In June 2022, the New Jersey state mandated all online gambling and sportsbook platforms to implement strong authentication, also known as two-factor authentication (2FA) or multi-factor authentication (MFA). Additionally, it is mandatory for their customers to activate MFA in their accounts.
Some time after the regulation came into force, the New Jersey’s Division of Gaming Enforcement (DGE) reported that two-factor authentication for online and mobile sports betting is going smoothly and helps to reduce fraud so it considers this innovation effective.
New Jersey is the first state to mandate two-factor authentication for both gambling websites and their users. By pioneering the mandate of MFA, New Jersey has set a precedent for other states to follow. Witnessing its effectiveness, Pennsylvania and Connecticut have followed suit, compelling both gambling operators and users to embrace multi-factor authentication. Ohio is also considering adopting a similar requirement for end users, as proposed by the Ohio Casino Control Commission.
The decision to enforce multi-factor authentication in New Jersey stems from its effectiveness in bolstering security for both users and operators. It helps stop people from cheating and protects both users and online gambling platforms. It’s important to learn how to implement and use 2FA properly to make sure it works well.
Table of contents
- Understanding Multi-Factor Authentication (MFA)
- Why two-factor authentication is mandatory in online gambling
- How to add two-factor authentication into your online gaming platform
- Best practices for implementing 2-factor authentication in iGaming
Understanding Multi-Factor Authentication (MFA)
Multi-factor authentication means that when a user enters their account, they will be asked to enter two or three authentication factors of different kinds. First of all, the user enters their username and password, and after that they confirm that they are who they claim to be by entering a one-time password received via SMS, the chatbot in the messaging app, or generated with the authenticator app. Alternatively, they may use their biometric data like a face ID or a fingerprint scan as the second authentication factor.
To put it roughly, three types of factors may be used for authentication:
- Something you know (username, password, secret question, etc.);
- Something you have (usually, it is your smartphone and the apps on it that you use to get a one-time code or a physical OTP token);
- Something you are (anything of a biometric nature – fingerprints, face ID, etc.)
Usually, it’s enough to combine two factors of different natures to make the login secure. In this case, we may use the term two-factor authentication (2FA) instead of multi-factor authentication (MFA), but both terms remain relevant.
Why two-factor authentication is mandatory in online gambling
Since the popularity of online games began to skyrocket, attackers have focused their efforts on hacking poorly protected online gaming accounts. Credentials stuffing attacks, phishing, brute force, keyloggers, and social engineering are used to get fraudulent access to the gamers’ accounts and then use them for different malevolent activities that vary from payment fraud and identity fraud to money laundering.
Online gambling websites collect a lot of personal information from their players to verify their identity remotely. Unfortunately, this is precisely the kind of information needed for identity theft. There isn’t much difference between establishing your identity through the Internet for gambling purposes and establishing your identity as part of a scam.
Protecting all of this personal information is a prime consideration for iGaming websites because a release of personal information on a large scale could result in catastrophic losses for the business as well as legal issues if the online gambling website operates in a regime where breaches of personal information must be dealt with in a prescribed manner by law.
The best protection against such kinds of hacking attacks is two-factor authentication. Thus, almost any online gambling regulator or casino control commission requires online casinos and iGaming software providers to add two-factor authentication for the best internet security for gaming. It becomes impossible to get an online gambling license without implementing 2-factor authentication for the iGaming software administrators and end-users.
At the same time, adding two-factor authentication to enhance online gambling cyber security is beneficial for the online gambling companies themselves:
- The gamers’ accounts remain protected even if they become victims of phishing or credentials stuffing. Online casino users stop losing their personal data and money, which increases the level of trust in the iGaming platform.
- The number of support requests that need to be solved on an individual basis is falling, which saves the iGaming company time and money.
- The online gambling regulation and licensing authorities make sure that the iGaming platform is not used for any illegal purposes.
How to add two-factor authentication into your online gaming platform
It is strongly recommended to protect all the areas of your iGaming business with two-factor authentication. Start with the online casino administrators’ and finish with the end-users accounts.
Protectimus two-factor authentication solution allows adding 2FA everywhere you need at once:
- employees’ computers and webmail clients;
- the online gambling platform administrators’ accounts;
- the gamers’ accounts.
