New Jersey sportsbooks must beef up their security by the end of June under incoming regulations from the NJ Division of Gaming Enforcement (DGE.)
The regulator issued guidelines (N.J.A.C. 13:69O-1.1) in March, ordering NJ sportsbooks to implement Two-Factor or Multi-Factor Authentication (2FA or MFA.)
What’s the thinking behind new regs?
The regulation is primarily designed to stop hackers seizing control of sportsbook accounts and trying to bet or withdraw the funds.
“The vast majority of the public’s login information is out there for the right price,” said Tom Hill, head of sports betting and iGaming at identity firm Prove.
“Or you can pull it together if you know where to look. This is about keeping existing accounts secured.”
What does it mean for bettors?
Bettors could be faced with several options upon login, including:
- A request for information known only to them, such as a password, pattern, or answers to challenge questions.
- A request for an item possessed by a patron such as an electronic token, physical token or an identification card. This is likely reserved only for the largest transactions.
- A request for biometric data, such as fingerprints, facial or voice recognition.
“The challenge for operators is to find the perfect balance,” Hill said. “How do they provide security without added friction?”
Bettors will then have to authenticate every two weeks under the NJ regulations.
Are NJ sportsbooks prepared?
So are sportsbooks ready for the change? Leading operators like FanDuel and DraftKings already implemented 2FA. Remaining NJ sportsbooks will have followed suit by the end of June, Hill said.
“I think they’re pretty ready,” Hill added. “That said, it is a constant process of iteration in the fraud/risk space, so there will always be evolution.”
No operators have indicated to DGE they will not be able to comply with the required action, LSR understands.
Forward-thinking industry
Indeed, Hill said operators had shown themselves to be “extremely forward-thinking and innovative” in their approach to MFA.
“I’d give them and the ecosystem a lot of credit in solving this,” Hill said. “Other industries have legacy systems and blockades to the right solutions. But the sports betting and gaming space, it’s refreshing to see them moving the ball forward and providing the best experience for the players. It is a juxtaposition to other sectors we work with like banks, healthcare, retail.”
Copycats to come?
No other states have yet implemented similar MFA requirements, but Hill suggested “many states will likely follow suit.”
On that front, a national solution might be more technologically straightforward than a state-by-state approach.
Fix for proxy issues?
MFA could also help reduce incidences of proxy betting, Hill said, though not all systems stop it.
US sports betting has seen two proxy betting scandals this year: Calvin Ridley betting in Florida from out-of-state, and a Florida VIP betting via DraftKings in New Jersey.