The Pennsylvania Gaming Control Board (PGCB) placed 11 individuals on the Involuntary Interactive Exclusion List for iGaming Fraud during last week’s monthly meeting.
Fraud cases have decreased since the implementation of KYC and MFA, according to the Pennsylvania Gaming Control Board
However, PGCB Director of Communications, Doug Harbach, told PlayPennsylvania on Tuesday that fraud cases have decreased in the state. Two advanced tools made this possible.
“Fraudulent activity has actually decreased since the enhanced Know Your Client (KYC) process and Multi-Factor Authentication (MFA) requirement has been implemented,” Harbach told PlayPennsylvania via email.
Pennsylvania online operators have now installed a system to protect players, in addition to detecting fraud and other malicious activity. KYC is a set of regulations that allows companies to verify the identity, suitability, and risks of a current or potential customer.
It also identifies suspicious behavior before any form of illegal activity takes place. It should be noted that the PGCB required operators to implement MFA in December 2022.
Operators are required to check that MFA has been performed on each device every 14 days
Operators must ensure that each device has MFA performed every 14 days. This security measure will help confirm that the player who is accessing the account is the player who owns the account by authenticating the account and device used to access it.
Next, the PGCB requires annual security assessments performed by independent third-party cyber security companies. These assessments are a necessity in order to pinpoint the operator’s weaknesses.
Bookmakers are also required to report the results of the security assessment along with a detailed remediation plan that must address any considerable risks identified as part of the security assessment.
The aforementioned security measures will help monitor illegal activity. This includes cases of individuals creating multiple, separate online accounts using the personal identification of other individuals.
PGCB requires player personal information in Pennsylvania to be encrypted in the operator’s database
Additionally, PGCB regulations require player personal information to be encrypted in the operator’s database. Operators must attest that this regulation is being strictly enforced as part of the annual security assessment.
The PGCB requires all Pennsylvania operators to perform quarterly vulnerability and security tests to check against existing and new IT security risks.
Harbach told PlayPennsylvania that the PGCB and online platforms continue to monitor suspicious activity. Operators are required to shut down dubious accounts until an investigation has been completed.
“This investigation by the PGCB is what can lead to the recommendation for exclusion,” Harbach said. “The PGCB is evaluating new best industry practices and new technologies that will aid us further in fraud prevention. This included new KYC protocols and more secure methods of MFA.”
Fraud prevention is a top priority among Pennsylvania operators that offer sports betting and casino gambling.
