How Secure Are Online Gambling Sites?
When you buy a lottery ticket and try your luck at winning a jackpot through a game that’s offered by your state, you assume everything will be fair. After all, its a regulated environment and the government is overseeing the draw, right? Maybe not.
In 2016, Eddie Tipton, the former director of security for the Multi State Lottery Association (MUSL) was convicted of fraud after he was proven to have tampered with the random number generators used to determine lottery winners in order to help friends and family become winners. The shocking scandal has led many people to question whether or not any type of regulated gambling is secure, especially online gambling.
The Example of New Jersey
When you’re considering how secure online gaming really is, New Jersey is a state worth looking towards as a model of security. In fact, the Garden State has not had a single instance of online underage gambling, nor of money laundering, or out-of-state players accessing websites since online gambling was legalized more than 30 months ago. By placing strict requirements on features like servers, IT infrastructure and in-app security measures, New Jersey has been able to create an online gambling system in which it’s very difficult for non-qualifying people to gain access and play online. In that regard, it can be said that online gambling can be very secure if the proper requirements are mandated by state regulators and enforced.
But What About Internal Fraud?
State regulations regarding security requirements can go a long way to making online gambling sites secure, but imposing rules about secure servers and geolocation measures won’t necessarily catch internal fraudsters who want to take advantage of insider knowledge and access to the system. That doesn’t mean that it’s not possible to catch them. A CTO security expert named Gus Fritschie recently explained in an interview that internal security audits can go a long way toward preventing insider corruption like the kind that caused the HotLotto scandal.
The problem is that most online gaming websites won’t invest the time and money required to perform these audits unless they are compelled to do so by state or national regulators. That’s why Fritschie says that legislation that legalizes any type of online gaming, whether it’s casino games, poker or daily fantasy sports betting, should mandate regular security reviews and require that those reviews be checked by government regulators. Elaborating futher, Fritschie cited the examples of online poker’s biggest scandals to date involving super-user accounts being set up by staff close to the now defunct sites of UB and Absolute Poker. As he explains, imposing an annual security code audit would have led to a greater possibility of the cheating being detected, and turning his attention to the Hot Lotto fraud scandal, said:
“In the HotLotto case, an insider added code to the RNG software that allowed him to predict winning numbers in certain lotteries. These RNGs had been certified by one of the testing labs, however, they concentrated on review of the randomness and not a security code audit that would have detected the logic bomb that had been implanted.”
So Is Gaming Secure?
The answer as to whether online gaming sites are truly secure in the U.S. is that they are for the most part. While sites have taken steps to prevent unlawful access, though, there will always be people who attempt to exploit vulnerabilities in the system for their personal gain. State regulators need to be aware of the potential risks, and that means doing their homework and enlisting the help of experts like Gus Fritschie to determine where weak points might exist, before then working to eliminate them. Doing so could help prevent a scandal like HotLotto from shaking up the world of online gaming again.
Fritschie also warned that the same level of vigilance is required for other activities outside of iGaming, including eSports. The security solution therefore lies in ensuring that stakeholders do a thorough job of monitoring their security procedures, and as he explains:
“Specifically as it relates to iGaming, I believe that more tangible and specific security controls need to be established that operators are required to comply with and that can be audited by an independent third-party.. [of great importance, however,] is ensuring that operators actually implement these controls and perform continuous monitoring to verify their effectiveness rather than just performing a paperwork exercise.”