Building a Defence System - PlayerCheck

[Castle]

Hi AF-UK as some showed interest in what I was building to support used sales in airsoft (and with the issues over at UKARA). I started a thread to get feedback, suggestions, trolled and all over types of "don't waste your time". I believe it's time to start getting general feedback from the community so this thread will do so.

Backstory on PlayerCheck -

PlayerCheck was designed to be transparent and provide open information to everyone, it's owned by my company but is not a for-profit product. It's to complement and protect users. We had a few cases of users buying/selling items on our website underage, without a defence that same old stuff. UKARA only protects businesses and the used airsoft community is just as large if not larger. A way to freely validate everyone is missing or not available to everyone for free. I spoke with UKAPA Briefly before they broke communication because Matt left, and a few major used airsoft marketplaces. This was never designed to be a REPLACEMENT for current defences approved by the home office but to provide another way to check players. We would love to become a valid defence but don't see that coming for a few since we have to approach This slowly so we don't look like we are fighting internally as a sport/community/whatever.

Production State Features -

At this time we consider the core of playercheck to be around ~75% completed.

Player to Player Defence Checks, Transaction History, Business Verification, Add Multiple Sites/stores to a Business for simple control, Business Analytics, Risk Score Analysis, MultiplIple Defence integrations for UKARA and BAC, User dashboard, Request History, Single Use Request Tokens, NFC check-in at booth stand-alone native phone app.

In Build State Features - 

Integration add-on tools for software like Magento and Forum Software like IPB, SSO for external platforms, V1 Playercheck Public API

Security - 

A rock solid 256-bit encryption algorithm with a cypher, all our information is stored at the same level as Netflix or Amazon. We use an in-transit SSL and soon EV-SSL across the network. What we share when a validation is requested externally. Not much actually, your details are stored to enable validation. When you enter these on other sites they are compared with our database and a risk score is sent back. This is the same as how credit cards are used.

FAQ - 

http://playercheck.co.uk/help

I'm happy to answer any questions you may have.

 

[warlord]

Many sites are UKARA registered in order to feed the UKARA database. Will this not become burdensome if sites are having to sign up for both for updating UKARA and PlayerCheck? Then there's the question of retailers and which do they start using?

I asked a question previously about BAC which kind of got dismissed as not really a valid defence as no retailer was using. I even asked one of the sites that are supposedly BAC registered and got told that even they don't use it because they've had no interaction for many years. I'm just questioning how effective this will actually be as the system requires a lot of input to work. As weak as UKARA appears it seems to be the only game in town so to speak. A lot of interaction with sites and retailers is going to be required to gain support. Then again aren't they all making a financial contribution to UKARA? So are they really going to be interested in anything else?

 

[Sacarathe]

Many sites are UKARA registered in order to feed the UKARA database. Will this not become burdensome if sites are having to sign up for both for updating UKARA and PlayerCheck? Then there's the question of retailers and which do they start using?

Actually, it's most likely to force UKARA to compete, and if UKARA really is £500 annually - aka a for profit enterprise (in of itself), this new database, if it is credible, reliable, and 'healthy' barring all else UKARA will have to adapt or be gone.

Currently UKARA has a tiny footprint on what gamesites have to do (stamp forms) and that £500 does kinda justify the leg work UKARA has to put in due to their mechanism being so archaic. If the new system is a simple case (speculating here) of submitting an electronic list of all 18+ attendees to game sites on every game day that is far less work than the current set up, making it free only compounds the positivity.

However to supersede UKARA they would need to prove they would be reliable and able to function without formal income for at least 24 months.

I asked a question previously about BAC which kind of got dismissed as not really a valid defence as no retailer was using. I even asked one of the sites that are supposedly BAC registered and got told that even they don't use it because they've had no interaction for many years. I'm just questioning how effective this will actually be as the system requires a lot of input to work. As weak as UKARA appears it seems to be the only game in town so to speak. A lot of interaction with sites and retailers is going to be required to gain support. Then again aren't they all making a financial contribution to UKARA? So are they really going to be interested in anything else?

They can just send the game site an electronic form to fill in and submit.

Although not necessary, the game sites rely on the sale of airsoft guns to get repeat custom. If this new system really took off you could see a day in the future where you don't "get your ukara licence", you just automatically become eligible to buy a RIF the moment you qualify.

