Robert Griffin, CEO of MIRACL, has urged betting leadership to move beyond its out-dated assumption that passwords can be considered as an effective security measure protecting customers.
Presenting a case study at the SBC Summit Barcelona – Digital, Griffin detailed that betting operators are still “gambling with passwords” which have become an obsolete security tool, no longer protecting player data and further hindering vital components related to CX and customer engagement.
Griffin broke it down to various key promises regarding the presence of passwords, firstly underlining that they have a significant impact on revenue. This is due to causing user frustration and adding friction to the customer journey, eventually causing operators to either lose players or miss player bets.
He also explained that due to the fact that 70% of users re-use the same password for many services, hackers have purchased on the dark web previously cracked databases from large breaches on LinkedIn, Facebook, Yahoo and many more.
Sophisticated hackers are therefore using automated server ‘bots’ that are firing 100 authentication requests per second at operators with the result that services can no longer be confident that the user accessing the account is the actual authorised customer. This makes compliance with the regulator next to impossible along with fraud prevention.
It comes as the importance of security has grown, due to the 400% increase in phishing and hacking attacks that has been brought on by COVID-19.
Speaking to Payment Expert, Griffin also recently revealed the ‘complete solution’ can boost engagement, retain high levels of security and eradicate sales drop-offs.
Giving a brief background on MIRACL, he detailed: “What we are all about is providing a really slick means for users to log in as well as transact. We cater to B2C operators, enabling them to have their customers authenticate in the most secure and frictionless way possible.
“Betting is typically an impulse purchase so if you put any form of hurdle in the path of users seeking to deposit or wager, for example, the typical text message two-factor authentication (2FA), it becomes a really bad user experience for a journey that needs to be seamless and efficient.
“Operators themselves know that 2FA typically provides a really poor customer experience, but that there are 2 to 5% of users that demand a 2FA sign-in security because they have had their account taken over in the past and 2FA will prevent that. So, because of the poor user experience, operators are introducing 2FA slowly, not pushing it at all, and making it optional for users to select.
“This is motivating hackers because if they find a username and password they can lock out the legitimate user far more effectively. This gives the hacker more time to extract value. Hackers simply crack the account and activate 2FA, making it really hard for them to be dislodged. It’s a real problem.
“So what MIRACL is doing is providing a means by which all users can log in using 2FA without any required second step that causes the big fall-off in sales conversion. It has hugely beneficial ramifications for fraud prevention and safer gambling – and from our perspective, MIRACL is the only provider out there that can offer a multi-factor authentication that works in one single step on any device. No one else can do that.
“It is about educating operators on the importance of this solution – MIRACL Trust. It has implications across the board from regulatory compliance to fraud prevention. MIRACL Trust authenticates the user’s identity and also allows them to carry out the transaction in the same way they do with a chip and PIN.”
He went onto detail the potential impact the solution can have in boosting safer gambling capabilities: “Governing the policies of who gaming operators entitle, and what they entitle them to do all depends on whether they really know the identity of the people using their service,” he said. “I can’t make it any more fundamental than that. That is why constructing safer gambling policies on top of the username and password authentication is the same as building castles on sand.
“What we are about is ensuring that operators know who their user is. It really is that simple. Depending on the territory, between 25% and 50% of gaming traffic is fraudulent. If services haven’t got multi-factor authentication in place, there are many different techniques that hackers can use but over 90% relate to the misuse of passwords.
“So, very quickly operators get into the position where they have spent their 50p on KYC to find out if the customer is someone they want to transact with. The customer then gets a username and password and in very little time, you don’t actually know who is logging in under those credentials so the KYC becomes valueless.”
SBC Summit Barcelona – Digital is a FREE to attend virtual conference and exhibition running from 8-11 September. To register for your free ticket or find out more please visit – https://sbcevents.com/sbc-summit-barcelona-digital/