Scaleo Blog
Casino Affiliate Software RFP + Scoring Matrix
iGaming

Casino Affiliate Software RFP + Scoring Matrix (2026): Requirements, Vendor Evaluation Model, and Red-Flag Checklist

By 18 Mins Read
Contents show

Imagine your casino processed €47M in NGR last year. Affiliates drove 68% of that revenue through a patchwork of tracking systems, manual spreadsheets, and a legacy platform that hasn’t been updated since 2019.

Your board approved €180K annual budget for proper affiliate software. Your procurement team sent RFPs to eight vendors. Every proposal claims “industry-leading tracking,” “real-time reporting,” and “seamless integration.”

None of them tells you whether their Click ID persistence survives Safari’s ITP restrictions, how they handle cross-brand player deduplication in multi-license environments, or if their NGR calculation engine supports negative carryover rules required by your MGA license.

Three months later, you’re still evaluating demos that show polished dashboards but can’t answer technical questions about postback retry logic or whether their fraud detection flags incentivized traffic patterns.

This is procurement theater, not vendor evaluation.

cyber security in igaming partner business

We, the team behind Scaleo, have participated in 200+ casino affiliate software RFPs across operators in 40 jurisdictions. The pattern is consistent: operators spend 80% of evaluation time on UI aesthetics and pricing, 15% on feature checklists, and 5% on the technical architecture that determines whether the system actually works at scale.

Then they discover six months post-implementation that their chosen platform can’t handle multi-currency RevShare calculations, their tracking breaks on mobile in-app browsers, or their affiliates can’t reconcile their payouts because the reporting schema doesn’t match their platform’s NGR definitions.

This guide provides the procurement framework casino operators need to evaluate affiliate software based on what actually matters: technical architecture, regulatory compliance, integration capabilities, and operational sustainability—not sales presentations.

The Fundamental RFP Categories (Weighted by Criticality)

Most RFPs treat all requirements equally. This is wrong. A vendor scoring 95% on “nice-to-have dashboard customization” but 40% on “postback event handling” will destroy your affiliate program despite the high aggregate score.

Priority weighting we use:

CategoryWeightWhy This Matters
Technical Architecture & Integration35%If tracking breaks or doesn’t integrate with your stack, nothing else matters
Commission Calculation & Reconciliation25%Wrong payouts = affiliate disputes and churn
Regulatory Compliance & Data Governance20%License violations = fines and program shutdown
Operational Scalability10%System must handle growth from 50 to 500+ affiliates
Reporting & Analytics10%Decision intelligence, not just data display

Notice what’s not weighted heavily: UI polish, white-label customization, marketing integrations, gamification features.

These matter for user experience but don’t determine system viability.

Category 1: Technical Architecture & Integration (35% Weight)

This is where 90% of implementations fail or succeed. Your evaluation must go deeper than “yes, we integrate with your platform.”

Tracking Infrastructure (Critical)

Requirement 1.1: Server-Side Tracking (S2S) Support

Question for vendor: “Does your platform support server-side postback tracking where our gaming platform fires conversion events directly to your API, independent of client-side cookies or JavaScript?”

Why this matters: Safari’s ITP caps client-side cookies at 7 days. Firefox’s ETP blocks third-party tracking. iOS in-app browsers restrict localStorage. If the vendor relies on client-side tracking, 40-50% of your mobile conversions won’t be attributed correctly.

Scoring criteria:

  • 10 points: Native S2S postback support with documented API schemas
  • ⚠️ 5 points: Hybrid approach (client-side with S2S fallback)
  • 0 points: Client-side only (pixel/cookie-based tracking)

Red flag: Vendor says “our tracking works on all browsers” without specifying S2S capabilities. This means client-side only.

Requirement 1.2: Click ID Persistence and Format

Question for vendor: “What Click ID format do you use, how long do you retain click records, and how do you handle Click ID collisions in high-volume environments?”

Why this matters: Your system will process millions of clicks annually. Click ID must be cryptographically unique (not sequential integers that leak volume), persist long enough for attribution windows (90+ days minimum), and retrieve instantly for postback matching.