I don't think they're even looking as complex as I'm suggesting at this stage, just want to get off the ground, but a registry of all player attendance at all sites is a logical forward step.

Go a step forward and issue all players a QRcode membership card, that way site organisers just scan with an app on game day and PlayerCheck can do all the age verification in house - need to prove your defence? Just scan your code and present photo ID.

Game sites would not any longer need to hold personal data outside insurance purposes.

All this speculation aside, automatically renewing defences is a big deal.

Obviously warlord, I'm not talkin about the same thing castle is.

 

[Castle]

Many sites are UKARA registered in order to feed the UKARA database. Will this not become burdensome if sites are having to sign up for both for updating UKARA and PlayerCheck? Then there's the question of retailers and which do they start using?

I asked a question previously about BAC which kind of got dismissed as not really a valid defence as no retailer was using. I even asked one of the sites that are supposedly BAC registered and got told that even they don't use it because they've had no interaction for many years. I'm just questioning how effective this will actually be as the system requires a lot of input to work. As weak as UKARA appears it seems to be the only game in town so to speak. A lot of interaction with sites and retailers is going to be required to gain support. Then again aren't they all making a financial contribution to UKARA? So are they really going to be interested in anything else?

The original idea was to compliment UKARA and provide an API-friendly way for people like myself who build tools around airsoft. UKARA provides nothing nor has any interest in going with innovation. My original way to validate users on my website was to ask them to submit sensitive personal information (not safe) then I would contact a store/ukara access company and ask them to validate that information. No news of when it would expire or anything, this would have to be replicated for every website that wanted to validate their users, a lot of half attempted websites asking for some dangerous information. If I was a player I would like to sign up once or be added by a site to a validation system, the take a few moment to update information and be able to make transactions that someday. Realistically some form of risk assessment should be done in the background (system side) depending on how much information the site provides the less is needed to be checked by the system. It's worth noting fraudulent submissions by a site if found would have a negative impact (and I plan on punishing sites who abuse the system) publicly for them.

 

[warlord]

I like the idea. API would be very useful and allow retailers easy access.

Complimenting UKARA may seem a good idea, but I suspect you'd need to sign up as a retailer and pay a fee to be able to provide that service. Until such a time as UKARA would become irrelevant.

As long as you have some kind of code of conduct I'm sure most sites and retailers would realise it's benefit and would probably self regulate in the same way I bet happens with UKARA updates.

 

[Sacarathe]

It's worth noting fraudulent submissions by a site if found would have a negative impact (and I plan on punishing sites who abuse the system) publicly for them.

I considered this significantly, and particularly with regards to expiry and RIF sales but UKARA is no more protected in any case. If you're free how do you punish if more than public recriminations were warranted?

In a synchronised system with all the sites uploaded identical user data (if recording all game attendance) you could simply shadowban their data input from the system for 3months: "due to fraudulent activity from this site's account your gameplay statistics will not renew your defence for games played at said site between [two dates 6months apart]" ?

I love this proactive approach.

Complimenting UKARA may seem a good idea, but I suspect you'd need to sign up as a retailer and pay a fee to be able to provide that service. Until such a time as UKARA would become irrelevant.

Well, theoretically UKARA could be passively strong-armed a la "if you charge us this fee now, you may regret it later".

 

[Castle]

I considered this significantly, and particularly with regards to expiry and RIF sales but UKARA is no more protected in any case. If you're free how do you punish if more than public recriminations were warranted?

In a synchronised system with all the sites uploaded identical user data (if recording all game attendance) you could simply shadowban their data input from the system for 3months: "due to fraudulent activity from this site's account your gameplay statistics will not renew your defence for games played at said site between [two dates 6months apart]" ?

I love this proactive approach.

An infraction system and notification to users would be a way to do it. We plan on partnering with every Business to create a "Just Eat" approach by providing the means to expand and protect their business, abuse will mean removal and some form of displayed infraction would have a negative view of the community.

I like the idea. API would be very useful and allow retailers easy access.

Complimenting UKARA may seem a good idea, but I suspect you'd need to sign up as a retailer and pay a fee to be able to provide that service. Until such a time as UKARA would become irrelevant.