Use a combination of integration plugins to protect your corporate infrastructure (AD, Windows, macOS, Ubuntu, OWA, ADFS, RADIUS, etc.). And integrate two-factor authentication with your iGaming software via API or a software development kit for Java, PHP, Python.
Find the list of all the integration plugins and instructions on setting up the Protectimus two-factor authentication solution here.
Best practices for implementing 2-factor authentication in iGaming
1. Protect both administrators and gamers, but use different authentication policies
When setting up multi-factor authentication for the online gambling platform, it will be wise to enable different authentication rules for various groups of users. You may set stricter authentication settings for the online casino administrators than for the end-users. Also, you may use different types of OTP tokens for your team and online gamers.
The iGaming platforms administrators’ accounts must be well protected because compromising such an account will lead to a huge data leak and material and reputational losses for the iGaming company. That is why it makes sense to enable additional security features for this group of users. The list of advanced online gaming security features may include:
- geographic filters (allow access to the admins’ accounts only from selected countries);
- IP filtering (allow access to the admins’ accounts only from given IP addresses);
- time filters (allow access to the admins’ accounts only during business hours).
Also, you may oblige your team members to use only those one-time password generation tokens you consider the safest, for example, only hardware TOTP tokens. While for the end-users gaming online, it is better to give a wider choice of two-factor authentication methods.
2. Use cloud-based two-factor authentication for online gambling if possible
Protectimus allows its customers to either use a cloud-based two-factor authentication service or deploy an on-premise two-factor authentication platform on their servers. But we encourage the online gambling companies to otp for a cloud-based 2-factor authentication service as it is much more efficient and cost-effective:
- You save time as you don’t need to deploy several on-premise platform installations on several nodes to create a fault-tolerant system;
- You save money as you don’t need to purchase and maintain additional equipment to deploy the on-premise platform;
- You may change your tariff plan at any time without contacting the support team to issue a new license.
In case the laws of your state prohibit the use of two-factor authentication if its servers are not on the territory of this state, download and install the Protectimus On-Premise Platform. Our tech team is always ready to help you with the on-premise platform setup.
Cloud Service | On-premise Platform |
|
|
3. Give online gamers a choice from several authentication methods
As a rule, users show little enthusiasm when it comes to enabling two-factor authentication. A daunting challenge for the iGaming software providers, who implement 2-factor authentication, is to make it as user-friendly as possible.
In this respect, adding a possibility to choose from the number of authentication methods works well for the gamer.
There are several different one-time password generation and delivery methods. We recommend you make all these options available for the online gamers:
- 2-factor authentication apps (Protectimus Smart OTP, Google AUthenticator, etc.);
- chat-bots in messaging apps Messenger, Telegram, or Viber;
- hardware TOTP tokens (Protectimus Two, Protectimus Flex, Protectimus Slim NFC).
Please, note that SMS authentication is also an option for Protectimus customers. We can’t recommend adding SMS authentication for the online gambling platforms users, as there are doubts about its safety. Nevertheless, having SMS authentication enabled is better than having no two-factor authentication.
4. Encourage gamers to activate two-factor authentication
Come up with a plan on how you will make your end-users activate two-factor authentication for their online gaming security.
Start with an informational campaign. Explain to gamers how important it is to protect their online casinos accounts with two-factor authentication. Or better yet, reward them for enabling 2-factor authentication. For example, the Fortnite gamers get extra rewards for activating 2FA in their accounts.
When most of your users are on board with 2FA you can make it obligatory.
We would be glad to assist you with setting up two-factor authentication for your online gambling platform. Please get in touch with us with any questions you have via [email protected].
Read also
- 5 Steps to Prepare your Business for Multifactor Authentication
- 6 MFA Myths You Still Believe
- Top 5 Two-Factor Authentication Products by Protectimus
- On-Premise 2FA vs Cloud-Based Authentication
- TOTP Algorithm Explained
- The Pros and Cons of Different Two-Factor Authentication Types and Methods
Subscribe To Our Newsletter
Join our mailing list to receive the latest news and updates from our team.
Subscribe To Our Newsletter
Join our mailing list to receive the latest news and updates from Protectimus blog.
You have successfully subscribed!