According to the Massachusetts Gaming Commission, discussions are underway as to the implementation of multi-factor authentication to protect users from data breaches and the security of their data.
Data Security Protection
The Massachusetts Gaming Commission (MGC) is in talks to amend Title 205 of the Code of Massachusetts Regulations, which would add an extra layer of protection for customers of all Massachusetts sportsbooks operating in the Bay State.
The security protocol is currently active in several states and would provide consumers with additional security measures to ward against password theft and security breaches. Data shared with sportsbooks and the method of funding those accounts would have enhanced security should the MGC decide to implement the change.
“If you have your bank account, your debit card tied up to something like an online sports betting account, it’s good to lock it up with MFA (multi-factor authentication),” MGC Chairman Jordan Maynard said.
It is still unclear as to whether the MGC will implement this requirement, as multi-factor authentication is an option that currently exists for users to employ should they choose to do so. However, if it does become mandatory, then the question would arise as to how often it would be required.
New Jersey, Pennsylvania, and Iowa have an MFA requirement in place, but users are only required to authenticate once every two weeks per device. However, Ohio is considering a more stringent protocol of authentication with users tasked to answer a security question or respond to a text upon every login.
Bad Parenting
Underage betting is also a concern, and it is an issue that was addressed by Commissioner Brad Hill last November when he revealed that “outside sources” led him to believe “there is some concern that there are individuals who are underaged using computers and passwords from people who are of-age to bet.”
The law in Massachusetts requires that sports betting customers “use commercially reasonable efforts to prevent a person under 21 years old from placing a wager.” But the sportsbooks can only do so much if an underage person is given permission to use a sportsbook account.
Commissioner Brad Hill asked sportsbook operators about curbing or eliminating underage mobile sports betting, citing the following example.
“So, example: I’m able to bet. My 16-year-old knows my passwords; I allow him to go in and bet — which we’re being told is happening. We didn’t have any proof of it, but just that it was happening — can you kind of enlighten us [of] what protocols are put into place to make sure this doesn’t happen?” Hill asked a representative of Caesars Sportsbook. “And can you stop it? Because, as I said in that meeting that we had with this outside source, you know, if somebody wants to cheat, they’ll cheat.”
Sportsbooks Explain Safeguards
The Caesars representative walked Hill through the procedures used to signal that a different user other than the one associated with the account was using it. Using Geo-comply, the sportsbooks can determine if the location is different than usual or the betting patterns are unusual compared to the account’s historical data.
Jake List, senior director of regulatory operations for DraftKings, offered that the company has a KYC (know your customer) protocol in place and said, “I would reiterate what one of the commissioners stated, that, ultimately, it is difficult to police bad parenting. But that doesn’t mean there aren’t a lot of controls in place for this.”