As long as you have some kind of code of conduct I'm sure most sites and retailers would realise it's benefit and would probably self regulate in the same way I bet happens with UKARA updates.

We have a WordPress plugin and want to hit the top 5 e-commerce software's like Magento to allow little to zero coding required. Just make it work in your system. E.g. You could have a "Checkout with PlayerCheck" this would be an SSO that would pre-populate the checkout fields allowing you to just pay and forget. 

We never wanted to replace UKARA just work with them, they refused so this approach was the next step, I even said in my original email we would be happy to build this fro free if they promise to support Used Sales.

 

[Castle]

Hopefully, this sort of website would also deal with small traders and retailers starting out so they can ACTUALLY check validation. I know so many that don't check.

 

[sokar666]

There's a small flaw in your design model. By the letter of the law i do not need to be on your database, ukara, bac or any other such database.  The very nature of being an airsofter allows me to buy RIF'S.  Because of this why would anyone bother changing, most people i speak to be it players, stores or site owners want less restrictions not more, that's what you should be concentrating on in my opinion.  In regards to used sales, exactly the same way it is now, unless you have absolutely everyone who owns a RIF, no disrespect but good luck with that you have no way of tracking sales or people selling RIF'S.

This is not an attack on your idea just a bit of realism.  For example I'm an active airsofter and also on the ukara database.  If you check forum i currently have an M4 up for sale.  Now i will check for a defense in one way or another because I'm honest but if i didn't and sold it to Joe non defense public and i was on your database, there is no way you would know this and so negate any such new database exactly as it is now.

Again I applaud what your attempting but personally i think you will struggle.  Another example and no way of stopping it or tracking it.  My wife makes costumes for stage/tv and film and can freely buy RIF'S all she wants, in fact bought my Scorpion Evo for me for my birthday.  She is not on any know airsoft database as she has no reason to.

 

[Sacarathe]

By the letter of the law i do not need to be on your database, ukara, bac or any other such database. 

This is not an attack on your idea just a bit of realism.

But if the law functions as it should and was strictly abided to by all parties expediency demands cheapness. If a retailer trusts a database provider, that retailer will insist that people use the database, it all depends on how important to the retailer to check defences, as for second hand sales,which is castle's alleged original motivator all it takes is one test case in which someone committed a 'serious' crime using an airsoft RIF purchased 2nd hand without eligibility from a seller which could not have received proof in the form of a statutory defence and enough people asking "how this happened, but for the guns" and we could all have problems.

A basic example, is the use of RIFs by a party of terrorists to gain entry to a place to set a bomb - of course we know terrorists would try to get real munitions, but bomb making is far far easier than acquisition of automatic weapons as far as discretion is concerned, and RIFs are easy to obtain. Plus, why give your cell real guns if another cell could make better use of them.

In my own gun listing, I get a lot more interest when I remove any mention of "defences" from the listing.

Now, this is not an attack on your realism, for the most part, your contrarian approach is well put, except for this:

The very nature of being an airsofter allows me to buy RIF'S.

There is no proof of this, the VCRA defences are untried.

And my Citizenship entitles me to medical care, yet they still make me get on their database, even when I carry proof of my citizenship.

This is so much more relevant than before the PCA2017 - as now most airsoft guns fall into the "readily convertible" categories.

 

[warlord]

How easy is it to buy the rif you want without UKARA vs. how easy is it to buy any old rif? I could probably buy any old rif second hand without a major issue. I believe I have a defence, I've played a few games. But also been refused a second hand sale because of no UKARA, go figure.

So having a database isn't going to help stop those who want to buy any old rif, or a terrorist from obtaining one. What it does do is help those honest people within the sport sell their equipment with a clear conscience knowing that they've exhaustively checked that the person they are selling to is a player, and therefore protect themselves from even the hint of prosecution.

The thing I'd like to see this bring onto the table is not require you to be a member of a single site. So you can play any 3 sites over the the 56 days and still be able to obtain a valid defence that retailers would accept. A bit like the promise that BAC make, but no retailer seems to support.

 

[Robert James]

I'd certainly use a good system if I was ever selling my RIF's or if it has enough public interest I would use it for buying RIF's second hand. Although getting general public to sign up would be a harder sale - sites/retailers could be an easier go to, and I agree with Sacarathe a way to just have your information uploaded via a card straight (from your site) onto your database would take a lot of the "Cant be bothered to sign up" out of it. 

