Cyber security has to be embedded into the compliance fabric of online gambling operators and decision makers. Security is not something bolted on after a new online application is created, it has to be integrated using security by design.
Recently, the AP released a story that brings up an interesting topic related to internet gambling, security and state gambling laws.
A gambler in Nevada placed an online bet illegally in New Jersey by inspecting and manipulating the browser code of a gambling website to indicate he was located in New Jersey, so he could bet in that state.
In New Jersey, gamblers must be present within the actual state to conduct any type of gambling. Technology companies that regulate these online sites use geolocation technologies to ensure betters are actually where they claim to be.
In this incident, the technology company operating the site had a technical glitch that allowed the patron to tweak the location and it cost the geolocation company a hefty fine from New Jersey regulators. Integrating security during design, then testing the effectiveness of the security and code prior to going live avoids security issues, violations and the resulting fines.
This is a reminder of the financial risk and vulnerabilities in application development and vendor integration/management that requires constant vigilance. Gaming operators (online or not) need to monitor and test the equipment, technology, interfaces and monitor vendors to ensure technology is operating as intended and compliance with gaming regulations is met.
Today’s complex gaming ecosystem, the vendor stacks and joint venture relationships create a unique strain on the IT environment. At RubinBrown, we have a dedicated team of cyber security and IT audit professionals focused on active engagement with the organization and proactive thought leadership in cyber & IT risk management to help make a resilient IT compliance program.
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.