Crowdsourced quality testing for the iGaming industry.

HomeBlogFor iGaming operatorsCrowdsourced testing on 16 banned sweepstakes casinos in New York

Crowdsourced testing on 16 banned sweepstakes casinos in New York

Reading Time: 6 minutes

Sweepstakes casinos have been widely available across the U.S. for some time now and the regulatory landscape continues to change. As restrictions spread, operators and game providers face legal risks, so it’s more important than ever to understand whether or not access is being blocked where it’s supposed to be.

In early June 2025, the New York State Attorney General issued cease-and-desist orders to 26 sweepstakes casino operators, signaling a major shift in enforcement. But did the bans actually stop access to sweepstakes gameplay? In late July, TESTA began testing in New York to find out just how far players can still get into the sweepstakes casino player journey.

Why New York?

Besides the news of the recent ban, New York is important to consider because it’s one of the most influential gambling markets in the country. The state’s regulatory actions often set precedents, setting the stage for other states like California, New Jersey, and Ohio that are considering similar bans.

By focusing on New York, TESTA aimed to show how enforcement really works on the ground, and what brands should look out for to stay compliant as bans spread.

Test scope

Tests were run on three different desktops on two different ISPs. All testers had IP addresses in New York, thereby delivering real in-market results that can’t be reliably replicated via VPN and/or other location masking tools. TESTA found similar compliance issues in confidential mobile device testing on other ISPs for TESTA clients, indicating general directionality. However, many ISPs remain untested in New York (not to mention device and browser combinations), and a more far-reaching test case would provide even more certainty about the actual compliance landscape for both operators and providers.

There were 16 operators from the NY AG’s ban list of 26, specifically selected because they offered third-party slot content rather than proprietary-only slots or sportsbook platforms.

The results raise critical questions: Are geo-blocking mechanisms working as intended? Are providers at risk even when games aren’t played for real value? And what level of enforcement is actually happening on desktop platforms?

Operators are all anonymized in this report, identified as Operator A, B, C, etc. in the test results (download via the link below in the combined test results section). 

Methodology

  • Testers: Three individuals (coded Tester 1, 2, 3), based in New York
  • Devices: 3 notebooks with various versions of the Chrome browser
  • ISPs: AT&T, Level 3 communications
  • Instructions: Access all 16 URLs; attempt to register; select 4 slots and play through
  • Results: Documented with notes from testers and screen recorded (video held privately by TESTA)

Key findings

The test results revealed clear inconsistencies in enforcement, with some operators fully blocking access in New York while others allowed testers to reach the game lobby—and even play in SC mode.

Here’s what stood out:

  • 3 operators blocked access to the site itself for all testers. This is the strongest form of enforcement and the preferred outcome for game providers that would otherwise be featured on a banned site.
  • 10 operators allowed GC gameplay or access to the game lobby.
  • 5 operators exhibited tester/game-dependent behavior—some testers playing some games were blocked, while others were not.
  • 2 operators prompted the tester to make a deposit in SC mode.
  • 1 sweepstakes operator allowed SC mode gameplay, violating the New York AG’s ban.

Combined test results

The test results show the yes/no responses to the accessibility of the various stages across all 16 casinos. For the full version including tester notes, download the NY sweepstakes testing extras, which also includes the specific devices and networks used in the testing.

Fill out the form

How enforcement breaks: the main cases

As the above enforcement findings graph shows, there were only 3 fully blocked sites. In fact, enforcement of the AG ban in New York varied considerably. The main failure patterns are discussed below. Each one carries real risk for game providers, from full SC mode breaches to silent GC leaks and inconsistent gameplay authorization.

On Operator P, one player got in and reached SC mode gameplay. This is a clear violation of the New York Attorney General’s enforcement threshold. This operator represents the most direct exposure risk for game providers. But is it the only one? That’s uncertain for now since TESTA only required NY testers to open 4 games (each from a different provider) on 4 operator’s sites. However, it’s highly likely that if more games had been opened and played through, more legal breaches would have been found. The testing in July for a major slots provider on mobile devices revealed as much.

The deposit prompts

Operators B and D did not allow SC gameplay, but actually Tester 1 reported being prompted twice to deposit for SC mode games. These journeys show how even on supposedly banned sites, players are still being nudged toward real-money experiences.

Inconsistent journeys between games

Operator B provided three different levels of enforcements for each of the three testers, two of which were attempting to play different games from different providers.

Tester 1 accessed the site, lobby, and registration. However, the tester didn’t see playing in GC/SC mode as an option because the site prompted the tester to deposit as noted above. Tester 1 self-terminated at that point but it wasn’t because he was blocked from playing. 

Tester 2 was able to play on a different game from a different provider. The game was playable in GC mode with 210000 bonus GC coins awarded via a transaction involving a verification code sent to a local NY mobile number. Play was eventually blocked in SC mode due to the “jurisdiction”.

Tester 3 was unable to register and didn’t go any further on his journey on Operator B.

No "sweeps" coins

On Operator H testers faced a different situation, where the operator allowed gameplay in SC mode but under a different name. Besides GC mode, “xC mode” was also on offer (actual name withheld for anonymity), which is really the same as sweeps mode on other platforms. 

Tester 1 went ahead and played with accumulated bonus coins, while testers 2 and 3 assumed that the apparently unavailable SC mode meant that they couldn’t play and ended their respective journeys at that point. 

Why geo-blocking fails

Despite being a cornerstone of legal compliance, geo-blocking is often fragile in execution. Most platforms rely on basic IP-based location checks, which can be easily bypassed with VPNs or misclassified due to mobile routing errors. 

Unlike licensed sportsbooks, which enforce location through GPS verification or browser plugins, social and sweepstakes platforms rarely use device-level enforcement.

Meanwhile, CDN caching—used to speed up page loads—can unintentionally serve content across state lines. On top of that, enforcement at the frontend and backend is often uncoordinated, meaning a player might be blocked on the homepage but still allowed to load a game or access the lobby. These technical gaps leave providers exposed, even when the intent to restrict is there.

Why this matters for providers

Even when operators attempt to enforce restrictions, gaps in implementation mean games may still be visible, demoed, or even played in jurisdictions where they shouldn’t be. In many cases, operator-level geo-blocking is inconsistent, leaving certain player journeys unchecked. And while GC gameplay might seem harmless, it can still result in brand exposure or legal scrutiny. Especially when the content is accessed in a state with active enforcement attention.

Conclusion

These findings highlight what many game providers have suspected but struggled to prove: enforcement on paper often looks very different from enforcement in practice. Real-world testing reveals not only where systems break down, but how—and for whom. TESTA specializes in uncovering these edge cases, helping providers identify unseen risks before regulators or competitors do.

Fill out the form

About the author

Ian McKinnon

TESTA Head of Marketing