I quite like the idea of presenting a card, and ID that you can simply boop and there is all the information required for purchasing or selling said RIF

 

[Castle]

Less friction is better, from a players point of view I'd prefer to have zero to little maintenance required something I could forget about. Maybe update my address or a few basic details again most of these can be pulled from SSO systems like "Sign up with Facebook" (depending on your level of information provided to Facebook). Remember I'm not in the business of giving personal information away nor do I want to be in that position so it's more of an "as little as required" sort of thing. It's all used to generate a risk score out of 100 (100 being don't sell) the more details you provide the lower the score, the more successful transactions with positive feedback the lower the score, the more you play the lower the score. A request is made like this. 

Player to Player Manuel

Player A Logs into to their account, Generates a Validation Key, Provides One Use Key to Player B, Player B Enters it on their account, Player B and A Gets Shared Information Packet.

This Packet Contains Basic Information to Complete the Sale.

Real Name, Generalised Location e.g. Ramsgate CT11, Most Recent Play Date, Most Recent Play Site, Overall Rating in Stars 1-5.

Business to Player Manuel

Business Logs Into to their account, Goes to their store/retailer portal, Pastes Bulk Email list into Textarea box, it returns with all the approved emails and all the rejected emails. (They can drill in deeper to each account). They can download the report in JSON, XML, or CSV.

Every action is logged and reported to the account. You will see on your account if a retailer checked you (like you do with credit checks). Only once a valid key is given for player to player checks is it logged.

 

[Castle]

I'd certainly use a good system if I was ever selling my RIF's or if it has enough public interest I would use it for buying RIF's second hand. Although getting general public to sign up would be a harder sale - sites/retailers could be an easier go to, and I agree with Sacarathe a way to just have your information uploaded via a card straight (from your site) onto your database would take a lot of the "Cant be bothered to sign up" out of it. 

I quite like the idea of presenting a card, and ID that you can simply boop and there is all the information required for purchasing or selling said RIF

The hard part of a physical card is cost, both in making cards and the POS (point of sale) machine to scan them. Without a way to validate the card via machine or terminal it would pointless as they would be easy to clone or fake.

 

[Sacarathe]

The hard part of a physical card is cost, both in making cards and the POS (point of sale) machine to scan them. Without a way to validate the card via machine or terminal it would pointless as they would be easy to clone or fake.

Surely the card could just have a QR code, a photo (verified by the player providing to playercheck a photo of themselves holding relevant govt ID) and an ID number.

They scan the code, if the picture does not match the one in the database, the face of the person holding it, and the ID they present at the time it's scanned any fraud would be very obvious.

Like you said, minimum human contact, it would only 1 take person maybe 4 hours a week or less to verify batches of submitted "here is a passport style photo for my IDcard plus a photo of me holding my passport/drivers licence".

As for point of sale, any smartphone can scan the QR code with an app, which generates a one use string (by encrypting the players ID number, the current date and time with a unique code for that retailer) which will when entered onto the playercheck site bring up their data.Because the string only gives that retailer access to that player, the program would not need to be able to communicate with an external source. You could also include a patch version in the string, so if the retailer does not update the app every three months they get an error "please update your app".

I accept it's less simple at gamesites but for registering players attendance if automated at some future time, having a photo on the card itself will help with that, and presenting a "playercheck card" will not be a requirement to play airsoft at any site in any situation.

So if the photo on the card did not match the player, the site can just report that player ID - if someone gets 3 such reports, their account is flagged. No further action taken.

As for financing the cards, I would suggest having the retailers pay for it the first time they sell a RIF to someone using playercheck. If the cards are laser printed in batches at once per month, it would very cheap, you could probably charge not more than £2 (collected every 6m).

Now, it goes without saying that things which cost money should never be a requirement, and such cards just make buying at store and registering player attendance easy, I admit eventually I could see such cards being the only way sites report attendance, but still, what you said about being able to generate one use codes for access to information is perfectly suitable.

Plus there is no point giving cards out to players before they become eligible to purchase a RIF.

The main incentive in cards of this manner is to 'renew your defence through gameplay and always be able to buy in person', on that note, no reason players wouldn't want to pay £5 for indefinite automatic renewal.

