IMGL Magazine January 2023

CYBER SECURITY

just shareholders who were upset at the breach.

fraud quickly preventing large-scale losses, and also to identify the perpetrators. Utilizing data to detect fraud not only protects customers but should make the experience of trusted players better and more friction free. Credential stuffing attacks of the like suffered by DraftKings show that customers must also play their part in online privacy and security. To prevent fraud, customers must accept some inconvenience and be encouraged to adopt good cyber-security hygiene. Consumer education is part of the solution to online frauds of all kinds and represents best practice in cybersecurity. Best practice also includes: • Following best practice policies and procedures issued by government agencies and industry groups wherever a company has customers; • Developing contacts proactively with law enforcement agencies and third-party cybersecurity providers; • Ensuring that executives, including board members, know and are bought into the fact that cybersecurity is their responsibility; • Regularly reviewing cybersecurity incident response policies and procedures and staff training; • Investing in secure payment systems to process transactions. Hackers — like any other criminals — follow the money. It is inevitable that the massive increase in sports betting in the US will attract cyber criminals looking to steal funds and disrupt platforms. Other industries and other parts of the world have already faced these challenges and solutions do exist. Gaming companies, particularly those that generate the bulk of their revenue online, have no choice but to diligently invest in cybersecurity. Those that fail to do so risk inviting data breaches and with that, the possibility of harsh judgment of regulators, in the court of public opinion and in the investment community.

Customers affected by the situation were very vocal on social media in a PR disaster for the sportsbook. Some claimed to have watched their accounts being drained of funds whilst being unable to contact DraftKings’ support team. Understandably, the focus of the industry has been on onboarding as many new customers as possible as part of the landgrab which has followed legalization. Having ploughed US$ millions into marketing, the industry will need to pivot rapidly towards a service-based approach if it is not to see the trust and confidence of those hard-won customers eroded. Europe’s GDPR may be seen as regulatory overreach but it can also be part of a process of reassuring customers that their data (and their funds) are safe from fraudsters and hackers. Recognizing this fact, the European Gaming and Betting Association (EGBA) issued an industry code 12 which addresses specific features of the online gambling services sector. The code provides operators with clarity on areas where interpretation of GDPR implementation is needed, as well as ensuring that players feel confident that their personal data is used appropriately. Best practice for cybersecurity and data privacy In light of the rising threats from criminals and increasing demands from regulators, online gambling companies should invest in implementing cybersecurity and data privacy best practices and use any breaches as a learning opportunity to prevent future attacks. Fraud ranging from identity theft, credit card fraud, or account takeovers happens in every e-commerce vertical. The online gaming space is unique in holding so much data, including precise geolocation information, and can link users and accounts, digital devices and payment methods together. This should allow the industry to spot

PHIL SAVAGE Head of Publications and European Affairs, IMGL For information contact +44 7778 635836 phil@imgl.org

12 https://www.egba.eu/uploads/2020/06/200610-Code-of-Conduct-on-Data-Protection-in-Online-Gambling.pdf

PAGE 26

IMGL MAGAZINE | JANUARY 2023

Made with FlippingBook flipbook maker