Pennsylvania to mandate two-factor authentication for online casinos, sportbooks

Pennsylvania to mandate two-factor authentication for online casinos, sportbooks

Back in June, the Pennsylvania Gaming Control Board (PGCB) issued a notice alerting all of the state’s online gaming operators about a change. The date for its introduction is now approaching: as of December 31, 2022, every online casino and sports betting app in the state must implement multi-factor authentication.

The multi-factor authentication needs to be engaged every 14 days, regardless of activity. Additionally, independent third parties will need to verify the security of these measures annually, and the reports from these security checks need to be submitted to PGCB. Finally, operators are required to encrypt the players’ personal data to ensure it is protected by the utmost security. These security measures must be tested quarterly.

While this regulation is new, two-factor authentication has already been offered by most online casinos and sportsbooks. Some players feel more comfortable with an added layer of protection.

The PGCB got ahead of a lot of other states by setting up this ruling. Its Communications Director, Doug Harbach, gave more context to PA’s decision. Harbach told PlayPennsylvania: The security and protection of the Pennsylvania gaming public is and always has been the foremost priority of the PGCB.”

In-kind, the PGCB was proactive in this area issuing a directive in June of this year to all Interactive Gaming Operators to employ a multi-factor authentication (MFA) method for each device that a patron utilizes to access their Interactive Gaming Account,” he further explained.

Operators like FanDuel and Unibet are already proactively reaching out to players to let them know this change is coming at the end of the month. Some operators, like BetPARX, have already implemented the new multi-factor technology.

While the timing may seem reactionary to a recent wave of fraud issues, PGCB actually issued this directive in the summer to give operators sufficient time to implement the measure.

Harbach also emphasized that, while this action from the operators will help detect and crack down on fraud, customers should still take steps to practice good cybersecurity hygiene. For instance, they are encouraged not to use the same passwords across multiple online accounts.

Pennsylvania joins New Jersey and Ontario as the third North American jurisdiction to mandate two-factor authentication for regulated operators. Players located in the state should keep an eye out for emails and notifications from the platforms they utilize. Operators have just over two weeks to finalize their multi-factor authentication within PA.