Scoring criteria:

  • 10 points: UUID/GUID format, 365+ day retention, sub-50ms lookup performance
  • ⚠️ 5 points: Non-sequential IDs, 90-day retention, <200ms lookup
  • 0 points: Sequential IDs, <30-day retention, or can’t specify performance

Red flag: Vendor can’t answer Click ID format or retention policy without “checking with engineering.”

Requirement 1.3: Gaming Platform Integration Depth

Question for vendor: “Do you have pre-built integrations with [your specific platform: SoftSwiss/EveryMatrix/SoftGamings], and what events can you receive via postback?”

Why this matters: “We integrate with all platforms” is meaningless. You need documented postback schemas for registration, KYC approval, first deposit, recurring deposits, daily/monthly NGR, chargebacks, and fraud flags.

Scoring criteria:

  • 15 points: Pre-built integration with your platform, supports all event types, documented postback examples
  • ⚠️ 8 points: Generic postback API, you build the integration yourself
  • 0 points: No gaming platform integration, “we can build custom integration” (this takes 3-6 months)

Verification step: Request actual postback payload examples showing how their system receives and processes FTD and NGR events from your specific platform.

Requirement 1.4: Multi-Brand Architecture

Question for vendor: “How do you handle multiple casino brands under one operator account, including brand-specific commission structures, separate tracking domains, and cross-brand player deduplication?”

Why this matters: If you operate 3+ brands or plan to, you need native multi-brand support. Workarounds (separate accounts per brand) create data silos and reconciliation nightmares.

Scoring criteria:

  • 10 points: Native multi-brand support, unified affiliate portal, cross-brand analytics
  • ⚠️ 5 points: Separate instances per brand with manual consolidation
  • 0 points: Single-brand only, multi-brand requires enterprise custom dev

Payment Service Provider Integration (Important)

Requirement 1.5: Multi-Currency Support

Question for vendor: “How do you handle affiliate programs operating in EUR, GBP, USD, BRL, and CAD simultaneously, including currency conversion for commission calculations and multi-currency payouts?”

Why this matters: Player deposits in BRL, your accounting is in EUR, affiliate wants payout in USD. The system must convert accurately, use documented exchange rates, and reconcile without manual intervention.

Scoring criteria:

  • 10 points: Native multi-currency, configurable exchange rate sources, currency-specific reporting
  • ⚠️ 5 points: Single base currency with manual conversion
  • 0 points: Single currency only

Requirement 1.6: Payout Integration

Question for vendor: “What payout methods do you support (wire transfer, PayPal, crypto, etc.), and can we automate payout processing via API or does it require manual execution?”

Why this matters: Processing 200+ affiliate payouts monthly via manual wire transfers costs 15-20 hours of finance team time. API-driven payouts to services like Tipalti or PayPal Mass Pay reduce this to <1 hour.

Scoring criteria:

  • 5 points: API integration with payout processors, automated execution
  • ⚠️ 3 points: CSV export for batch processing
  • 0 points: Manual payment entry only

Category 2: Commission Calculation & Reconciliation (25% Weight)

This is where affiliate disputes are born or prevented.

NGR Calculation Engine (Critical)

Requirement 2.1: NGR Deduction Configuration

Question for vendor: “Can we configure exactly which costs are deducted from GGR to calculate NGR for commission purposes, including bonuses, bonus winnings, payment fees, chargebacks, and jurisdiction-specific taxes?

Why this matters: Your MGA license requires specific NGR definitions. UK POCT tax must be deducted before commission. Brazilian operators deduct differently than German operators. The system must enforce YOUR NGR rules, not generic defaults.

Scoring criteria:

  • 15 points: Fully configurable deduction rules per brand/jurisdiction, transparent in affiliate reporting
  • ⚠️ 8 points: Pre-set deduction categories with limited customization
  • 0 points: Fixed NGR calculation, no customization

Verification step: Request a demo showing how you’d configure: “GGR minus bonuses minus bonus winnings minus UK 21% POCT minus chargebacks = commissionable NGR.”

Requirement 2.2: Negative Carryover and Player-Level NGR

Question for vendor: “Do you calculate NGR at the player level or aggregate level, and how do you handle negative carryover when a player loses the operator money in Month 1 due to bonuses?”

