Security

Trusted by millions! Ace2Three is committed to provide its customers a safe and secure platform to play online rummy. Player Safety and trust are of paramount importance to us and we ensure 100% fairness in the games played on Ace2Three by complying with various Security measures in place mentioned below.

Mandatory KYC

In order to maintain integrity and transparency at Ace2three, which includes being able to positively identify its Players, every user account created must agree to the Terms & Conditions of the website, besides complying to the KYC norms at various stages. All users playing on Ace2three need to comply with KYC process which includes verification of Email address, Mobile number, ID proofs such as PAN card, Aadhaar Card, Driving License, Address proofs and IP address check.

  • Each user has to provide few KYC details at the time of account creation on Ace2Three.
  • Each player needs to furnish more KYC details on Ace2Three at various stages of the player journey, for example to purchase chips more than a certain amount, player needs to verify his identity with legal proofs.

Responsible Gaming

Ace2Three adheres to responsible gaming practices to ensure that our players feels safe within the system and play responsibly. We are committed to integrity, fairness and reliability and we always do our best to prevent gaming-related problems.

Following responsible gaming features are deployed at Ace2Three.
  • Purchase Limits: Each player has his own defined purchase limit for real chips purchase. Players have the flexibility to control their purchase limits.
  • Age Checks: Players below 18 years of age are not allowed to play on Ace2three.
  • Account Closure: Players can reach us to get their accounts closed with us. Players can ask to close their accounts with Ace2Three for a temporary and permanent basis.
  • Territory Checks: Players from certain states of India such as Assam, Odisha and Nagaland are not allowed to play on our real money tables. Also, users from outside India are not allowed to play as well.

Game Security

At Ace2Three, we ensure game level security as a top business priority to maintain trust among players and provide a platform for a fair play. A lot of measures are in place to make sure that players can enjoy fair gaming experience without worrying about any fraudulent behavior.

  • Secure Random Number Generator (RNG): Cards are distributed using a certified Random Number Generator software which cannot be modified or managed at any time by Ace2Three. Our random number generator (RNG) has been verified by iTech Labs Australia (http://www.itechlabs.com.au/sidebar-eng/rng-testing-certification/), which is a globally competent authority (ISO 17025 certified) for RNG verification and provides RNG certifications to multiple Indian and global gaming companies (http://www.itechlabs.com.au/projects-clients/).
    A certified RNG ensures that all players have cards shuffled and dealt fairly by the system without any bias.Click here to view RNG certificate.
  • Communication protection: All games played on Ace2Three are conducted over a secure communication between the game servers and the devices of the customers (laptop, PC or mobile devices). Also we have dual verification and log protection checks at various levels to prevent data manipulation at both client and server end.
  • Purchase Chips Security: All chip purchase transactions are secured with 2048-bit SSL. No credit card/debit card information of player is stored on Ace2Three.
  • Fraud and Collusion Protection: Ace2Three has deployed multiple fraud protection measures to ensure that our players stay protected from on table collusion frauds.
    • Seating on our tables is random, and no seat is prefixed for any game. Players, therefore, have no control over selection of players on any table.
    • All users playing on Ace2three are associated with IP address which is being stored by the Company. Players logged in from the same IP address are not allocated seats on the same table.
    • Players found colluding on a table by our fraud detection system are blocked further from taking seat on the same table.
    • Anti-fraud algorithms tracks every move during the game play. (Selection of cards, discards, melds, shows) by every player on every table round the clock.
    • Security patches get updated as and when notifications get released by the Vendors.
    • Ace2Three continuously reviews compliance of its Security measures.
  • Disconnection Protection: All players connect to Ace2Three via internet and in some cases face network fluctuations/blips. To keep player’s interest safe following disconnection, the following protection measures are in place:
    • For a disconnected player, there will be three round of auto-play by default, after which the system will decide future course based upon player’s saved group score.
      • If the player’s saved groups score is less than middle drop count, game will keep in auto play mode till some other player places a show
      • If the player’s saved group score is more than middle drop count, player will be considered for middle drop.
    • If the game is in auto-play and a show is placed by some other player, disconnected player is awarded either middle drop or his saved groups score, whichever is less.
    • Above logic does not apply to “Best of X” games where the game always goes into auto play and player does not have an option to drop/middle drop.
  • Click to read more on our disconnection handling policy
  • No BOTS Policy: Ace2Three does not have any robotic programs (BOTs) on its gaming platform and does not participate in any games. All players are genuine with appropriate level of KYC verification.

Website Security

All the Company’s websites are SSL (Secured Socket Layer) enabled and necessary certification have been obtained from a third party “Thawte”. Hence, these websites can only be accessed over https://.

HIIPL has code signing certificate obtained from Thawte to avoid any alterations of software package (DL – Download Client) which is being distributed to customers.

Data Center Security

We avail the services of an International Data Centre having a decade’s experience and expertise in providing the infrastructure services for ensuring high availability, seamless performance and reliable security for mission critical applications. As part of this continuous process the Datacentre is certified with ISO 27001 and many other such certifications. Using vast experience of its Centre of Excellence teams, state of the art tools at their disposal and in-depth understanding of infrastructure management, Data centre Operations tries to resolve issues by not only restoring the services after an incident, but also by carrying out a root- cause analysis to avoid repeated issues. Using advanced monitoring and service management platform, the services are monitored 24X7 throughout the year. As part of additional measures like protection from DDOS attacks has also been availed to increase the availability of the infrastructure to the end users/players.

Relogin Checks

It seldom happens, but in case our client hangs or crashes because of player’s device hardware limitations (leaving too many apps/windows open) the player logs in again to continue from the same channel or a different one. In such scenarios, we have multiple re-login checks to ensure that the player can resume his game that has gone into ‘Autoplay’ mode due to the disconnection.

Duplicity Checks

We have robust duplicity checks in place that calculate the duplicity scores of players. Duplicity scores above a certain threshold are marked and we then run programs to get in touch with such players and shut their duplicate accounts. This also plays an important role in players receiving relevant promotional content.

Product Test Accounts

As a part of policy, all employees of HeadInfotech are not allowed to play on Ace2Three. To check the health of the system and reproduce customer reported issues, we maintain a handful of test accounts on production system. These accounts are marked as internal test accounts in our back office systems and no redeem of real chips is allowed for such accounts. Also, only the marked internal test accounts can use office premises to login and play in the production system to check the system health if required.