified Random Number Generators (RNG)
  • RNGs are regularly tested and certified by independent accredited testing laboratories (iTech Labs, GLI, eCOGRA, BMM Testlabs or equivalent)
  • Monthly RNG payout reports and certificates are published on the website
  • Game outcomes cannot be influenced by casino staff or third parties
  • Server-side logic is protected against tampering and unauthorized access

5. Fraud & Money Laundering Prevention

  • Strict Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures
  • Source of funds / source of wealth checks for large or suspicious transactions
  • Collaboration with specialized third-party fraud prevention and AML screening providers
  • Monitoring for prohibited activities including: – Bonus abuse / bonus hunting – Collusion / chip dumping – Use of bots, scripts or automated play software – Multi-accounting / proxy/VPN abuse to circumvent restrictions

6. Responsible Gambling Protection

  • Mandatory age verification (18+ or legal gambling age in jurisdiction)
  • Self-exclusion, cooling-off periods and permanent account closure options
  • Deposit, wager, loss and time-session limits (daily/weekly/monthly)
  • Reality checks and session reminders
  • Behavioral analytics to detect potential problem gambling patterns
  • Easy access to responsible gaming resources and external help organizations

7. Network & Infrastructure Security

  • Web Application Firewall (WAF) protecting against common attacks (SQL injection, XSS, DDoS Layer 7, etc.)
  • DDoS mitigation services at network level
  • Regular penetration testing and vulnerability scanning by independent security firms
  • Least-privilege access model for all internal systems and employees
  • Security awareness training and background checks for staff with access to sensitive data

8. Incident Response

  • Dedicated incident response team available 24/7
  • Documented incident response and business continuity plans
  • Mandatory breach notification to affected players and regulators within legally required timeframes
  • Post-incident analysis and implementation of corrective measures

9. Reporting Security Issues

If you believe you have discovered a security vulnerability on our platform, please report it responsibly to: Email: security@volcanocasino.com Please do not publish or exploit the vulnerability before we have had reasonable time to address it.

We appreciate responsible disclosure and may offer bug bounty rewards for valid, previously unreported critical or high-severity findings.

Thank you for trusting Volcano Casino with your gaming experience. Your security is our highest priority.

If you have any questions regarding our security practices, please contact our support team or email security@volcanocasino.com.

Przewijanie do góry