Why this matters: Aggregated NGR lets negative players subsidize positive players across an affiliate’s entire portfolio. Player-level NGR ensures fairness. Your finance team needs to configure which approach you use.

Scoring criteria:

  • 10 points: Player-level NGR calculation, configurable negative carryover rules
  • ⚠️ 5 points: Aggregate NGR only
  • 0 points: Can’t specify calculation methodology

Requirement 2.3: Multi-Tier Commission Structures

Question for vendor: “Can we configure commission tiers where Affiliate A gets 30% RevShare at 0-100 FTDs/month, 35% at 101-300 FTDs, and 40% at 301+, with automatic tier promotion based on performance?”

Why this matters: Tier structures incentivize growth. Manual tier management for 200+ affiliates doesn’t scale.

Scoring criteria:

  • 10 points: Unlimited tiers, automatic promotion/demotion, tier preview in affiliate dashboard
  • ⚠️ 5 points: Fixed tiers with manual promotion
  • 0 points: Single commission rate only

Requirement 2.4: Hybrid Commission Models (CPA + RevShare)

Question for vendor: “Can we configure hybrid deals where Affiliate B gets €100 CPA on first deposit plus 25% RevShare on lifetime NGR?”

Why this matters: High-tax jurisdictions require hybrid models for sustainable economics. Pure RevShare doesn’t work in Germany or Netherlands without destroying margins.

Scoring criteria:

  • 10 points: Native hybrid support, configurable per affiliate
  • ⚠️ 5 points: Workarounds (separate CPA and RevShare campaigns)
  • 0 points: CPA or RevShare only, not both

Reconciliation and Dispute Resolution (Important)

Requirement 2.5: Platform Revenue Reconciliation

Question for vendor: “How do you handle reconciliation between your commission calculations and our gaming platform’s NGR reports when discrepancies occur?”

Why this matters: Your platform reports €124K NGR for Affiliate A in January. Your affiliate system calculated commission on €118K. The €6K delta creates a dispute. The system must help you identify root cause (timing differences, event mapping, deduplication logic).

Scoring criteria:

  • 10 points: Built-in reconciliation reports comparing affiliate NGR to platform NGR, discrepancy flagging
  • ⚠️ 5 points: Manual export/compare process
  • 0 points: No reconciliation support

Requirement 2.6: Audit Trail and Commission Recalculation

Question for vendor: “If we discover an error in our NGR calculation from three months ago, can we reprocess historical commission calculations and show affiliates exactly what changed?”

Why this matters: You will make mistakes. Bonus deduction logic will need adjustment. Tax rates will change mid-year. The system must support reprocessing without destroying audit trails.

Scoring criteria:

  • 10 points: Historical recalculation, immutable audit logs, adjustment transparency
  • ⚠️ 5 points: Manual adjustments only
  • 0 points: No historical modification support

Category 3: Regulatory Compliance & Data Governance (20% Weight)

Your gambling license depends on this.

License-Specific Requirements (Critical)

Requirement 3.1: Jurisdictional Data Residency

Question for vendor: “Where is our data stored geographically, and can you guarantee EU data residency for GDPR compliance and UK data residency for UKGC requirements?”

Why this matters: Some licenses (UKGC, MGA) require player data stored in specific jurisdictions. SaaS vendors using AWS/GCP need to specify regions. “Cloud-based” isn’t an answer.

Scoring criteria:

  • 10 points: Configurable data residency, EU/UK/specific regions available
  • ⚠️ 5 points: Fixed region (verify it matches your requirements)
  • 0 points: Can’t specify or guarantees data residency

Requirement 3.2: GDPR Compliance Tools

Question for vendor: “How do you handle GDPR subject access requests, right to be forgotten, and data retention policies for player and affiliate data?”

Why this matters: When a player requests data deletion, your affiliate system must purge their records or anonymize identifiers within 30 days. Manual processes don’t scale and create compliance risk.

Scoring criteria:

  • 10 points: Automated GDPR workflows, data export/deletion, configurable retention
  • ⚠️ 5 points: Manual processes with documentation
  • 0 points: No GDPR tooling

Requirement 3.3: Responsible Gambling Messaging

Question for vendor: “Can we enforce responsible gambling messaging requirements per jurisdiction (UK: mandatory links, Sweden: deposit limit warnings, Germany: self-exclusion notices)?”