 

[Castle]

I think if down the road it became a need sure, the initial costs for physical Items like cards would require sites to have internet or phones with QR enabled Software from the app. I would be easier to provide a single use printable QR code or even a code for the day that the site can give players to use. Obviously, that would need to be planned better.

 

[Sacarathe]

I think if down the road it became a need sure, the initial costs for physical Items like cards would require sites to have internet or phones with QR enabled Software from the app. I would be easier to provide a single use printable QR code or even a code for the day that the site can give players to use. Obviously, that would need to be planned better.

Well yeah, obviously streamlining is something you do once a system is established and stable. Try to do to much at once, and peeps get nervous, vs coming to retailers with "you know how this takes 5minutes per person would you like it if we get it down to 1 minute plus automated renewals?" 

 

[springs]

regarding the "ID" cards, an app that you can call up your details with a bar code or QR code on that the retailers / sites can scan you in with would be better. these days most if not all players would have some form of smart phone capable of doing this in some way or another. 

although the biggest issue with sites would be the potential lack of internet to actively check players. in some way they would need to be able to scan and hold the details until such time as they have a good internet connection and then make it automatically upload once possible.

 

[Castle]

regarding the "ID" cards, an app that you can call up your details with a bar code or QR code on that the retailers / sites can scan you in with would be better. these days most if not all players would have some form of smart phone capable of doing this in some way or another. 

This would be the approach we would take.

although the biggest issue with sites would be the potential lack of internet to actively check players. in some way they would need to be able to scan and hold the details until such time as they have a good internet connection and then make it automatically upload once possible.

We can easily achieve that with an app, Facebook for instance, allows you to write a post offline and then automatically it's posted when you gain internet.

 

[sokar666]

But if the law functions as it should and was strictly abided to by all parties

Airsofters do abide by the restrictions, criminals don't and don't care what system you put in place.

The very nature of being an airsofter allows me to buy RIF'S.

There is no proof of this, the VCRA defences are untried.

And my Citizenship entitles me to medical care, yet they still make me get on their database, even when I carry proof of my citizenship.

Really your going with that, VCRA defenses are untried.  What do you think airsofters have been doing for the last 10 years along with retailers.  I couldn't buy a RIF until i could prove a legal defense against prosecution.  I showed photographs of me playing, i gave my sites telephone number, they checked and i bought my RIF.  Again being an airsofter is the only defense you need, i know many people how are not on UKARA database and freely buy RIF's all day long.

I accept it's less simple at gamesites but for registering players attendance if automated at some future time, having a photo on the card itself will help with that, and presenting a "playercheck card" will not be a requirement to play airsoft at any site in any situation.

There currently is no requirement to attend an airsoft skirmish.  I play my 3 games, buy my RIF and never return, no law broken.  There is no law of ownership or attendance apart from initial 3 games in no less than 2 months.  Also why would a card/membership of any kind help.  I'm at a skirmish site paying for my game day, there's my defense, nothing else is required and to be honest i can't see anyone signing up to that.  What your asking for is player registration across the board, never gonna happen.

I'll finish off as i seem to be in the minority for some reason.  I still can't understand why you want things to become more complicated, more rules, more registration.  Remember RIF ownership is not illegal, anyone can own a RIF.

Airsoft survived long before the VCRA and will survive long after we are all gone.  The very nature of what your asking for i honestly can't see you getting off the ground, for one simple reason.

NO ONE IS REQUIRED BY LAW TO BE ON THIS OR ANY OTHER DATABASE, IN THIS REGARD ATTENDING SKIRMISHES IS ALL THAT IS REQUIRED.

People accept UKARA because it's free, easy and makes purchasing RIF's in person and online new or used easy, but again it is not required. As explained i can just go into a shop a buy a RIF showing photographs, site membership, Facebook and even giving site owner telephone number and within the law that is proving my defense against prosecution, a little more complicated but the end result is the same, this can also be used for 2nd hand sales in person.  If that fails, i ask my wife to do it as she works in TV/Movies, so again are you going to get the entire populace that work in that industry to sign up even when it's not required now. If that fails I'll just ask my site owner to buy it and I'll buy it off him as i play airsoft at his site so again defense is covered.

I applaud your efforts but just can't see it happening.