The Pennsylvania Gaming Control Board (PGCB) issued a notice this June, alerting all of the state’s online gaming operators about a change. As of Dec. 31, 2022, every PA online casino and sports betting app must implement multi-factor authentication.
This is an adjustment that slightly affects bettors in the Keystone State. By the end of the month, online casino and sportsbook users need to provide extra information in order to log on to their favorite betting platform.
While some players might find this unnecessary, multiple, or two-factor authentication is there to simply help protect their account. With lots of examples of online fraud occurring within the legal gaming industry of late, some operators and states are cracking down on security.
PA joins the state of New Jersey, which also put this rule into place over this past summer. They are the only two states in the US so far requiring multi-factor authentication for online betting apps.
Pennsylvania gaming adopts multi-factor authentication
As PA bettors go to log in to an online casino or PA online sportsbook to place a wager in the new year, they’ll need to take an extra step.
Multi-factor authentication typically involves inputting a six-digit code sent to your phone. Whichever online betting platform you utilize sends a unique code to your device whenever you attempt to log on. After entering it along with your regular identification, you then gain access to the app.
While this regulation is new, two-factor authentication has already been offered by most online casinos and sportsbooks. Some players feel more comfortable with an added layer of protection. This is especially true when talking about securing your money.
The PGCB got ahead of a lot of other states by setting up this ruling. Its Communications Director, Doug Harbach, gave more context to PA’s decision. Harbach told PlayPennsylvania:
“The security and protection of Pennsylvania gaming public is and always has been the foremost priority of the PGCB. In kind, the PGCB was proactive in this area issuing a directive in June of this year to all Interactive Gaming Operators to employ a multi-factor authentication (MFA) method for each device that a patron utilizes to access their Interactive Gaming Account.”
Multi-factor authentication in PA
The PGCB also provides an outline of obligations based around multi-factor authentication. They include:
- Each unique device is required to have MFA performed every 14 days. This additional security measure ensures the player who is accessing the account is the player who owns the account by authenticating the account and device used to access the account.
- The PGCB requires annual security assessments performed by independent third party cyber security companies which identifies any potential vulnerabilities and weaknesses the operator’s platform may have. Operators are required to report the results of the security assessment along with a detailed remediation plan that must address any considerable risks identified as part of the security assessment.
- PGCB regulations require player personal information to be encrypted in the operator’s database and operators must attest that this regulation is being strictly enforced as part of the annual security assessment. The PGCB requires all PA operators to perform quarterly vulnerability and penetration tests that check against existing and new IT security risks.
Some PA sportsbooks already enforce multi-factor authentication
With the end of December in sight, some of the state’s operators already began moving over to the new system. One of the state’s top options in FanDuel Casino PA recently switched to two-factor authentication.
The operator’s website now discusses the matter in more detail and talks about the advantages of this process. In theory, no one can hack or log into your betting account without having access to your phone.
FanDuel lists two different ways for users to complete this added step. Along with the SMS text message sent to phones, the operator can also deliver this code through an authenticator app. FanDuel claims bettors can use any mobile authenticator app from Google or Microsoft. Its website includes instructions for the linking process.
This should come as positive news for most who use PA iGaming apps regularly. The announcement that DraftKings Sportsbook customers lost almost $300,000 in funds from accounts should trigger a lot more activity in security for online providers.
Players located in the state should keep an eye out for emails and notifications from the platforms they utilize. Operators have just over two weeks to finalize their multi-factor authentication within PA.
Even though this should certainly assist in reducing fraud cases and hacking, the PGCB noted that bettors can apply other prevention techniques, as Harbach outlined:
“On the players’ side, the PGCB encourages gamers to use best practices to protect their accounts and personal information. For example, a user should not use the same password for multiple account log-ins across different operators and businesses.”
Again, every gaming app in PA will require this step starting on Dec. 31.