As New Jersey gets set to implement new 2FA regulations for mobile gaming, the best options are those that authoritatively authenticate identity while also minimising the friction, according to Thomas Hill, Head of Sports Betting & iGaming at Prove.
Speaking to SBC Americas, he emphasised that the protection of consumers is at the heart of the new implementation in the region.
Hill stated: “The NJ Division of Gaming Enforcement (DGE) is at the forefront of protecting its citizens that participate and enjoy the digital sports betting and igaming ecosystem. Account takeover is a very common fraud vector, not just in this industry, but throughout banking, financial services…really any company with a digital presence that requires consumers to have an account is susceptible.
“Specifically, the NJ DGE references credential stuffing as the most prevalent attack on internet gaming providers, which is where fraudsters use lists of compromised or breached information to attempt to gain access to player accounts. Some operators deploy 2FA methods already and others offer them to their patrons as an opt-in setting, but many do not enable it. Legacy 2FA methods typically inject some form of friction into the individual user experience.”
Underlining just what the measures mean for the sector, Hill outlined that the region ‘requires its sports betting and igaming operators to implement at least two distinct authentication methods’.
He added: “These are deployed post account sign-up in order to protect patrons from account takeover fraud. Once an individual account successfully satisfies this requirement by authenticating via the two methods, that account is exempt for the subsequent 14-day period. In other words, 2FA needs to be satisfied every 14 days (or at each log-in, if the time elapsed between account log-ins is greater than 14 days).”
Hill concluded by predicting that many states could follow the lead of New Jersey, as he stated: “Many states look to NJ as the tip of the spear with respect to US sports betting and iGaming regulation.
“It wouldn’t be surprising for other states to adopt similar legislation, especially those that are just now or in the future coming to market, as those typically have faced the most intra-state opposition on the path to legalisation. Regardless of the regulatory requirements on a per state basis, proxy betting is an issue across all states and operators and the right 2FA methods can effectively minimise its frequency.”
