Does gaming think it is above other industries in payment data protection?
Credit: Alexander Supertramp / Shutterstock

Trust is a hard thing to come by. With the constant threat of data being compromised or stolen, many consumers are understandably very protective over sensitive data, whether this be payment details or personal addresses.

With this data handled by several different companies and authorities, the question many consumers may be asking is: Who can I trust with my data? Speakers at last week’s Payment Expert Summit on a panel titled ‘Cyber Security: The ultimate player protection’ debated this very topic.

To answer this question, another query is posed: Do companies want the responsibility of handling all of a customer’s data? In the view of Mike De Graaff, Co-Founder and Chief Compliance Officer at BetComply, this is a “great idea, but the outcome is horrible” across many markets.

The platforms companies may have to build to be responsible for this data will be subject to very strict conditions and difficult to obtain objectives, De Graaff explained. If developers are rushing to reach this outcome, it could lead to a “rush job” platform.

“I would say I would not trust my data on it, or want it to really be responsible for it, is that it is all developed in an insane rush, there are deadlines attached to this and when there’s updates to models, there are very strict deadlines.

“If you build something that is incredibly complex – because it can be very difficult to build, especially if it has to be real time – that doesn’t really coincide with trust.”

The panellists largely came from the realm of compliance consultancy and solutions development in the gaming industry, from the likes of ID verification specialist IDnow, payments provider Neosurf, cybersecurity firm Miracle and the aforementioned BetComply, a compliance solutions developer.

Data is a valuable commodity in the modern world, not just for companies like those in gaming and payments which seek a better view of their customers. Black market actors are all too keen to get their hands on people’s data.

“Companies really need to take cybersecurity seriously because it’s so easy nowadays.”

Roger Redfearn-Tyrzyk, VP Global Gaming at IDnow, shared his view that personal data, such as from personal documents, could be sold on the dark web for anything from $250 to $10,000. The total value of this black market is likely in the billions, he said – but he noted that gaming, like other industries, has become increasingly aware of this threat.

“There are still plenty of people out there doing the fingers crossed, touch wood strategy,” Redfearn-Tyrzyk continued. “If you look at the industry like 10 years ago, it was touch wood compliance, but today we have to very certain of these things when it comes to cybersecurity. 

“I think you see the amount of breaches, the amount of stolen data – whether that’s your British Airways, Easy Jet – companies really need to take cybersecurity seriously because it’s so easy nowadays. I think a lot of time and effort has been put into that in the last 10 years especially.”

From the discussion, it is clear that the prevailing mood is that responsibility for protecting consumer data, and in doing so protecting the consumers themselves, must be shared between different stakeholders.

Regulators of course come into play here, setting the standards for betting operators, payments firms and compliance specialists. Regulators do not always make things easy for the companies active in the sector, however, the panellists expressed.

Reflecting on his experience of US regulatory expectations, IDnow’s Redfearn-Tyrzyk made the analogy that “it seems like the regulators expect you to run iOS 18 on a Nokia 3310”. In Europe, meanwhile, Germany has proven a challenge for operators on cybersecurity issues.

A big question to ask in the midst of all this, however, is: What do the consumers think? In an ideal world, the customer’s perspective on a matter is what should drive how operators, suppliers and regulators approach issues like cybersecurity and protecting personal data and payments information.

Sue Page, CEO North America at Neosurf, cited some research the payments firm undertook in the US recently. Talking directly to gaming customers, Neosurf found that customers were “obviously concerned about identity theft” but that 70% were also favourable to the idea of having a single login across multiple operators.

“It might not happen, but it’s just an interesting perspective from the player, because yes, they’re concerned about their security, but actually what they want is a great user experience,” Page said.

Gaming companies have a myriad of factors to consider when dealing with payments protection – arguably, as the panel itself posed, the ultimate form of player protection, going beyond safer gambling to the very essence of securing a customer’s most sensitive information.

“The gambling regulators are a lot stricter than other regulators, especially when it comes to AML.”

Earlier on in the panel, an interesting question was raised: With so much to consider and so much responsibility, does gaming believe it is somehow special when compared to other industries when it comes to risk like this?

From her perspective in payments, Neosurf’s Page was able to confidently say no, as payments firms, even those involved in gambling, do not operate under its regulations. 

Redfearn-Tyrzyk, meanwhile, noted the extensive regulations gaming firms are subject to, ranging from the established markets of North America and Europe to emerging ones like Brazil, which has set up strict parameters around gaming payments.

“Gambling operators have better technology than many other businesses, and the scrutiny in the media that the gambling vertical gets is again another (factor), but no one speaks about what everyone is doing from the technology perspective,” he said.

“In the new markets like Brazil, there are so many restrictions you won’t find in any other industry, you need biometric authentication every seven days. The gambling regulators are a lot stricter than other regulators, especially when it comes to AML.”

Ultimately, it may seem like an obvious point to leave on, but responsibility for cybersecurity needs to be shouldered by various different actors. In today’s digitised landscape, the threat from cyber criminals is at an all-time high and customer data is a valuable black market commodity.

Online gambling is now a massive, multifaceted industry with countless millions if not billions of customers – each one with valuable payment data and numerous stakeholders involved. As Page put it: “So much is put on the operator but thes supply chain is getting longer, and we all need to share responsibility.”