Why this matters: UKGC requires responsible gambling links on all marketing materials. Swedish regulations require deposit limit notifications. Your affiliate creatives must comply automatically.

Scoring criteria:

  • 10 points: Configurable compliance messaging per jurisdiction, enforced on creatives
  • ⚠️ 5 points: Manual compliance review process
  • 0 points: No compliance tooling

Fraud Detection and Risk Management (Important)

Requirement 3.4: Traffic Quality Validation

Question for vendor: “What fraud detection mechanisms do you provide to identify bot traffic, incentivized signups, VPN manipulation, and bonus abuse patterns?

Why this matters: You will attract fraudulent affiliates. Systems must auto-flag: sudden click volume spikes (0 to 5,000 overnight), low KYC pass rates (<40%), uniform deposit amounts (everyone deposits exactly €50), GEO mismatches (affiliate targets Germany, 80% of traffic from Romania).

Scoring criteria:

  • 15 points: Automated fraud detection, configurable thresholds, pattern analysis across affiliates
  • ⚠️ 8 points: Manual review tools
  • 0 points: No fraud detection

Requirement 3.5: Conversion Hold Periods and Reversals

Question for vendor: “Can we configure hold periods (30-60 days) where conversions remain ‘pending’ before becoming payable, and how do you handle chargebacks or fraud reversals discovered after commission is paid?”

Why this matters: You pay Affiliate A €500 commission on January 31st. On February 15th, you discover 5 of those players were fraudulent. You need to reverse €150 in commission and deduct it from next payout.

Scoring criteria:

  • 10 points: Configurable hold periods, automated reversal workflows, negative adjustments
  • ⚠️ 5 points: Manual adjustment process
  • 0 points: No hold period or reversal support

Category 4: Operational Scalability (10% Weight)

Your program will grow. The system must grow with it.

Requirement 4.1: Affiliate Volume Limits

Question for vendor: “What are the practical limits of your system in terms of active affiliates, monthly conversions processed, and click volume?”

Why this matters: “Unlimited affiliates” often means “we’ve never tested beyond 500.” You need real production numbers.

Scoring criteria:

  • 10 points: Documented support for 1,000+ affiliates, 10M+ clicks/month, reference customers at this scale
  • ⚠️ 5 points: Supports 500 affiliates, no documented upper limits
  • 0 points: Can’t specify or no customers at scale

Requirement 4.2: API Rate Limits and Performance

Question for vendor: “What are your API rate limits for postback ingestion, and what’s your p95 latency for Click ID lookups during high-traffic periods?”

Why this matters: During a major sports event or promotional campaign, your platform fires 500 postbacks/second. If the affiliate system throttles at 100/second, you’re dropping conversion events.

Scoring criteria:

  • 10 points: 1,000+ requests/second, <100ms p95 latency, documented SLA
  • ⚠️ 5 points: 500 requests/second, <500ms latency
  • 0 points: Can’t specify performance characteristics

Requirement 4.3: Uptime SLA and Redundancy

Question for vendor: “What is your guaranteed uptime SLA, and what redundancy do you have for database and tracking infrastructure?”

Why this matters: If the affiliate system goes down during your biggest traffic day of the year, every click during that outage loses attribution. You need 99.9%+ uptime with automatic failover.

Scoring criteria:

  • 10 points: 99.9%+ SLA, multi-region redundancy, documented disaster recovery
  • ⚠️ 5 points: 99.5% SLA, single-region with backups
  • 0 points: No SLA or can’t specify

Category 5: Reporting & Analytics (10% Weight)

Data without insights is noise.

Requirement 5.1: Custom Report Builder

Question for vendor: “Can we build custom reports filtering by SubID dimensions (sub1-sub5), date ranges, affiliate tiers, and brands without SQL or developer assistance?

Why this matters: Your affiliate manager needs to answer: “Which Twitch streamers (sub1=twitch) drove deposits >€100 (custom filter) in Germany (GEO) last month for Brand A?” Standard reports won’t cover this.

