Gambling operators urged to protect online security

There is a heightened risk that usernames and passwords from recent major data breaches in Australia may be used by malicious actors to access online customer accounts. Such attacks – know as credential stuffing attacks – can result in hackers obtaining customer information and changing banking details in order to extract funds held in their accounts.

We have written to major licensees, online bookmakers and interstate wagering service providers urging them to ensure they use the most stringent security measures, such as:

• setting rules around password creation and protection, including requiring more complex passwords
• requiring customers to regularly change their passwords
• clearly advising customers not to use the same passwords for other sites
• requiring or enabling an option for two factor or multifactor authentication
• ongoing monitoring of accounts for suspicious activity.

“We’re here to ensure the gambling industry operates with integrity and is safe and fair for all. We expect venue operators to strengthen their security measures and actively prevent criminal influence and exploitation of their business and customers” said VGCCC CEO Annette Kimmitt AM.

“We will review the relevant technical standards and consider whether licensees should be required to adopt these recommendations, including two factor authentication, and whether to make further recommendations in future.”

Gambling operators must establish and maintain policies, procedures, standards and mechanisms for adequate security over player accounts and the privacy of player information.

Customers can also protect their details by:

• requesting and using multifactor authentication to login to their online accounts where possible
• regularly changing their login details, and not using the same logins across different online gambling platforms.