New online gambling rules might increase the likelihood of data breaches

The UK introduced new rules intended to make online gambling safer earlier this month, but there are concerns that they have created additional information security risks.

Under the new requirements, which came into effect on 7 May, anyone who registers for an online gambling site needs to provide proof of their age, name and address. However, this could be an extra incentive for cyber criminals to target gambling organisations, as the additional personal details alongside financial data is a potent combination for conducting fraud.

Why are gambling operators asking for this information?

Previously, it had been possible to create an account with a gambling operator without having to verify your identity and date of birth. You would only need to provide this information if you were trying to withdraw money from your account.

The new rules require gambling operators to confirm this information before users deposit funds or access free-to-play games. According to the Gambling Commission, operators can generally find the necessary information by matching the details that users give to them with existing databases.

However, it adds that “there may be occasions when this information is not enough to be sure who you are. For example, if information has been spelt wrongly or people with similar names live at the same address.

“In these situations you may be asked to provide copies of documents that prove who you are. This could include passports, driving licences and household bills.”

These checks are primarily intended to ensure the user is old enough to gamble, but they can also help operators see whether the user has self-excluded from the gambling company’s site and that they aren’t using criminal proceeds.

They are also part of a wider move to better regulate the gambling industry. The UK recently cut the maximum bet on fixed-odds betting terminals from £100 to £2 and is now turning its attention to gambling on credit. In a report published last year, the Gambling Commission said it would consider “whether gambling on credit should continue to be permitted” as it “increases the risk that consumers will gamble more than they can afford”.

Culture Secretary Jeremy Wright has called on banks and bookmakers to meet to discuss gambling industry regulations. “Protecting people from the risks of gambling-related harm is vital and all businesses with connections to gambling – be that bookmakers, social media platforms or banks – must be socially responsible,” he said.

“The government will not hesitate to act if businesses don’t continue to make progress in this area and do all they can to ensure vulnerable people are protected.”

Is your personal data at risk?

Any time a system requires organisations to access more personal data, the risks associated with that information increase. The risk of data breaches also increases whenever financial records are involved, because they are more valuable to cyber criminals.

Whereas most personal data is worth only what someone is willing to pay for it on the dark web, financial information can be used to access funds directly. In many instances, all crooks need to do is transfer and then launder the money. This tactic has become increasingly popular in recent years as the value of personal data decreases on the dark web due to the surplus in supply.

Depending on the additional information that online gambling companies use to verify an account, crooks could potentially have a route into users’ bank accounts. At the very least, they’ll probably have enough information to launch a sophisticated phishing attack.

As such, it’s essential that gambling operators introduce appropriate technical and organisational measures to protect the information they obtain to verify a user’s identity.

Want to know whether your organisation is doing enough?

You can learn everything you need to stay secure by reading our free green paper: Gambling Commission Annual Security Audits – Increase your odds.

This paper is essential reading for any gambling operator that wants to ensure their organisation complies with the Gambling Commission’s remote gambling and software technical standards. It covers the security requirements you need to meet and offers guidance on the steps you should take to pass your audit.

Find out more >>

No Responses