Scoring criteria:

  • 10 points: Drag-and-drop report builder, saves custom reports, scheduled exports
  • ⚠️ 5 points: Pre-built reports with basic filters
  • 0 points: Fixed reports only

Requirement 5.2: Cohort and LTV Analysis

Question for vendor: “Can we track cohort retention and lifetime value by affiliate source, showing Month 0, Month 1, Month 3, Month 6, Month 12 retention curves and cumulative NGR?”

Why this matters: Affiliate A sends high volume but 60% churn within 30 days. Affiliate B sends lower volume but 80% are active at Month 6. You need LTV visibility to make intelligent tier and commission decisions.

Scoring criteria:

  • 10 points: Native cohort analysis, LTV projections, affiliate comparison
  • ⚠️ 5 points: Export data for external analysis
  • 0 points: No cohort tooling

Requirement 5.3: Real-Time Dashboards

Question for vendor: “How quickly do conversions appear in affiliate dashboards after the postback is received?”

Why this matters: Affiliates checking their dashboard at 14:00 should see conversions from 13:45. “Data refreshes overnight” creates distrust.

Scoring criteria:

  • 10 points: Real-time (<1 minute latency)
  • ⚠️ 5 points: Hourly refresh
  • 0 points: Daily batch updates

The Weighted Scoring Matrix (Implementation)

Here’s how to use the framework:

Step 1: Assign scores per requirement

For each vendor, score 0/5/10 (or 0/8/15 for weighted requirements) based on the criteria above.

Step 2: Calculate category scores

Sum all scores within a category, then multiply by category weight.

Step 3: Calculate total vendor score

Sum weighted category scores. Maximum possible: 100 points.

Example Vendor Scorecard:

CategoryRaw ScoreWeightWeighted Score
Technical Architecture85/10035%29.75
Commission Calculation70/10025%17.50
Regulatory Compliance90/10020%18.00
Operational Scalability60/10010%6.00
Reporting & Analytics75/10010%7.50
Total Vendor Score78.75/100

Interpretation:

  • 85-100: Excellent fit, proceed to contract negotiation
  • 70-84: Acceptable with a gap remediation plan
  • 50-69: Significant deficiencies, consider alternatives
  • <50: Not viable for production use

Red Flag Checklist (Automatic Disqualification)

Regardless of score, these red flags should end evaluation immediately:

🚩 Red Flag 1: No S2S Postback Support

If the vendor relies exclusively on client-side tracking (cookies, pixels) in 2026, they haven’t adapted to ITP/ETP restrictions. Your mobile attribution will be 40% inaccurate.

🚩 Red Flag 2: Can’t Specify Click ID Retention Policy

If vendor says “we store clicks indefinitely” without defining retention or can’t answer how long they keep click records, they haven’t thought through data governance or GDPR compliance.

🚩 Red Flag 3: “We Can Build That Custom”

When core requirements (multi-brand, hybrid commissions, fraud detection) aren’t native features and vendor offers “custom development,” you’re buying vaporware. Custom features take 6-12 months and often don’t materialize.

🚩 Red Flag 4: No Production Reference Customers in Your Vertical

If vendor can’t provide 3+ reference customers in iGaming at your scale (revenue, affiliate count, jurisdiction), they’re unproven in casino operations.

🚩 Red Flag 5: Can’t Export Your Data

Ask: “If we leave your platform in 2 years, can we export all click, conversion, and commission data in CSV or JSON format?” If answer is “we’d need to check” or “limited export available,” you’re looking at vendor lock-in.

🚩 Red Flag 6: Pricing Includes “Setup Fees” >€10K

One-time setup fees covering “data migration” or “custom integration” suggest the platform isn’t actually self-service or truly SaaS. You’re buying professional services, not software.

🚩 Red Flag 7: No Documented API

If the vendor doesn’t have public API documentation showing postback schemas, endpoints, authentication methods, and example payloads, they don’t have a real API. “We have an API” without docs means undocumented, unsupported, and probably breaks between versions.

🚩 Red Flag 8: “Source Code Escrow Not Available”

For mission-critical infrastructure, you need source code escrow in case the vendor goes bankrupt. If they refuse, you have no business continuity plan if they disappear.

How Scaleo Scores on This Framework?

We built Scaleo specifically to address the gaps we saw operators encounter in traditional affiliate platforms and gaming platform add-on modules.

