WHITE PAPER
Online gaming and online gambling.
Faites vos jeux … rien ne va plus
Faites vos jeux … rien ne va plus
Casinos increasingly have found their way to the Internet. Internet
gambling has taken off because of its easy access from the home
PC. E-gambling fits the changing leisure patterns of households.
Households increasingly seek entertainment, stimulated by the
ever increasing home entertainment offering and the insecure
economical climate, in the warmth of the family house rather than
outside. Furthermore, the threshold for gambling is significantly
lower compared to real casinos because of access, affordability,
anonymity and convenience.
» According to the British Gambling
Prevalence Survey 2007, 6% of the
population of 32 million UK gamblers
placed their bets online, with
e-gambling and bookmaker bets being
the most popular forms.
» According to zdnet.be about 40.000
Belgians weekly gamble online,
amongst them an increasing number
of gamblers under age.
Online poker games are extremely popular. Pokerscout has over
500 poker websites listed, Party Gaming one of the bigger online
gambling sites counts over 2.4 million users. In the UK, according to
the British Gambling Prevalence Survey 2007, 6% of the population
of 32 million UK gamblers placed their bets online, with e-gambling
and bookmaker bets being the most popular forms. According to
zdnet.be about 40.000 Belgians weekly gamble online, amongst
them an increasing number of gamblers under age.
The online gambling industry is booming, however challenged in
many ways. Although most online gaming websites operate with a
local domain name, they are mostly operated from abroad for instance
from Antigua or the Isle of Man. Online gambling is international
business but it is often confronted with a variety of local legislation.
To give an example: The European Council of Ministers declared
online gambling to be illegal. This statement was followed with talks
expressing the need for a European law. Finally it was decided that
the matter needed to be dealt with by the individual member states.
The existing gambling legislation in many countries is old and not
adapted to the internet era. Recently many countries have stepped
up: in the US the first bill related to internet skill games was introduced
in the Senate in September 2008, in France new legislation will take
its effect by 2010, in Belgium the new legislative framework was
passed a couple of weeks ago.
Since the trend of online gambling is unstoppable, the renewed legal
frameworks focus on control and protection. They include guidelines
for licensed e-gambling sites to operate locally, prevention against
gambling under age and measures for online payment.
The world’s leading software company specializing in Internet Security
www.vasco.com
FACING THE CHALLENGES WITH TWO-FACTOR AUTHENTICATION
The gambling industry seems to be recession proof and is estimated to attain
433 billion dollars by 2012 (Global Betting and Gaming Consultants). According
to a study by Motivaction in the Netherlands, the Dutch have an average online
gambling budget of 82 euro per person, amounting to estimated annual revenue
at 475 million euro. With all this money going around for leisure, the attention of
hackers has been caught.
» The Dutch have an average online
gambling budget of 82 euro per
person, amounting to estimated annual
revenue at 475 million euro.
Everyday thousands of poker players deposit thousands of dollars into their online
poker accounts. They trust the poker rooms they play with to protect not only their
account balances but also their identities. For online poker rooms, the security
of their players has become a growing concern. If security is not taken seriously,
players can become the victim of cheaters. By cheaters, we do not mean people
who call a bluff but real hackers who make use of Trojan’s or other abusive
software to hack accounts, steal money and identities.
With more stringent regulation on the one hand and threats from hackers on the
other end, the e-gambling industry is increasingly taking measures to protect
themselves and their users.
Gambling online is very straightforward: the gambler comes up with a user name
and password, he downloads the poker software from the poker websites, he
creates his avatar and then he is all set for the gambling adventure. User names
and avatars rarely reflect the true identity of the gambler. How can the gambling
site ensure itself that these online gamblers are 18 years and over and thus
comply with legal requirements?
Poker sites also increasingly worry about their customer protection. How do can
they best protect their gambler’s assets? How can they ensure that precious
gambling money is transferred into the righteous accounts? How easily can
accounts be plundered? And what can they do to avoid doom scenarios?
The online gambling industry is increasingly looking at two-factor authentication
to resolve identity and fraud issues. Two-factor authentication identifies the users,
keeping under age players out. It also enhances the security of online accounts
and money transfers through digital signature.
IDENTIFYING AND PROTECTING THE USER, HOW DOES IT WORK?
Users will have to identify themselves when registering for online poker. During
the registration process they will have to put forward credentials demonstrating
that they are in age for gambling. Following their legitimate registration, they will
receive a hardware authenticator or they will download authentication software
onto their PC or mobile phone.
The world’s leading software company specializing in Internet Security
www.vasco.com
As of now they will type in their user name and use their authenticator to generate a
One-Time password (OTP) to log-on to their account. In doing so, the poker site not
only ensures itself that the gambler says who he is; he also protects the user from
password theft. The OTP is only valid for 36 seconds and it can only be used once.
Thus it becomes impossible to hand over passwords to unauthorized users, such as
under age players. Furthermore, thanks to its limited validity keyloggers will not be able
to re-use the password when intercepting it online.
DIGITAL SIGNATURES SAFEGUARDING MONEY TRANSFER
For the secure transfer of money, e-gambling sites can learn from the e-banking world.
Banks have for several years already been combating online transaction fraud. Most
recent phenomenon is man-in-the-middle attacks. With man-in-the-middle attacks a
hacker is nestling himself in the communication between the bank and the banking
customer. When money is transferred from the customer’s account to another account,
the hacker hijacks the transfer, alters the amount and the beneficiary to his advantage.
Learn how to protect your online
gambling users from
Man-in-the-Middle attacks.
Contact a salesperson at:
www.vasco.com
Similar patterns can be used in online gambling environments. Banks worldwide
increasingly protect their customers through digital signature. An electronic signature
can be considered as transaction authentication. The signature, an advanced form
of OTP, not only validates the user but also the transaction details such as the
amount and beneficiary. The authentication server at the poker site is able to validate
a transaction by simply validating the signature associated with the transaction. If
the transaction does not validate, that means that a man-in-the-middle attack has
changed components of the transaction and the signature is no longer valid. As a result
no money will be transferred.
About VASCO
VASCO designs, develops, markets and supports patented DIGIPASS®, DIGIPASS PLUS®, VACMAN®, IDENTIKEY® and aXsGUARD™® authentication products
for the financial world, remote access, e-business and e-commerce. With tens of millions of products sold, VASCO has established itself as the world leader
in Strong User Authentication for e-Banking and Enterprise Security for blue-chip corporations and governments worldwide.
www.vasco.com
BRUSSELS (Europe)
phone: +32.2.609.97.00
email: [email protected]
BOSTON (North America)
phone: +1.508.366.3400
email: [email protected]
S Y D N E Y ( Pa c i f i c )
phone: +61.2.8061.3700
email: [email protected]
SINGAPORE (Asia)
phone: +65.6323.0906
email: [email protected]
Copyright © 2009 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO®, Vacman®, IDENTIKEY®, aXsGUARD™™,
®
DIGIPASS® and
logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and
other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products,
updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property
rights in the U.S. and other countries. Microsoft and Windows are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of
their respective owners.