MIRACL’s Robert Griffin: Don’t gamble with passwords

Marrying a seamless customer experience with secure account access and data privacy has been a consistent challenge for many gaming operators, explained Robert Griffin, CEO of MIRACL which replaces passwords with friction-free multi-factor authentication. However, with the advent of COVID-19, the need is even greater as there has been a 400% increase in phishing and hacking attacks.

Speaking to Payment Expert, Griffin revealed how the firm is accelerating the evolution of sign-in methods in order to boost engagement, retain high levels of security and eradicate sales drop-offs. 

Giving a brief background on MIRACL, he detailed: “What we are all about is providing a really slick means for users to log in as well as transact. We cater to B2C operators, enabling them to have their customers authenticate in the most secure and frictionless way possible. 

“Betting is typically an impulse purchase so if you put any form of hurdle in the path of users seeking to deposit or wager, for example, the typical text message two-factor authentication, it becomes a really bad user experience for a journey that needs to be seamless and efficient. We are seeing drop-offs of around 30% in sales conversion for people using SMS-based two-factor authentication and now in North America, the operators are required to have a 2FA presence. 

“Operators themselves know that 2FA typically provides a really poor customer experience, but that there are 2 to 5% of users that demand a 2FA sign-in security because they have had their account taken over in the past and 2FA will prevent that. So, because of the poor user experience operators are introducing 2FA slowly, not pushing it at all, and making it optional for users to select. 

“This is motivating hackers because if they find a username and password they can lock out the legitimate user far more effectively. This gives the hacker more time to extract value. Hackers simply crack the account and activate 2FA, making it really hard for them to be dislodged. It’s a real problem. 

“So what MIRACL is doing is providing a means by which all users can log in using 2FA without any required second step that causes the big fall-off in sales conversion. It has hugely beneficial ramifications for fraud prevention and safer gambling – and from our perspective MIRACL  is  the only provider out there that can offer a multi-factor authentication that works in one single step on any device. No one else can do that.

“It is about educating operators on the importance of this solution – MIRACL Trust. It has implications across the board from regulatory compliance to fraud prevention. MIRACL Trust authenticates the user’s identity and also allows them to carry out the transaction in the same way they do with a chip and PIN.”

Further emphasising the potential impact the solution can have in boosting safer gambling capabilities, he added: “Governing the policies of who gaming operators entitle, and what they entitle them to do all depends on whether they really know the identity of the people using their service. I can’t make it any more fundamental than that. That is why constructing safer gambling policies on top of username and password authentication is the same as building castles on sand. 

“What we are about is ensuring that operators know who their user is. It really is that simple. Depending on the territory, between 25% and 50% of gaming traffic is fraudulent.  Much of it is password spraying, which is basically arming dedicated bots with databases of billions of cracked usernames and passwords and firing them at services at 100 polls per second. 

“So, very quickly operators get into the position where they have spent their 50p on KYC to find out if the customer is someone they want to transact with. The customer then gets a username and password and in very little time, you don’t actually know who is logging in under those credentials so the KYC becomes valueless.” 

Griffin also highlighted that the solution isn’t only beneficial to the gambling industry. As a tool it can be potentially pivotal for banking, insurance and the whole plethora of high-risk operators – industries which he stated can’t justify having just a username and password login. 

He emphasised that the evolution of hackers and the exponentially growing threat of fraud means that passwords and username logins are on the cusp of becoming completely outdated as a form of authentication. To find out more visit miracl.com

Miracl is exhibiting at this week’s SBC Summit Barcelona – Digital, which is the largest ever virtual conference and exhibition for the sports betting & gaming industry.

The event platform has four main zones – Sports Betting, Casino & Gaming, Payments & Compliance, and Affiliate & Marketing – each of which features tailored conference content with input from senior industry executives, an interactive expo, a programme of skills workshops and selection of themed networking roundtables.

To join the 10,000 delegates at the event, click here to register for a free pass