Casino Affiliate Software RFP + Scoring Matrix (2026): Requirements, Vendor Evaluation Model, and Red-Flag Checklist -

Technical Architecture (35% weight):

  • ✅ Native S2S postback tracking with documented schemas for 50+ gaming platforms
  • ✅ UUID-based Click IDs, 365-day retention, sub-50ms lookup performance
  • ✅ Pre-built integrations: SoftSwiss, EveryMatrix, SoftGamings, Slotegrator, GrooveGaming
  • ✅ Multi-brand architecture with cross-brand player deduplication and unified reporting
  • ✅ Multi-currency support with configurable exchange rate sources
  • ✅ API-driven payout integration (Tipalti, TransferMate, PayPal Mass Pay)

Commission Calculation (25% weight):

  • ✅ Fully configurable NGR deduction rules per brand/jurisdiction
  • ✅ Player-level NGR calculation with configurable negative carryover
  • ✅ Unlimited commission tiers with automatic promotion/demotion
  • ✅ Native hybrid support (CPA + RevShare) configurable per affiliate
  • ✅ Built-in reconciliation reports comparing affiliate data to platform NGR
  • ✅ Historical recalculation with immutable audit logs

Regulatory Compliance (20% weight):

  • ✅ EU/UK/Brazil data residency options
  • ✅ Automated GDPR workflows (subject access, right to deletion, retention)
  • ✅ Jurisdiction-specific compliance messaging enforcement
  • ✅ Automated fraud detection with configurable thresholds
  • ✅ Configurable hold periods (30-60 days) with reversal workflows

Operational Scalability (10% weight):

  • ✅ Proven at 1,000+ affiliates, 15M+ clicks/month
  • ✅ 1,000+ requests/second postback capacity, <100ms p95 latency
  • ✅ 99.95% uptime SLA, multi-region redundancy

Reporting & Analytics (10% weight):

  • ✅ Custom report builder with SubID filtering, saves, and scheduled exports
  • ✅ Native cohort analysis with LTV projections by affiliate source
  • ✅ Real-time dashboards (<1 minute conversion visibility)

Total Scaleo Score: 94/100

We’re not perfect—no vendor is. But we built the platform operators told us they needed after struggling with legacy systems and platform add-ons that couldn’t handle real-world casino affiliate complexity.

Conclusion: Procurement Is Due Diligence, Not Feature Shopping

Choosing affiliate software based on feature lists and pricing is how you end up reimplementing six months after launch because the system can’t handle your commission structure or doesn’t integrate with your platform.

The operators who successfully deploy affiliate software are the ones who evaluate based on:

  • Technical architecture compatibility with their stack
  • Commission calculation flexibility matching their business model
  • Regulatory compliance for their licenses
  • Proven scalability at their target volume
  • Real-world reference customers in their vertical

Not: “Does it have a nice dashboard?” or “Is it the cheapest option?”

Your affiliate program is likely 60-70% of your player acquisition. The software running it deserves the same procurement rigor as your gaming platform or payment processing infrastructure.

Use the framework. Score objectively. Disqualify on red flags. Reference check ruthlessly.

Then choose the vendor whose system will still work when you scale from €10M to €100M in annual revenue.

Evaluating affiliate software for your casino operation? Scaleo provides the RFP response template, technical architecture documentation, and reference customer contacts that procurement teams need to complete a thorough vendor evaluation. Built for casino operators in regulated markets with complex multi-brand, multi-jurisdiction requirements. Request our RFP response package including technical specifications, compliance certifications, and reference customer contacts.

🎯 Unlock the full potential of your gambling business

Get actionable insights into your players’ funnel. In-depth reports let you discover your players’ journeys, from clicking on an affiliate link to registration and deposit.

BOOK A DEMO
Request Pricing
Avatar of Elizabeth Sramek
Author

Elizabeth Sramek is an independent search strategy advisor and technical iGaming architect based in Prague. She works on server-side (S2S) attribution, affiliate migration integrity, and revenue-grade demand capture for operators in regulated, high-competition markets. At Scaleo, her focus sits at the intersection of attribution accuracy, revenue reconciliation, and AI-driven player discovery—helping operators build search and partner acquisition systems that remain auditable, compliant, and resilient at scale.

Related Posts