CYBER SECURITY
Fraud is just one threat While fraud and, to a lesser extent, money laundering are concerns, the theft of sensitive customer information may be more damaging long term to operators and customers. Online gambling companies routinely collect and are often required to hold extensive data on customers including their age/date of birth, Social Security number, physical and email addresses and other information used to verify their identity. Accounts contain financial and banking information, passwords and security questions and customer location, habits and preferences may also be tracked. This collection of data is not limited to online sports betting and casino sites. Esports, video gaming and similar online apps also face similar questions regarding data security. In Europe a comprehensive legal framework covering data and privacy has been adopted through the General Data Protection Regulation (GDPR) which became effective in 2018. This stems from the view that privacy and the protection of personal data are fundamental rights. By contrast, the American view is that the relationship between a consumer and a commercial entity is contractual and the terms of service of gambling, gaming and other consumer sites tend to give control over personally identifiable information to the commercial entity. While data protection and data privacy are recognized as critical dimensions of cybersecurity law, regulation, and policy, these issues have yet to be addressed in a single, comprehensive federal data protection law. That is not to say that privacy and data protection are unregulated. In their 2021 paper for the American Bar Association Kathryn Rand and Steven Light listed eight federal laws that address data security in specific areas: 10 • Children’s Online Privacy Protection Act (COPPA)
Nevada’s stance has been seen by some as relatively relaxed. Its regulations give casinos a year to develop adequate cybersecurity solutions and procedures, and companies will also have relative freedom in implementing their new cyber security features. Following input from the Nevada Resorts Association and the Association of Gaming Equipment Manufacturers, the NGC gave operators a lot of leeway with the new regulations, making them intentionally vague and open to interpretation. Since the rules mostly lack strict requirements, they provide casinos with opportunities to cooperate with authorities like the FBI and other agencies before submitting a detailed report to the NGC. While other states could adopt similar policies, it remains to be seen whether hackers will still be able to exploit enforcement gaps. That said, the industry is waking up to the need to reassure consumers and take pre-emptive measures to reduce the chances of being targeted irrespective of regulatory pressure to do so. Gaming as well as gambling Cybercrime is common across consumer verticals so it is no surprise that the gaming sector has also been targeted. Attacks increased by 167 percent in the last year, according to a new report by cybersecurity firm Akamai. 9 The research found that the United States is the main target of attackers, followed by Switzerland, India, Japan, the United Kingdom and other nations throughout Europe and Asia. The report also claimed that gaming is the industry hit by the most distributed denial-of-service (DDoS) attacks globally, accounting for 35 percent of all DDoS traffic worldwide. Akamai found that the gaming industry shows no signs of slowing down from the boost provided by COVID-19 lockdowns and social distancing. In parallel with that growth cyber- criminals have continued perpetrating attacks on gamers and game platforms, with web application attacks having more than doubled over the past year. This has been particularly apparent in cloud gaming where continued expansion has been matched by hostile activity. The rise of micro-transactions also represent a huge draw for criminals who can capitalize on the spending power of gamers and the fungible nature of virtual assets, according to the report.
• Computer Fraud and Abuse Act (CFAA) • Consumer Financial Protection Act (CFPA)
• Electronic Communications Privacy Act (ECPA) • Family Educational Rights and Privacy Act (FERPA) • Federal Trade Commission Act (FTC Act) • Health Insurance Portability and Accountability Act (HIPAA) • Fair Credit Reporting Act (FCRA) Whilst these acts would appear not to have an immediate
9 https://www.akamai.com/resources/state-of-the-internet/soti-security-gaming-respawned 10 https://www.americanbar.org/groups/business_law/publications/blt/2021/02/sports-betting/
PAGE 24
IMGL MAGAZINE | JANUARY 2023
Made with FlippingBook flipbook maker